Sign inDemoInstall

Package Overview
File Explorer

Install Socket

Protect your apps from supply chain attacks


LDAP control panel for Plone 4.2 and higher




LDAP control panel for Plone

.. image::

.. image::

-------- provides a user interface in a Plone site to manage
LDAP and Active Directory servers.

This package succeeds the simplon.plone.ldap package.

It builds on the functionality provided by LDAPMultiPlugins_, LDAPUserFolder_
and PloneLDAP_.

Active Directory

Active Directory provides an LDAP interface to its data. Using this interface
Plone can use both users and groups from an Active Directory system. Writing
to Active Directory is not supported.

With Active Directory you can use two different properties as login name:
``userPrincipalName`` and ``sAMAccountName``. ``sAMAccountName`` is the plain
account name without any domain information and is only unique within a single
domain.  If your environment only uses a single AD domain this option is the
best choice. For environments with multiple names the ``userPrincipalName``
attribute can be used since this includes both account name and domain

Since Plone does not support binary user ids it is not possible to use the
``objectGUID`` attribute as user ids. Instead you can use either
``sAMAccountName`` or ``userPrincipalName``. The same criteria for choosing a
login name also apply to selecting the user id attribute.

Newer versions of Active Directory may also work using the standard LDAP
plugin, which supports limited writing to AD, including modifying group
memberships.  If your group objects have ``member`` attributes containing the
user's full DN, the standard LDAP plugin should work for you.  Note that this
will not support nested groups.

Standard LDAP

LDAP directory servers are fully supported. LDAP users and groups are usable
as standard Plone users and groups can be me managed normally. Creating and
deleting users and groups is supported.


This package works with Plone 3 and Plone 4. Plone 3 and Plone 4.0
users should install a version in the 1.2.* series
(e.g. < 1.3, the latest current release is 1.3.2), as
release 1.3 will only work with Plone 4.1 or higher.

This package depends on ``python-ldap``. In order to build it correctly you
need to have some development libraries included in your system. On a typical
Debian-based installation use::

    sudo apt-get install python-dev libldap2-dev libsasl2-dev libssl-dev

Once the package is installed, it will be available as an add-on named
"LDAP support", and this add-on can be activated in a Plone instance
using the Add-ons section of the Plone Control Panel. Be careful, as this
package also currently installs LDAPUserFolder as a dependency, which makes
the add-on "LDAPUserFolder CMF Tools" available. Do not install this add-on!
It will replace the portal_membership tool and make your Plone site

Install without buildout

First you need to install this package in the python path for your
Zope instance. This can be done by installing it in either your system
path packages (usually with ``pip`` or ``easy_install``) or in the
lib/python directory in your Zope instance.

After installing the package it needs to be registered in your Zope instance.
This can be done by putting a file in the
etc/pakage-includes directory with this content::

  <include package="" />

or, alternatively, you can add that line to the configure.zcml in a
package or Product that is already registered.

Installing with buildout

If you are using `buildout`_ to manage your instance installing
is even simpler. You can install it by adding it to the eggs line for your
zope instance::

  eggs =

.. _buildout:

Installing the development version

To specify the current development version you may use::

  find-links =

  eggs =

With ``pip`` that would be this::

  pip install -f

With ``easy_install``::

  easy_install -f

Copyright and credits

Copyright is Copyright 2007, 2008 by the Plone Foundation.
    Simplon_ donated the simplon.plone.ldap code to the Plone Foundation.

     Wichert Akkerman <>


.. _simplon:
.. _python-ldap:
.. _LDAPUserFolder:
.. _LDAPMultiPlugins:
.. _PloneLDAP:
.. _CentrePoint:


1.4.4 (2019-09-19)

Breaking changes:

- *add item here*

New features:

- *add item here*

Bug fixes:

- Added uninstall profile.
  This requires Products.GenericSetup 1.8.2+,
  (available by default in Plone 4.3.8+ and 5.0.3+).

- Added dependencies so Plone 5 can start.
  Removed the Plone 5 classifiers, because there is a test failure,
  and it can't have worked before.  [maurits]

1.4.3 (2018-04-08)

Bug fixes:

- Require in the Products.CMFDefault

1.4.2 (2017-11-26)

Bug fixes:

- Imports are Python3 compatible

1.4.1 (2017-08-27)

Bug fixes:

- Add coding header on python files.

- Remove deprecated __of__ calls on BrowserViews

1.4.0 (2016-08-19)


- Dropped support for Plone 4.1.

- Added some more fields to portal_setup import/export, including
  extra_user_filter, group mappings, and plugin type (AD/non-AD).


- Fix Travis CI build by pinning ``coverage`` and by ensuring different
  Plone versions are actually tested.

- Added ``metadata.xml`` to profile, plus empty upgrade step, so the
  add-ons control panel does not complain that we have no upgrade

- Fixed plugin activation for AD; correctly add mandatory schema items; activate
  group management plugin for non-AD (to allow modifying group memberships via

- Properly store settings made via control panel so that the control panel,
  ZMI, and portal_setup export all show the same data.

- Miscellaneous minor bugfixes and documentation improvements.

- Use zope.interface decorator.

1.3.2 (2015-03-02)

- Fix GS import : _user_objclasses and _roles should not be imported as unicode strings

- Update package dependencies.

- Update installation documentation.

1.3.1 (2013-10-01)

- Use ``.png`` file, not ``.gif``.  Fixes ``KeyError:
  confirm_icon.gif`` from

1.3.0 (2012-09-28)

- Add Plone 4.3 compatibility, and break compatibility with Plone 4.0
  and Plone 3, by not importing from anymore.

- Fix the exporter as GS 1.7 and higher now explicitly only
  understands strings.  Still works for older GS too.

1.2.8 (2012-03-02)

- Added a z3c.autoinclude entry point to mark this as a Plone add-on.

1.2.7 (2011-10-19)

- Expose the 'Read Only' attribute of LDAP plugins for modification with (

- Fix bug where changes to the Default User Roles option were being
  discarded (

1.2.6 (2011-07-17)

- Add Plone 4.1 compatibility when importing IVocabularyFactory.

- Include Products.CMFCore for Plone 4.1 compatibility.

1.2.5 (2011-05-02)

- Added import-support for activated interfaces, user_default_roles
  and password_encryption [awello]

- Update imports for zope.formlib bump in Plone 4.1

- Update GS import to support plugin id, and update parameter

- Update GS import to read interfaces config for AD plugins,
  apply cache parameter

1.2.4 (2010-12-07)

- Fix bug where generic setup exports were exporting boolean values
  as type int.

- Fix bug where generic setup imports weren't choosing names correctly.

1.2.3 (2010-10-07)

- Fix: Login Name, User ID  and RDN attributes were not set correctly on creation.

1.2.2 (2010-08-18)

- LDAPProperty fields can now be marked as a Binary property.

- Ability to import/export an LDAP configuration using generic setup.
  This feature is the same as the one provided by collective.genericsetup.ldap
  and exports made with that product can be imported into
  During import all existing servers, general settings and schema
  will be overwritten from config file - but no interfaces or cache
  settings are changed.

- Removed locales directory. You can translate this package
  in the package now.

- Cleaned templates to work with

1.2.1 (2010-04-19)

- Fallback to Plone 3 compatible imports. Fix display of cache tab in Plone 3.

1.2 (2010-03-25)

- Added a tab for display and modifying the cache settings.

- Send out notification events for all object additions/modifications/removals
  so that configuration always gets propogated to the LDAPUserFolder object.

- Changed the base class for LDAPConfiguration so that it gets properly
  rooted in the site (otherwise LDAPConfiguration.__parent__ goes into
  an infinite loop, pointing to a fresh PersistenComponents instance who's
  parent is in turn LDAPConfiguration).

- Updated the HTML to wrap all control panel forms in a form tag so that
  tabs are properly displayed in Plone 4.

- Fixed i18n domain changes from Vincent. The message factory was defined in
  the wrong ````.

- Changed i18n domain from plone to
  Registered locales directory.

1.1 (2008-08-16)

- Fix ldap schema config for Active Directory

simplon.plone.ldap - 1.0

- Initial package structure.



Did you know?

Socket installs a GitHub app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc