plone.app.ldap

LDAP control panel for Plone

.. image:: https://travis-ci.org/plone/plone.app.ldap.svg?branch=master :target: https://travis-ci.org/plone/plone.app.ldap

.. image:: https://coveralls.io/repos/github/plone/plone.app.ldap/badge.svg?branch=master :target: https://coveralls.io/github/plone/plone.app.ldap?branch=master

Overview

plone.app.ldap provides a user interface in a Plone site to manage LDAP and Active Directory servers.

This package succeeds the simplon.plone.ldap package.

It builds on the functionality provided by LDAPMultiPlugins_, LDAPUserFolder_ and PloneLDAP_.

Active Directory

Active Directory provides an LDAP interface to its data. Using this interface Plone can use both users and groups from an Active Directory system. Writing to Active Directory is not supported.

With Active Directory you can use two different properties as login name: userPrincipalName and sAMAccountName. sAMAccountName is the plain account name without any domain information and is only unique within a single domain. If your environment only uses a single AD domain this option is the best choice. For environments with multiple names the userPrincipalName attribute can be used since this includes both account name and domain information.

Since Plone does not support binary user ids it is not possible to use the objectGUID attribute as user ids. Instead you can use either sAMAccountName or userPrincipalName. The same criteria for choosing a login name also apply to selecting the user id attribute.

Newer versions of Active Directory may also work using the standard LDAP plugin, which supports limited writing to AD, including modifying group memberships. If your group objects have member attributes containing the user's full DN, the standard LDAP plugin should work for you. Note that this will not support nested groups.

Standard LDAP

LDAP directory servers are fully supported. LDAP users and groups are usable as standard Plone users and groups can be me managed normally. Creating and deleting users and groups is supported.

Installing

This package works with Plone 3 and Plone 4. Plone 3 and Plone 4.0 users should install a version in the 1.2.* series (e.g. plone.app.ldap < 1.3, the latest current release is 1.3.2), as release 1.3 will only work with Plone 4.1 or higher.

This package depends on python-ldap. In order to build it correctly you need to have some development libraries included in your system. On a typical Debian-based installation use::

sudo apt-get install python-dev libldap2-dev libsasl2-dev libssl-dev

Once the package is installed, it will be available as an add-on named "LDAP support", and this add-on can be activated in a Plone instance using the Add-ons section of the Plone Control Panel. Be careful, as this package also currently installs LDAPUserFolder as a dependency, which makes the add-on "LDAPUserFolder CMF Tools" available. Do not install this add-on! It will replace the portal_membership tool and make your Plone site unusable.

Install without buildout

First you need to install this package in the python path for your
Zope instance. This can be done by installing it in either your system
path packages (usually with ``pip`` or ``easy_install``) or in the
lib/python directory in your Zope instance.

After installing the package it needs to be registered in your Zope instance.
This can be done by putting a plone.app.ldap-configure.zcml file in the
etc/pakage-includes directory with this content::

  <include package="plone.app.ldap" />

or, alternatively, you can add that line to the configure.zcml in a
package or Product that is already registered.

Installing with buildout

If you are using buildout_ to manage your instance installing plone.app.ldap is even simpler. You can install it by adding it to the eggs line for your zope instance::

[instance] eggs = ... plone.app.ldap

.. _buildout: http://pypi.python.org/pypi/zc.buildout

Installing the development version

To specify the current development version you may use::

  [buildout]
  find-links =
      ...
      http://github.com/plone/plone.app.ldap/tarball/master#egg=plone.app.ldap-dev

  [instance]
  eggs =
      ...
     plone.app.ldap==dev

With ``pip`` that would be this::

  pip install -f http://github.com/plone/plone.app.ldap/tarball/master#egg=plone.app.ldap-dev plone.app.ldap==dev

With ``easy_install``::

  easy_install -f http://github.com/plone/plone.app.ldap/tarball/master#egg=plone.app.ldap-dev plone.app.ldap==dev


Copyright and credits
---------------------

Copyright
    plone.app.ldap is Copyright 2007, 2008 by the Plone Foundation.
    Simplon_ donated the simplon.plone.ldap code to the Plone Foundation.

Credits
     Wichert Akkerman <wichert@simplon.biz>

Funding
     CentrePoint_


.. _simplon: http://www.simplon.biz/
.. _python-ldap: http://python-ldap.sourceforge.net/
.. _LDAPUserFolder: http://www.dataflake.org/software/ldapuserfolder/
.. _LDAPMultiPlugins: http://www.dataflake.org/software/ldapmultiplugins/
.. _PloneLDAP: http://plone.org/products/ploneldap/
.. _CentrePoint: http://centrepoint.org.uk/

Changelog
=========

1.4.4 (2019-09-19)
------------------

Breaking changes:

- *add item here*

New features:

- *add item here*

Bug fixes:

- Added uninstall profile.
  This requires Products.GenericSetup 1.8.2+,
  (available by default in Plone 4.3.8+ and 5.0.3+).
  [maurits]

- Added dependencies so Plone 5 can start.
  Removed the Plone 5 classifiers, because there is a test failure,
  and it can't have worked before.  [maurits]


1.4.3 (2018-04-08)
------------------

Bug fixes:

- Require in the setup.py Products.CMFDefault
  [ale-rt]


1.4.2 (2017-11-26)
------------------

Bug fixes:

- Imports are Python3 compatible
  [ale-rt]


1.4.1 (2017-08-27)
------------------

Bug fixes:

- Add coding header on python files.
  [gforcada]

- Remove deprecated __of__ calls on BrowserViews
  [MrTango]

1.4.0 (2016-08-19)
------------------

New:

- Dropped support for Plone 4.1.
  [hvelarde]

- Added some more fields to portal_setup import/export, including
  extra_user_filter, group mappings, and plugin type (AD/non-AD).
  [adaugherity]

Fixes:

- Fix Travis CI build by pinning ``coverage`` and by ensuring different
  Plone versions are actually tested.
  [davidjb]

- Added ``metadata.xml`` to profile, plus empty upgrade step, so the
  add-ons control panel does not complain that we have no upgrade
  procedure.
  [maurits]

- Fixed plugin activation for AD; correctly add mandatory schema items; activate
  group management plugin for non-AD (to allow modifying group memberships via
  Plone).
  [adaugherity]

- Properly store settings made via control panel so that the control panel,
  ZMI, and portal_setup export all show the same data.
  [adaugherity]

- Miscellaneous minor bugfixes and documentation improvements.
  [adaugherity]

- Use zope.interface decorator.
  [gforcada]

1.3.2 (2015-03-02)
------------------

- Fix GS import : _user_objclasses and _roles should not be imported as unicode strings
  [gotcha]

- Update package dependencies.
  [hvelarde]

- Update installation documentation.
  [hvelarde]


1.3.1 (2013-10-01)
------------------

- Use ``.png`` file, not ``.gif``.  Fixes ``KeyError:
  confirm_icon.gif`` from
  https://github.com/plone/plone.app.ldap/issues/11
  [maurits]


1.3.0 (2012-09-28)
------------------

- Add Plone 4.3 compatibility, and break compatibility with Plone 4.0
  and Plone 3, by not importing from zope.app anymore.
  [maurits]

- Fix the exporter as GS 1.7 and higher now explicitly only
  understands strings.  Still works for older GS too.
  [sneridagh]


1.2.8 (2012-03-02)
------------------

- Added a z3c.autoinclude entry point to mark this as a Plone add-on.
  [WouterVH]


1.2.7 (2011-10-19)
------------------

- Expose the 'Read Only' attribute of LDAP plugins for modification with
  plone.app.ldap (http://dev.plone.org/ticket/12292)
  [kteague]

- Fix bug where changes to the Default User Roles option were being
  discarded (http://dev.plone.org/ticket/12293)
  [kteague]


1.2.6 (2011-07-17)
------------------

- Add Plone 4.1 compatibility when importing IVocabularyFactory.
  [fvandijk]

- Include Products.CMFCore for Plone 4.1 compatibility.
  [WouterVH]


1.2.5 (2011-05-02)
------------------

- Added import-support for activated interfaces, user_default_roles
  and password_encryption [awello]

- Update imports for zope.formlib bump in Plone 4.1
  [eleddy]

- Update GS import to support plugin id, and update parameter
  [eleddy]

- Update GS import to read interfaces config for AD plugins,
  apply cache parameter
  [eleddy]


1.2.4 (2010-12-07)
------------------

- Fix bug where generic setup exports were exporting boolean values
  as type int.
  [kteague]

- Fix bug where generic setup imports weren't choosing names correctly.
  [kteague]


1.2.3 (2010-10-07)
------------------

- Fix: Login Name, User ID  and RDN attributes were not set correctly on creation.
  [elro]


1.2.2 (2010-08-18)
------------------

- LDAPProperty fields can now be marked as a Binary property.
  [kteague]

- Ability to import/export an LDAP configuration using generic setup.
  This feature is the same as the one provided by collective.genericsetup.ldap
  and exports made with that product can be imported into plone.app.ldap.
  During import all existing servers, general settings and schema
  will be overwritten from config file - but no interfaces or cache
  settings are changed.
  [kteague]

- Removed locales directory. You can translate this package
  in the plone.app.locales package now.
  [vincentfretin]

- Cleaned templates to work with cmf.pt
  [pilz]


1.2.1 (2010-04-19)
------------------

- Fallback to Plone 3 compatible imports. Fix display of cache tab in Plone 3.
  [kteague]


1.2 (2010-03-25)
----------------

- Added a tab for display and modifying the cache settings.
  [kteague]

- Send out notification events for all object additions/modifications/removals
  so that configuration always gets propogated to the LDAPUserFolder object.
  [kteague]

- Changed the base class for LDAPConfiguration so that it gets properly
  rooted in the site (otherwise LDAPConfiguration.__parent__ goes into
  an infinite loop, pointing to a fresh PersistenComponents instance who's
  parent is in turn LDAPConfiguration).
  [kteague]

- Updated the HTML to wrap all control panel forms in a form tag so that
  tabs are properly displayed in Plone 4.
  [kteague]

- Fixed i18n domain changes from Vincent. The message factory was defined in
  the wrong ``__init__.py``.
  [hannosch]

- Changed i18n domain from plone to plone.app.ldap.
  Registered locales directory.
  [vincentfretin]


1.1 (2008-08-16)
----------------

- Fix ldap schema config for Active Directory
  [elro]


simplon.plone.ldap - 1.0
------------------------

- Initial package structure.
  [zopeskel]