SlideShare a Scribd company logo

LDAP and Active Directory Authentication in Plone

Clayton Parker
Clayton Parker

In this presentation, we will discuss the benefits of having Plone authenticate against a directory server. We will explore which tools are available to make this authentication option successful as well as how to configure them. Finally, disadvantages and possible problems with such a setup will be discussed.

Technology
1 of 28
Download to read offline
Clayton Parker, Senior Developer LDAP and Active Directory Authentication in Plone PLONE CONFERENCE 2010 Wednesday, October 27, 2010
PLONE CONFERENCE 2010Who Am I? • claytron • Python dev since 2003 • Plone Core Committer • Foundation Member Wednesday, October 27, 2010
PLONE CONFERENCE 2010What Will We Learn? • What is LDAP • Why we use it • Integration with Plone Wednesday, October 27, 2010
PLONE CONFERENCE 2010What is LDAP? • Lightweight Directory Access Protocol • Telephone Book • X.500 Wednesday, October 27, 2010
PLONE CONFERENCE 2010Why LDAP? • Existing tool • Consistency Wednesday, October 27, 2010
PLONE CONFERENCE 2010Plone + LDAP • Excellent integration • Plone layer Wednesday, October 27, 2010
PLONE CONFERENCE 2010Installing LDAP • OpenLDAP • Dev headers • python-ldap Wednesday, October 27, 2010
PLONE CONFERENCE 2010Plone Pieces [instance] recipe = plone.recipe.zope2instance eggs = ... plone.app.ldap zcml = ... plone.app.ldap [plonesite] recipe = collective.recipe.plonesite profiles = plone.app.ldap:ldap Wednesday, October 27, 2010
PLONE CONFERENCE 2010 That’s It! Wednesday, October 27, 2010
PLONE CONFERENCE 2010What is Installed? • plone.app.ldap • PloneLDAP • LDAPMultiPlugins • LDAPUserFolder • python-ldap Wednesday, October 27, 2010
PLONE CONFERENCE 2010PAS Adapters • Authentication (authenticateCredentials) • Group_Enumeration (enumerateGroups) • Group_Introspection (getGroupById) • Groups (getGroupsForPrincipal) • Properties (getPropertiesForUser) • User_Enumeration (enumerateUsers) Wednesday, October 27, 2010
PLONE CONFERENCE 2010Example LDIF dn: dc=bluthcompany,dc=com dc: bluthcompany description: The best company in the whole world objectClass: dcObject objectClass: organization o: Bluth Company dn: ou=people, dc=bluthcompany,dc=com ou: people description: All the people in the organization objectClass: organizationalUnit dn: ou=groups,dc=bluthcompany,dc=com ou: group description: Groups of people objectClass: organizationalUnit Wednesday, October 27, 2010
PLONE CONFERENCE 2010Users dn: uid=ksanchez,ou=people,dc=bluthcompany,dc=com objectclass: inetOrgPerson objectclass: person cn: Kitty Sanchez givenName: Kitty sn: Sanchez uid: ksanchez mail: ksanchez@example.com userPassword: ksanchez dn: uid=bbluth,ou=people,dc=bluthcompany,dc=com objectclass: inetOrgPerson objectclass: person cn: Byron Bluth givenName: Byron sn: Bluth uid: bbluth mail: bbluth@example.com userPassword: bbluth Wednesday, October 27, 2010
PLONE CONFERENCE 2010Groups dn: cn=bluthcompany,ou=groups,dc=bluthcompany,dc=com objectclass: groupOfUniqueNames objectclass: top cn: bluthcompany uniqueMember: uid=mbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=gbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=lbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=ksanchez,ou=people,dc=bluthcompany,dc=com dn: cn=family,ou=groups,dc=bluthcompany,dc=com objectclass: groupOfUniqueNames objectclass: top cn: family uniqueMember: uid=bbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=tfunke,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=lfunke,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=sholt,ou=people,dc=bluthcompany,dc=com dn: uid=lbluth,ou=people,dc=bluthcompany,dc=com Wednesday, October 27, 2010
PLONE CONFERENCE 2010Schema include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema Wednesday, October 27, 2010
PLONE CONFERENCE 2010Add Info $ ldapadd -H ldap://localhost -D cn=Manager,dc=bluthcompany,dc=com -w secret -f bluth.ldif Wednesday, October 27, 2010
PLONE CONFERENCE 2010Plone Setup Wednesday, October 27, 2010
PLONE CONFERENCE 2010Users Wednesday, October 27, 2010
PLONE CONFERENCE 2010Groups Wednesday, October 27, 2010
PLONE CONFERENCE 2010Map Groups to Roles Wednesday, October 27, 2010
PLONE CONFERENCE 2010Map LDAP Attributes into Plone Wednesday, October 27, 2010
PLONE CONFERENCE 2010Active Directory • Alternate port that speaks LDAP on 3268 • sAMAccountName • groupid_attr property to "name" • Group recursion “may not work” Wednesday, October 27, 2010
PLONE CONFERENCE 2010Running Without LDAP • Local instance • Protected LDAP Wednesday, October 27, 2010
PLONE CONFERENCE 2010Plonesite part [plonesite] recipe = collective.recipe.plonesite pre-extras = ${buildout:directory}/bin/disable_ldap.py Wednesday, October 27, 2010
PLONE CONFERENCE 2010 # id of the ldap plugin the PloneSite/acl_users ldap_plugin_id = "ldap-plugin" # turn off the ldap plugin for local testing interfaces = [ "IAuthenticationPlugin", "ICredentialsResetPlugin", "IGroupEnumerationPlugin", "IGroupsPlugin", "IPropertiesPlugin", "IRoleEnumerationPlugin", "IRolesPlugin", "IUserEnumerationPlugin" ] # this code is mostly taken from # Products.PluggableAuthService.plugins.BasePlugin.manage_activateInterfaces ldap_plugin = portal.acl_users[ldap_plugin_id] pas_instance = ldap_plugin._getPAS() plugins = pas_instance._getOb('plugins') active_interfaces = [] for iface_name in interfaces: active_interfaces.append(plugins._getInterfaceFromName(iface_name )) for iface in active_interfaces: try: plugins.deactivatePlugin(iface, ldap_plugin_id) except KeyError: print "%s plugin already disabled for %s" % (iface, ldap_plugin_id) Wednesday, October 27, 2010
PLONE CONFERENCE 2010Debugging Issues • Set log-level to ‘debug’ • User search in ZMI Wednesday, October 27, 2010
PLONE CONFERENCE 2010Links • plone.app.ldap http://pypi.python.org/pypi/plone.app.ldap • Apache Directory Studio http://directory.apache.org/studio/ • disable_ldap.py http://gist.github.com/648864 Wednesday, October 27, 2010
Check out sixfeetup.com/demos Wednesday, October 27, 2010

Recommended

GeeCON Prague 2014 - Metaprogramming with Groovy
GeeCON Prague 2014 - Metaprogramming with GroovyGeeCON Prague 2014 - Metaprogramming with Groovy
GeeCON Prague 2014 - Metaprogramming with GroovyIván López Martín
 
What's in a language? By Cheng Lou
What's in a language? By Cheng Lou What's in a language? By Cheng Lou
What's in a language? By Cheng Lou React London 2017
 
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailPlone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailMatt Hamilton
 
LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersPerforce
 
Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open SourceMatt Hamilton
 
How OpenStack Makes Python Better (and vice-versa)
How OpenStack Makes Python Better (and vice-versa)How OpenStack Makes Python Better (and vice-versa)
How OpenStack Makes Python Better (and vice-versa)doughellmann
 
PyCon Philippines 2012 Keynote
PyCon Philippines 2012 KeynotePyCon Philippines 2012 Keynote
PyCon Philippines 2012 KeynoteDaniel Greenfeld
 

Recommended

GeeCON Prague 2014 - Metaprogramming with Groovy
GeeCON Prague 2014 - Metaprogramming with GroovyGeeCON Prague 2014 - Metaprogramming with Groovy
GeeCON Prague 2014 - Metaprogramming with GroovyIván López Martín
 
What's in a language? By Cheng Lou
What's in a language? By Cheng Lou What's in a language? By Cheng Lou
What's in a language? By Cheng Lou React London 2017
 
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailPlone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailMatt Hamilton
 
LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersPerforce
 
Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open SourceMatt Hamilton
 
How OpenStack Makes Python Better (and vice-versa)
How OpenStack Makes Python Better (and vice-versa)How OpenStack Makes Python Better (and vice-versa)
How OpenStack Makes Python Better (and vice-versa)doughellmann
 
PyCon Philippines 2012 Keynote
PyCon Philippines 2012 KeynotePyCon Philippines 2012 Keynote
PyCon Philippines 2012 KeynoteDaniel Greenfeld
 
ESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveKnut Relbe-Moe [MVP, MCT]
 
Puppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfPuppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfDavid Danzilio
 
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicAtherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicamelio
 
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB
 
E gov security_tut_session_6_lab
E gov security_tut_session_6_labE gov security_tut_session_6_lab
E gov security_tut_session_6_labMustafa Jarrar
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAPDashamir Hoxha
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptBill Buchan
 
Python and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementPython and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementLaurent Leturgez
 
Laying Pipe with Transmogrifier
Laying Pipe with TransmogrifierLaying Pipe with Transmogrifier
Laying Pipe with TransmogrifierClayton Parker
 
3. ldap
3. ldap3. ldap
3. ldapSaroj Sahoo
 
Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013yohanbeschi
 
SOLID Ruby, SOLID Rails
SOLID Ruby, SOLID RailsSOLID Ruby, SOLID Rails
SOLID Ruby, SOLID RailsJens-Christian Fischer
 
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB
 
Knetminer Backend Training, Nov 2018
Knetminer Backend Training, Nov 2018Knetminer Backend Training, Nov 2018
Knetminer Backend Training, Nov 2018Rothamsted Research, UK
 
The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!Bruno Rocha
 
Nothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive WebNothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive Webcolinbdclark
 
Introduction to Drupal 7
Introduction to Drupal 7Introduction to Drupal 7
Introduction to Drupal 7Gerald Villorente
 
Office365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceOffice365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceDrew Madelung
 
Chef
ChefChef
ChefJeff Wallace
 
Webstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleWebstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleDaniel Burka
 
Customizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesCustomizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesClayton Parker
 
Vim for Mere Mortals
Vim for Mere MortalsVim for Mere Mortals
Vim for Mere MortalsClayton Parker
 

More Related Content

Similar to LDAP and Active Directory Authentication in Plone

ESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveKnut Relbe-Moe [MVP, MCT]
 
Puppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfPuppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfDavid Danzilio
 
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicAtherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicamelio
 
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB
 
E gov security_tut_session_6_lab
E gov security_tut_session_6_labE gov security_tut_session_6_lab
E gov security_tut_session_6_labMustafa Jarrar
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAPDashamir Hoxha
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptBill Buchan
 
Python and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementPython and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementLaurent Leturgez
 
Laying Pipe with Transmogrifier
Laying Pipe with TransmogrifierLaying Pipe with Transmogrifier
Laying Pipe with TransmogrifierClayton Parker
 
Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013yohanbeschi
 
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB
 
The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!Bruno Rocha
 
Nothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive WebNothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive Webcolinbdclark
 
Office365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceOffice365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceDrew Madelung
 
Webstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleWebstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleDaniel Burka
 

Similar to LDAP and Active Directory Authentication in Plone (20)

ESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep Dive
 
Puppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfPuppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConf
 
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicAtherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - public
 
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
 
E gov security_tut_session_6_lab
E gov security_tut_session_6_labE gov security_tut_session_6_lab
E gov security_tut_session_6_lab
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAP
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
 
Python and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementPython and Oracle : allies for best of data management
Python and Oracle : allies for best of data management
 
Laying Pipe with Transmogrifier
Laying Pipe with TransmogrifierLaying Pipe with Transmogrifier
Laying Pipe with Transmogrifier
 
3. ldap
3. ldap3. ldap
3. ldap
 
Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013
 
SOLID Ruby, SOLID Rails
SOLID Ruby, SOLID RailsSOLID Ruby, SOLID Rails
SOLID Ruby, SOLID Rails
 
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
 
Knetminer Backend Training, Nov 2018
Knetminer Backend Training, Nov 2018Knetminer Backend Training, Nov 2018
Knetminer Backend Training, Nov 2018
 
The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!
 
Nothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive WebNothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive Web
 
Introduction to Drupal 7
Introduction to Drupal 7Introduction to Drupal 7
Introduction to Drupal 7
 
Office365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceOffice365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global Conference
 
Chef
ChefChef
Chef
 
Webstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleWebstock Workshop: Creating Simple
Webstock Workshop: Creating Simple
 

More from Clayton Parker

Customizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesCustomizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesClayton Parker
 
Fuzzy Feelings for Fuzzy Matching
Fuzzy Feelings for Fuzzy MatchingFuzzy Feelings for Fuzzy Matching
Fuzzy Feelings for Fuzzy MatchingClayton Parker
 
Exploring Code with Pry!
Exploring Code with Pry!Exploring Code with Pry!
Exploring Code with Pry!Clayton Parker
 
Zen and the Art of Python
Zen and the Art of PythonZen and the Art of Python
Zen and the Art of PythonClayton Parker
 
So you think you can pdb?
So you think you can pdb?So you think you can pdb?
So you think you can pdb?Clayton Parker
 
Managing Chaos: Merging 120 Sites into a single Plone Multisite Solution
Managing Chaos: Merging 120 Sites into a single Plone Multisite SolutionManaging Chaos: Merging 120 Sites into a single Plone Multisite Solution
Managing Chaos: Merging 120 Sites into a single Plone Multisite SolutionClayton Parker
 
Current State of Python Packaging
Current State of Python PackagingCurrent State of Python Packaging
Current State of Python PackagingClayton Parker
 
Notre Dame Seamless Syndication with Lineage
Notre Dame Seamless Syndication with LineageNotre Dame Seamless Syndication with Lineage
Notre Dame Seamless Syndication with LineageClayton Parker
 
Pioneer a Strategic Change in Content Organization with Plone
Pioneer a Strategic Change in Content Organization with PlonePioneer a Strategic Change in Content Organization with Plone
Pioneer a Strategic Change in Content Organization with PloneClayton Parker
 
Using Buildout, GenericSetup and a Policy Package to Rule the World
Using Buildout, GenericSetup and a Policy Package to Rule the WorldUsing Buildout, GenericSetup and a Policy Package to Rule the World
Using Buildout, GenericSetup and a Policy Package to Rule the WorldClayton Parker
 
Make Plone Search Act Like Google Using Solr
Make Plone Search Act Like Google Using SolrMake Plone Search Act Like Google Using Solr
Make Plone Search Act Like Google Using SolrClayton Parker
 
Migrating from drupal to plone with transmogrifier
Migrating from drupal to plone with transmogrifierMigrating from drupal to plone with transmogrifier
Migrating from drupal to plone with transmogrifierClayton Parker
 
Buildout for the Future
Buildout for the FutureBuildout for the Future
Buildout for the FutureClayton Parker
 
Code with Style - PyOhio
Code with Style - PyOhioCode with Style - PyOhio
Code with Style - PyOhioClayton Parker
 
Using Buildout to Develop and Deploy Python Projects
Using Buildout to Develop and Deploy Python ProjectsUsing Buildout to Develop and Deploy Python Projects
Using Buildout to Develop and Deploy Python ProjectsClayton Parker
 
Generic Setup De-Mystified
Generic Setup De-MystifiedGeneric Setup De-Mystified
Generic Setup De-MystifiedClayton Parker
 
Buildout: Fostering Repeatability
Buildout: Fostering RepeatabilityBuildout: Fostering Repeatability
Buildout: Fostering RepeatabilityClayton Parker
 

More from Clayton Parker (20)

Customizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesCustomizing Your Shell With Dotfiles
Customizing Your Shell With Dotfiles
 
Vim for Mere Mortals
Vim for Mere MortalsVim for Mere Mortals
Vim for Mere Mortals
 
Fuzzy Feelings for Fuzzy Matching
Fuzzy Feelings for Fuzzy MatchingFuzzy Feelings for Fuzzy Matching
Fuzzy Feelings for Fuzzy Matching
 
Exploring Code with Pry!
Exploring Code with Pry!Exploring Code with Pry!
Exploring Code with Pry!
 
Zen and the Art of Python
Zen and the Art of PythonZen and the Art of Python
Zen and the Art of Python
 
So you think you can pdb?
So you think you can pdb?So you think you can pdb?
So you think you can pdb?
 
Managing Chaos: Merging 120 Sites into a single Plone Multisite Solution
Managing Chaos: Merging 120 Sites into a single Plone Multisite SolutionManaging Chaos: Merging 120 Sites into a single Plone Multisite Solution
Managing Chaos: Merging 120 Sites into a single Plone Multisite Solution
 
Current State of Python Packaging
Current State of Python PackagingCurrent State of Python Packaging
Current State of Python Packaging
 
Notre Dame Seamless Syndication with Lineage
Notre Dame Seamless Syndication with LineageNotre Dame Seamless Syndication with Lineage
Notre Dame Seamless Syndication with Lineage
 
Pioneer a Strategic Change in Content Organization with Plone
Pioneer a Strategic Change in Content Organization with PlonePioneer a Strategic Change in Content Organization with Plone
Pioneer a Strategic Change in Content Organization with Plone
 
Using Buildout, GenericSetup and a Policy Package to Rule the World
Using Buildout, GenericSetup and a Policy Package to Rule the WorldUsing Buildout, GenericSetup and a Policy Package to Rule the World
Using Buildout, GenericSetup and a Policy Package to Rule the World
 
Make Plone Search Act Like Google Using Solr
Make Plone Search Act Like Google Using SolrMake Plone Search Act Like Google Using Solr
Make Plone Search Act Like Google Using Solr
 
Migrating from drupal to plone with transmogrifier
Migrating from drupal to plone with transmogrifierMigrating from drupal to plone with transmogrifier
Migrating from drupal to plone with transmogrifier
 
Buildout for the Future
Buildout for the FutureBuildout for the Future
Buildout for the Future
 
Buildout future
Buildout futureBuildout future
Buildout future
 
Code with Style - PyOhio
Code with Style - PyOhioCode with Style - PyOhio
Code with Style - PyOhio
 
Code with style
Code with styleCode with style
Code with style
 
Using Buildout to Develop and Deploy Python Projects
Using Buildout to Develop and Deploy Python ProjectsUsing Buildout to Develop and Deploy Python Projects
Using Buildout to Develop and Deploy Python Projects
 
Generic Setup De-Mystified
Generic Setup De-MystifiedGeneric Setup De-Mystified
Generic Setup De-Mystified
 
Buildout: Fostering Repeatability
Buildout: Fostering RepeatabilityBuildout: Fostering Repeatability
Buildout: Fostering Repeatability
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

LDAP and Active Directory Authentication in Plone

  • 1. Clayton Parker, Senior Developer LDAP and Active Directory Authentication in Plone PLONE CONFERENCE 2010 Wednesday, October 27, 2010
  • 2. PLONE CONFERENCE 2010Who Am I? • claytron • Python dev since 2003 • Plone Core Committer • Foundation Member Wednesday, October 27, 2010
  • 3. PLONE CONFERENCE 2010What Will We Learn? • What is LDAP • Why we use it • Integration with Plone Wednesday, October 27, 2010
  • 4. PLONE CONFERENCE 2010What is LDAP? • Lightweight Directory Access Protocol • Telephone Book • X.500 Wednesday, October 27, 2010
  • 5. PLONE CONFERENCE 2010Why LDAP? • Existing tool • Consistency Wednesday, October 27, 2010
  • 6. PLONE CONFERENCE 2010Plone + LDAP • Excellent integration • Plone layer Wednesday, October 27, 2010
  • 7. PLONE CONFERENCE 2010Installing LDAP • OpenLDAP • Dev headers • python-ldap Wednesday, October 27, 2010
  • 8. PLONE CONFERENCE 2010Plone Pieces [instance] recipe = plone.recipe.zope2instance eggs = ... plone.app.ldap zcml = ... plone.app.ldap [plonesite] recipe = collective.recipe.plonesite profiles = plone.app.ldap:ldap Wednesday, October 27, 2010
  • 9. PLONE CONFERENCE 2010 That’s It! Wednesday, October 27, 2010
  • 10. PLONE CONFERENCE 2010What is Installed? • plone.app.ldap • PloneLDAP • LDAPMultiPlugins • LDAPUserFolder • python-ldap Wednesday, October 27, 2010
  • 11. PLONE CONFERENCE 2010PAS Adapters • Authentication (authenticateCredentials) • Group_Enumeration (enumerateGroups) • Group_Introspection (getGroupById) • Groups (getGroupsForPrincipal) • Properties (getPropertiesForUser) • User_Enumeration (enumerateUsers) Wednesday, October 27, 2010
  • 12. PLONE CONFERENCE 2010Example LDIF dn: dc=bluthcompany,dc=com dc: bluthcompany description: The best company in the whole world objectClass: dcObject objectClass: organization o: Bluth Company dn: ou=people, dc=bluthcompany,dc=com ou: people description: All the people in the organization objectClass: organizationalUnit dn: ou=groups,dc=bluthcompany,dc=com ou: group description: Groups of people objectClass: organizationalUnit Wednesday, October 27, 2010
  • 13. PLONE CONFERENCE 2010Users dn: uid=ksanchez,ou=people,dc=bluthcompany,dc=com objectclass: inetOrgPerson objectclass: person cn: Kitty Sanchez givenName: Kitty sn: Sanchez uid: ksanchez mail: ksanchez@example.com userPassword: ksanchez dn: uid=bbluth,ou=people,dc=bluthcompany,dc=com objectclass: inetOrgPerson objectclass: person cn: Byron Bluth givenName: Byron sn: Bluth uid: bbluth mail: bbluth@example.com userPassword: bbluth Wednesday, October 27, 2010
  • 14. PLONE CONFERENCE 2010Groups dn: cn=bluthcompany,ou=groups,dc=bluthcompany,dc=com objectclass: groupOfUniqueNames objectclass: top cn: bluthcompany uniqueMember: uid=mbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=gbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=lbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=ksanchez,ou=people,dc=bluthcompany,dc=com dn: cn=family,ou=groups,dc=bluthcompany,dc=com objectclass: groupOfUniqueNames objectclass: top cn: family uniqueMember: uid=bbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=tfunke,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=lfunke,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=sholt,ou=people,dc=bluthcompany,dc=com dn: uid=lbluth,ou=people,dc=bluthcompany,dc=com Wednesday, October 27, 2010
  • 15. PLONE CONFERENCE 2010Schema include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema Wednesday, October 27, 2010
  • 16. PLONE CONFERENCE 2010Add Info $ ldapadd -H ldap://localhost -D cn=Manager,dc=bluthcompany,dc=com -w secret -f bluth.ldif Wednesday, October 27, 2010
  • 17. PLONE CONFERENCE 2010Plone Setup Wednesday, October 27, 2010
  • 20. PLONE CONFERENCE 2010Map Groups to Roles Wednesday, October 27, 2010
  • 21. PLONE CONFERENCE 2010Map LDAP Attributes into Plone Wednesday, October 27, 2010
  • 22. PLONE CONFERENCE 2010Active Directory • Alternate port that speaks LDAP on 3268 • sAMAccountName • groupid_attr property to "name" • Group recursion “may not work” Wednesday, October 27, 2010
  • 23. PLONE CONFERENCE 2010Running Without LDAP • Local instance • Protected LDAP Wednesday, October 27, 2010
  • 24. PLONE CONFERENCE 2010Plonesite part [plonesite] recipe = collective.recipe.plonesite pre-extras = ${buildout:directory}/bin/disable_ldap.py Wednesday, October 27, 2010
  • 25. PLONE CONFERENCE 2010 # id of the ldap plugin the PloneSite/acl_users ldap_plugin_id = "ldap-plugin" # turn off the ldap plugin for local testing interfaces = [ "IAuthenticationPlugin", "ICredentialsResetPlugin", "IGroupEnumerationPlugin", "IGroupsPlugin", "IPropertiesPlugin", "IRoleEnumerationPlugin", "IRolesPlugin", "IUserEnumerationPlugin" ] # this code is mostly taken from # Products.PluggableAuthService.plugins.BasePlugin.manage_activateInterfaces ldap_plugin = portal.acl_users[ldap_plugin_id] pas_instance = ldap_plugin._getPAS() plugins = pas_instance._getOb('plugins') active_interfaces = [] for iface_name in interfaces: active_interfaces.append(plugins._getInterfaceFromName(iface_name )) for iface in active_interfaces: try: plugins.deactivatePlugin(iface, ldap_plugin_id) except KeyError: print "%s plugin already disabled for %s" % (iface, ldap_plugin_id) Wednesday, October 27, 2010
  • 26. PLONE CONFERENCE 2010Debugging Issues • Set log-level to ‘debug’ • User search in ZMI Wednesday, October 27, 2010
  • 27. PLONE CONFERENCE 2010Links • plone.app.ldap http://pypi.python.org/pypi/plone.app.ldap • Apache Directory Studio http://directory.apache.org/studio/ • disable_ldap.py http://gist.github.com/648864 Wednesday, October 27, 2010