SlideShare a Scribd company logo

LDAP and Active Directory Authentication in Plone

Clayton Parker
Clayton Parker

In this presentation, we will discuss the benefits of having Plone authenticate against a directory server. We will explore which tools are available to make this authentication option successful as well as how to configure them. Finally, disadvantages and possible problems with such a setup will be discussed.

Technology
1 of 28
Download to read offline
Clayton Parker, Senior Developer LDAP and Active Directory Authentication in Plone PLONE CONFERENCE 2010 Wednesday, October 27, 2010
PLONE CONFERENCE 2010Who Am I? • claytron • Python dev since 2003 • Plone Core Committer • Foundation Member Wednesday, October 27, 2010
PLONE CONFERENCE 2010What Will We Learn? • What is LDAP • Why we use it • Integration with Plone Wednesday, October 27, 2010
PLONE CONFERENCE 2010What is LDAP? • Lightweight Directory Access Protocol • Telephone Book • X.500 Wednesday, October 27, 2010
PLONE CONFERENCE 2010Why LDAP? • Existing tool • Consistency Wednesday, October 27, 2010
PLONE CONFERENCE 2010Plone + LDAP • Excellent integration • Plone layer Wednesday, October 27, 2010
PLONE CONFERENCE 2010Installing LDAP • OpenLDAP • Dev headers • python-ldap Wednesday, October 27, 2010
PLONE CONFERENCE 2010Plone Pieces [instance] recipe = plone.recipe.zope2instance eggs = ... plone.app.ldap zcml = ... plone.app.ldap [plonesite] recipe = collective.recipe.plonesite profiles = plone.app.ldap:ldap Wednesday, October 27, 2010
PLONE CONFERENCE 2010 That’s It! Wednesday, October 27, 2010
PLONE CONFERENCE 2010What is Installed? • plone.app.ldap • PloneLDAP • LDAPMultiPlugins • LDAPUserFolder • python-ldap Wednesday, October 27, 2010
PLONE CONFERENCE 2010PAS Adapters • Authentication (authenticateCredentials) • Group_Enumeration (enumerateGroups) • Group_Introspection (getGroupById) • Groups (getGroupsForPrincipal) • Properties (getPropertiesForUser) • User_Enumeration (enumerateUsers) Wednesday, October 27, 2010
PLONE CONFERENCE 2010Example LDIF dn: dc=bluthcompany,dc=com dc: bluthcompany description: The best company in the whole world objectClass: dcObject objectClass: organization o: Bluth Company dn: ou=people, dc=bluthcompany,dc=com ou: people description: All the people in the organization objectClass: organizationalUnit dn: ou=groups,dc=bluthcompany,dc=com ou: group description: Groups of people objectClass: organizationalUnit Wednesday, October 27, 2010
PLONE CONFERENCE 2010Users dn: uid=ksanchez,ou=people,dc=bluthcompany,dc=com objectclass: inetOrgPerson objectclass: person cn: Kitty Sanchez givenName: Kitty sn: Sanchez uid: ksanchez mail: ksanchez@example.com userPassword: ksanchez dn: uid=bbluth,ou=people,dc=bluthcompany,dc=com objectclass: inetOrgPerson objectclass: person cn: Byron Bluth givenName: Byron sn: Bluth uid: bbluth mail: bbluth@example.com userPassword: bbluth Wednesday, October 27, 2010
PLONE CONFERENCE 2010Groups dn: cn=bluthcompany,ou=groups,dc=bluthcompany,dc=com objectclass: groupOfUniqueNames objectclass: top cn: bluthcompany uniqueMember: uid=mbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=gbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=lbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=ksanchez,ou=people,dc=bluthcompany,dc=com dn: cn=family,ou=groups,dc=bluthcompany,dc=com objectclass: groupOfUniqueNames objectclass: top cn: family uniqueMember: uid=bbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=tfunke,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=lfunke,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=sholt,ou=people,dc=bluthcompany,dc=com dn: uid=lbluth,ou=people,dc=bluthcompany,dc=com Wednesday, October 27, 2010
PLONE CONFERENCE 2010Schema include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema Wednesday, October 27, 2010
PLONE CONFERENCE 2010Add Info $ ldapadd -H ldap://localhost -D cn=Manager,dc=bluthcompany,dc=com -w secret -f bluth.ldif Wednesday, October 27, 2010
PLONE CONFERENCE 2010Plone Setup Wednesday, October 27, 2010
PLONE CONFERENCE 2010Users Wednesday, October 27, 2010
PLONE CONFERENCE 2010Groups Wednesday, October 27, 2010
PLONE CONFERENCE 2010Map Groups to Roles Wednesday, October 27, 2010
PLONE CONFERENCE 2010Map LDAP Attributes into Plone Wednesday, October 27, 2010
PLONE CONFERENCE 2010Active Directory • Alternate port that speaks LDAP on 3268 • sAMAccountName • groupid_attr property to "name" • Group recursion “may not work” Wednesday, October 27, 2010
PLONE CONFERENCE 2010Running Without LDAP • Local instance • Protected LDAP Wednesday, October 27, 2010
PLONE CONFERENCE 2010Plonesite part [plonesite] recipe = collective.recipe.plonesite pre-extras = ${buildout:directory}/bin/disable_ldap.py Wednesday, October 27, 2010
PLONE CONFERENCE 2010 # id of the ldap plugin the PloneSite/acl_users ldap_plugin_id = "ldap-plugin" # turn off the ldap plugin for local testing interfaces = [ "IAuthenticationPlugin", "ICredentialsResetPlugin", "IGroupEnumerationPlugin", "IGroupsPlugin", "IPropertiesPlugin", "IRoleEnumerationPlugin", "IRolesPlugin", "IUserEnumerationPlugin" ] # this code is mostly taken from # Products.PluggableAuthService.plugins.BasePlugin.manage_activateInterfaces ldap_plugin = portal.acl_users[ldap_plugin_id] pas_instance = ldap_plugin._getPAS() plugins = pas_instance._getOb('plugins') active_interfaces = [] for iface_name in interfaces: active_interfaces.append(plugins._getInterfaceFromName(iface_name )) for iface in active_interfaces: try: plugins.deactivatePlugin(iface, ldap_plugin_id) except KeyError: print "%s plugin already disabled for %s" % (iface, ldap_plugin_id) Wednesday, October 27, 2010
PLONE CONFERENCE 2010Debugging Issues • Set log-level to ‘debug’ • User search in ZMI Wednesday, October 27, 2010
PLONE CONFERENCE 2010Links • plone.app.ldap http://pypi.python.org/pypi/plone.app.ldap • Apache Directory Studio http://directory.apache.org/studio/ • disable_ldap.py http://gist.github.com/648864 Wednesday, October 27, 2010
Check out sixfeetup.com/demos Wednesday, October 27, 2010

Recommended

GeeCON Prague 2014 - Metaprogramming with Groovy
GeeCON Prague 2014 - Metaprogramming with GroovyGeeCON Prague 2014 - Metaprogramming with Groovy
GeeCON Prague 2014 - Metaprogramming with GroovyIván López Martín
 
What's in a language? By Cheng Lou
What's in a language? By Cheng Lou What's in a language? By Cheng Lou
What's in a language? By Cheng Lou React London 2017
 
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailPlone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailMatt Hamilton
 
LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersPerforce
 
Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open SourceMatt Hamilton
 
How OpenStack Makes Python Better (and vice-versa)
How OpenStack Makes Python Better (and vice-versa)How OpenStack Makes Python Better (and vice-versa)
How OpenStack Makes Python Better (and vice-versa)doughellmann
 
PyCon Philippines 2012 Keynote
PyCon Philippines 2012 KeynotePyCon Philippines 2012 Keynote
PyCon Philippines 2012 KeynoteDaniel Greenfeld
 

Recommended

GeeCON Prague 2014 - Metaprogramming with Groovy
GeeCON Prague 2014 - Metaprogramming with GroovyGeeCON Prague 2014 - Metaprogramming with Groovy
GeeCON Prague 2014 - Metaprogramming with GroovyIván López Martín
 
What's in a language? By Cheng Lou
What's in a language? By Cheng Lou What's in a language? By Cheng Lou
What's in a language? By Cheng Lou React London 2017
 
Plone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailPlone and Single-Sign On - Active Directory and the Holy Grail
Plone and Single-Sign On - Active Directory and the Holy GrailMatt Hamilton
 
LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersPerforce
 
Supercharge Your Career with Open Source
Supercharge Your Career with Open SourceSupercharge Your Career with Open Source
Supercharge Your Career with Open SourceMatt Hamilton
 
How OpenStack Makes Python Better (and vice-versa)
How OpenStack Makes Python Better (and vice-versa)How OpenStack Makes Python Better (and vice-versa)
How OpenStack Makes Python Better (and vice-versa)doughellmann
 
PyCon Philippines 2012 Keynote
PyCon Philippines 2012 KeynotePyCon Philippines 2012 Keynote
PyCon Philippines 2012 KeynoteDaniel Greenfeld
 
ESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveKnut Relbe-Moe [MVP, MCT]
 
Puppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfPuppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfDavid Danzilio
 
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicAtherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicamelio
 
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB
 
E gov security_tut_session_6_lab
E gov security_tut_session_6_labE gov security_tut_session_6_lab
E gov security_tut_session_6_labMustafa Jarrar
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAPDashamir Hoxha
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptBill Buchan
 
Python and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementPython and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementLaurent Leturgez
 
Laying Pipe with Transmogrifier
Laying Pipe with TransmogrifierLaying Pipe with Transmogrifier
Laying Pipe with TransmogrifierClayton Parker
 
3. ldap
3. ldap3. ldap
3. ldapSaroj Sahoo
 
Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013yohanbeschi
 
SOLID Ruby, SOLID Rails
SOLID Ruby, SOLID RailsSOLID Ruby, SOLID Rails
SOLID Ruby, SOLID RailsJens-Christian Fischer
 
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB
 
Knetminer Backend Training, Nov 2018
Knetminer Backend Training, Nov 2018Knetminer Backend Training, Nov 2018
Knetminer Backend Training, Nov 2018Rothamsted Research, UK
 
The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!Bruno Rocha
 
Nothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive WebNothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive Webcolinbdclark
 
Introduction to Drupal 7
Introduction to Drupal 7Introduction to Drupal 7
Introduction to Drupal 7Gerald Villorente
 
Office365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceOffice365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceDrew Madelung
 
Chef
ChefChef
ChefJeff Wallace
 
Webstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleWebstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleDaniel Burka
 
Customizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesCustomizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesClayton Parker
 
Vim for Mere Mortals
Vim for Mere MortalsVim for Mere Mortals
Vim for Mere MortalsClayton Parker
 

More Related Content

Similar to LDAP and Active Directory Authentication in Plone

ESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveKnut Relbe-Moe [MVP, MCT]
 
Puppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfPuppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfDavid Danzilio
 
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicAtherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicamelio
 
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB
 
E gov security_tut_session_6_lab
E gov security_tut_session_6_labE gov security_tut_session_6_lab
E gov security_tut_session_6_labMustafa Jarrar
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAPDashamir Hoxha
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptBill Buchan
 
Python and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementPython and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementLaurent Leturgez
 
Laying Pipe with Transmogrifier
Laying Pipe with TransmogrifierLaying Pipe with Transmogrifier
Laying Pipe with TransmogrifierClayton Parker
 
Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013yohanbeschi
 
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB
 
The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!Bruno Rocha
 
Nothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive WebNothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive Webcolinbdclark
 
Office365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceOffice365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceDrew Madelung
 
Webstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleWebstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleDaniel Burka
 

Similar to LDAP and Active Directory Authentication in Plone (20)

ESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep DiveESPC15 Th30 Microsoft Office 365 Groups Deep Dive
ESPC15 Th30 Microsoft Office 365 Groups Deep Dive
 
Puppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConfPuppet Design Patterns - PuppetConf
Puppet Design Patterns - PuppetConf
 
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - publicAtherton & Weber - Bake your own taxonomy - tcuk 130924 - public
Atherton & Weber - Bake your own taxonomy - tcuk 130924 - public
 
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
MongoDB.local Austin 2018: Tutorial - User Administration Without You - Integ...
 
E gov security_tut_session_6_lab
E gov security_tut_session_6_labE gov security_tut_session_6_lab
E gov security_tut_session_6_lab
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAP
 
Everything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus scriptEverything you ever wanted to know about lotus script
Everything you ever wanted to know about lotus script
 
Python and Oracle : allies for best of data management
Python and Oracle : allies for best of data managementPython and Oracle : allies for best of data management
Python and Oracle : allies for best of data management
 
Laying Pipe with Transmogrifier
Laying Pipe with TransmogrifierLaying Pipe with Transmogrifier
Laying Pipe with Transmogrifier
 
3. ldap
3. ldap3. ldap
3. ldap
 
Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013Building Single-Page Web Appplications in dart - Devoxx France 2013
Building Single-Page Web Appplications in dart - Devoxx France 2013
 
SOLID Ruby, SOLID Rails
SOLID Ruby, SOLID RailsSOLID Ruby, SOLID Rails
SOLID Ruby, SOLID Rails
 
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
MongoDB World 2018: Tutorial - User Administration Without You - Integrating ...
 
Knetminer Backend Training, Nov 2018
Knetminer Backend Training, Nov 2018Knetminer Backend Training, Nov 2018
Knetminer Backend Training, Nov 2018
 
The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!The quality of the python ecosystem - and how we can protect it!
The quality of the python ecosystem - and how we can protect it!
 
Nothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive WebNothing Hard Baked: Designing the Inclusive Web
Nothing Hard Baked: Designing the Inclusive Web
 
Introduction to Drupal 7
Introduction to Drupal 7Introduction to Drupal 7
Introduction to Drupal 7
 
Office365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global ConferenceOffice365 groups from the ground up - Collab365 Global Conference
Office365 groups from the ground up - Collab365 Global Conference
 
Chef
ChefChef
Chef
 
Webstock Workshop: Creating Simple
Webstock Workshop: Creating SimpleWebstock Workshop: Creating Simple
Webstock Workshop: Creating Simple
 

More from Clayton Parker

Customizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesCustomizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesClayton Parker
 
Fuzzy Feelings for Fuzzy Matching
Fuzzy Feelings for Fuzzy MatchingFuzzy Feelings for Fuzzy Matching
Fuzzy Feelings for Fuzzy MatchingClayton Parker
 
Exploring Code with Pry!
Exploring Code with Pry!Exploring Code with Pry!
Exploring Code with Pry!Clayton Parker
 
Zen and the Art of Python
Zen and the Art of PythonZen and the Art of Python
Zen and the Art of PythonClayton Parker
 
So you think you can pdb?
So you think you can pdb?So you think you can pdb?
So you think you can pdb?Clayton Parker
 
Managing Chaos: Merging 120 Sites into a single Plone Multisite Solution
Managing Chaos: Merging 120 Sites into a single Plone Multisite SolutionManaging Chaos: Merging 120 Sites into a single Plone Multisite Solution
Managing Chaos: Merging 120 Sites into a single Plone Multisite SolutionClayton Parker
 
Current State of Python Packaging
Current State of Python PackagingCurrent State of Python Packaging
Current State of Python PackagingClayton Parker
 
Notre Dame Seamless Syndication with Lineage
Notre Dame Seamless Syndication with LineageNotre Dame Seamless Syndication with Lineage
Notre Dame Seamless Syndication with LineageClayton Parker
 
Pioneer a Strategic Change in Content Organization with Plone
Pioneer a Strategic Change in Content Organization with PlonePioneer a Strategic Change in Content Organization with Plone
Pioneer a Strategic Change in Content Organization with PloneClayton Parker
 
Using Buildout, GenericSetup and a Policy Package to Rule the World
Using Buildout, GenericSetup and a Policy Package to Rule the WorldUsing Buildout, GenericSetup and a Policy Package to Rule the World
Using Buildout, GenericSetup and a Policy Package to Rule the WorldClayton Parker
 
Make Plone Search Act Like Google Using Solr
Make Plone Search Act Like Google Using SolrMake Plone Search Act Like Google Using Solr
Make Plone Search Act Like Google Using SolrClayton Parker
 
Migrating from drupal to plone with transmogrifier
Migrating from drupal to plone with transmogrifierMigrating from drupal to plone with transmogrifier
Migrating from drupal to plone with transmogrifierClayton Parker
 
Buildout for the Future
Buildout for the FutureBuildout for the Future
Buildout for the FutureClayton Parker
 
Code with Style - PyOhio
Code with Style - PyOhioCode with Style - PyOhio
Code with Style - PyOhioClayton Parker
 
Using Buildout to Develop and Deploy Python Projects
Using Buildout to Develop and Deploy Python ProjectsUsing Buildout to Develop and Deploy Python Projects
Using Buildout to Develop and Deploy Python ProjectsClayton Parker
 
Generic Setup De-Mystified
Generic Setup De-MystifiedGeneric Setup De-Mystified
Generic Setup De-MystifiedClayton Parker
 
Buildout: Fostering Repeatability
Buildout: Fostering RepeatabilityBuildout: Fostering Repeatability
Buildout: Fostering RepeatabilityClayton Parker
 

More from Clayton Parker (20)

Customizing Your Shell With Dotfiles
Customizing Your Shell With DotfilesCustomizing Your Shell With Dotfiles
Customizing Your Shell With Dotfiles
 
Vim for Mere Mortals
Vim for Mere MortalsVim for Mere Mortals
Vim for Mere Mortals
 
Fuzzy Feelings for Fuzzy Matching
Fuzzy Feelings for Fuzzy MatchingFuzzy Feelings for Fuzzy Matching
Fuzzy Feelings for Fuzzy Matching
 
Exploring Code with Pry!
Exploring Code with Pry!Exploring Code with Pry!
Exploring Code with Pry!
 
Zen and the Art of Python
Zen and the Art of PythonZen and the Art of Python
Zen and the Art of Python
 
So you think you can pdb?
So you think you can pdb?So you think you can pdb?
So you think you can pdb?
 
Managing Chaos: Merging 120 Sites into a single Plone Multisite Solution
Managing Chaos: Merging 120 Sites into a single Plone Multisite SolutionManaging Chaos: Merging 120 Sites into a single Plone Multisite Solution
Managing Chaos: Merging 120 Sites into a single Plone Multisite Solution
 
Current State of Python Packaging
Current State of Python PackagingCurrent State of Python Packaging
Current State of Python Packaging
 
Notre Dame Seamless Syndication with Lineage
Notre Dame Seamless Syndication with LineageNotre Dame Seamless Syndication with Lineage
Notre Dame Seamless Syndication with Lineage
 
Pioneer a Strategic Change in Content Organization with Plone
Pioneer a Strategic Change in Content Organization with PlonePioneer a Strategic Change in Content Organization with Plone
Pioneer a Strategic Change in Content Organization with Plone
 
Using Buildout, GenericSetup and a Policy Package to Rule the World
Using Buildout, GenericSetup and a Policy Package to Rule the WorldUsing Buildout, GenericSetup and a Policy Package to Rule the World
Using Buildout, GenericSetup and a Policy Package to Rule the World
 
Make Plone Search Act Like Google Using Solr
Make Plone Search Act Like Google Using SolrMake Plone Search Act Like Google Using Solr
Make Plone Search Act Like Google Using Solr
 
Migrating from drupal to plone with transmogrifier
Migrating from drupal to plone with transmogrifierMigrating from drupal to plone with transmogrifier
Migrating from drupal to plone with transmogrifier
 
Buildout for the Future
Buildout for the FutureBuildout for the Future
Buildout for the Future
 
Buildout future
Buildout futureBuildout future
Buildout future
 
Code with Style - PyOhio
Code with Style - PyOhioCode with Style - PyOhio
Code with Style - PyOhio
 
Code with style
Code with styleCode with style
Code with style
 
Using Buildout to Develop and Deploy Python Projects
Using Buildout to Develop and Deploy Python ProjectsUsing Buildout to Develop and Deploy Python Projects
Using Buildout to Develop and Deploy Python Projects
 
Generic Setup De-Mystified
Generic Setup De-MystifiedGeneric Setup De-Mystified
Generic Setup De-Mystified
 
Buildout: Fostering Repeatability
Buildout: Fostering RepeatabilityBuildout: Fostering Repeatability
Buildout: Fostering Repeatability
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

LDAP and Active Directory Authentication in Plone

  • 1. Clayton Parker, Senior Developer LDAP and Active Directory Authentication in Plone PLONE CONFERENCE 2010 Wednesday, October 27, 2010
  • 2. PLONE CONFERENCE 2010Who Am I? • claytron • Python dev since 2003 • Plone Core Committer • Foundation Member Wednesday, October 27, 2010
  • 3. PLONE CONFERENCE 2010What Will We Learn? • What is LDAP • Why we use it • Integration with Plone Wednesday, October 27, 2010
  • 4. PLONE CONFERENCE 2010What is LDAP? • Lightweight Directory Access Protocol • Telephone Book • X.500 Wednesday, October 27, 2010
  • 5. PLONE CONFERENCE 2010Why LDAP? • Existing tool • Consistency Wednesday, October 27, 2010
  • 6. PLONE CONFERENCE 2010Plone + LDAP • Excellent integration • Plone layer Wednesday, October 27, 2010
  • 7. PLONE CONFERENCE 2010Installing LDAP • OpenLDAP • Dev headers • python-ldap Wednesday, October 27, 2010
  • 8. PLONE CONFERENCE 2010Plone Pieces [instance] recipe = plone.recipe.zope2instance eggs = ... plone.app.ldap zcml = ... plone.app.ldap [plonesite] recipe = collective.recipe.plonesite profiles = plone.app.ldap:ldap Wednesday, October 27, 2010
  • 9. PLONE CONFERENCE 2010 That’s It! Wednesday, October 27, 2010
  • 10. PLONE CONFERENCE 2010What is Installed? • plone.app.ldap • PloneLDAP • LDAPMultiPlugins • LDAPUserFolder • python-ldap Wednesday, October 27, 2010
  • 11. PLONE CONFERENCE 2010PAS Adapters • Authentication (authenticateCredentials) • Group_Enumeration (enumerateGroups) • Group_Introspection (getGroupById) • Groups (getGroupsForPrincipal) • Properties (getPropertiesForUser) • User_Enumeration (enumerateUsers) Wednesday, October 27, 2010
  • 12. PLONE CONFERENCE 2010Example LDIF dn: dc=bluthcompany,dc=com dc: bluthcompany description: The best company in the whole world objectClass: dcObject objectClass: organization o: Bluth Company dn: ou=people, dc=bluthcompany,dc=com ou: people description: All the people in the organization objectClass: organizationalUnit dn: ou=groups,dc=bluthcompany,dc=com ou: group description: Groups of people objectClass: organizationalUnit Wednesday, October 27, 2010
  • 13. PLONE CONFERENCE 2010Users dn: uid=ksanchez,ou=people,dc=bluthcompany,dc=com objectclass: inetOrgPerson objectclass: person cn: Kitty Sanchez givenName: Kitty sn: Sanchez uid: ksanchez mail: ksanchez@example.com userPassword: ksanchez dn: uid=bbluth,ou=people,dc=bluthcompany,dc=com objectclass: inetOrgPerson objectclass: person cn: Byron Bluth givenName: Byron sn: Bluth uid: bbluth mail: bbluth@example.com userPassword: bbluth Wednesday, October 27, 2010
  • 14. PLONE CONFERENCE 2010Groups dn: cn=bluthcompany,ou=groups,dc=bluthcompany,dc=com objectclass: groupOfUniqueNames objectclass: top cn: bluthcompany uniqueMember: uid=mbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=gbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=lbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=ksanchez,ou=people,dc=bluthcompany,dc=com dn: cn=family,ou=groups,dc=bluthcompany,dc=com objectclass: groupOfUniqueNames objectclass: top cn: family uniqueMember: uid=bbluth,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=tfunke,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=lfunke,ou=people,dc=bluthcompany,dc=com uniqueMember: uid=sholt,ou=people,dc=bluthcompany,dc=com dn: uid=lbluth,ou=people,dc=bluthcompany,dc=com Wednesday, October 27, 2010
  • 15. PLONE CONFERENCE 2010Schema include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema Wednesday, October 27, 2010
  • 16. PLONE CONFERENCE 2010Add Info $ ldapadd -H ldap://localhost -D cn=Manager,dc=bluthcompany,dc=com -w secret -f bluth.ldif Wednesday, October 27, 2010
  • 17. PLONE CONFERENCE 2010Plone Setup Wednesday, October 27, 2010
  • 20. PLONE CONFERENCE 2010Map Groups to Roles Wednesday, October 27, 2010
  • 21. PLONE CONFERENCE 2010Map LDAP Attributes into Plone Wednesday, October 27, 2010
  • 22. PLONE CONFERENCE 2010Active Directory • Alternate port that speaks LDAP on 3268 • sAMAccountName • groupid_attr property to "name" • Group recursion “may not work” Wednesday, October 27, 2010
  • 23. PLONE CONFERENCE 2010Running Without LDAP • Local instance • Protected LDAP Wednesday, October 27, 2010
  • 24. PLONE CONFERENCE 2010Plonesite part [plonesite] recipe = collective.recipe.plonesite pre-extras = ${buildout:directory}/bin/disable_ldap.py Wednesday, October 27, 2010
  • 25. PLONE CONFERENCE 2010 # id of the ldap plugin the PloneSite/acl_users ldap_plugin_id = "ldap-plugin" # turn off the ldap plugin for local testing interfaces = [ "IAuthenticationPlugin", "ICredentialsResetPlugin", "IGroupEnumerationPlugin", "IGroupsPlugin", "IPropertiesPlugin", "IRoleEnumerationPlugin", "IRolesPlugin", "IUserEnumerationPlugin" ] # this code is mostly taken from # Products.PluggableAuthService.plugins.BasePlugin.manage_activateInterfaces ldap_plugin = portal.acl_users[ldap_plugin_id] pas_instance = ldap_plugin._getPAS() plugins = pas_instance._getOb('plugins') active_interfaces = [] for iface_name in interfaces: active_interfaces.append(plugins._getInterfaceFromName(iface_name )) for iface in active_interfaces: try: plugins.deactivatePlugin(iface, ldap_plugin_id) except KeyError: print "%s plugin already disabled for %s" % (iface, ldap_plugin_id) Wednesday, October 27, 2010
  • 26. PLONE CONFERENCE 2010Debugging Issues • Set log-level to ‘debug’ • User search in ZMI Wednesday, October 27, 2010
  • 27. PLONE CONFERENCE 2010Links • plone.app.ldap http://pypi.python.org/pypi/plone.app.ldap • Apache Directory Studio http://directory.apache.org/studio/ • disable_ldap.py http://gist.github.com/648864 Wednesday, October 27, 2010