SlideShare a Scribd company logo

Plone pas.plugins.ldap user/group search

F
fredvd

Presentation given at PloneConf 2017, how to set up pas.plugins.ldap with in Plone with your ldap directory service

1 of 29
Download to read offline
LDAP integration with
user/group search
(in pas.plugins.ldap)
Fred van Dijk - Zest Software)
Welcome
• About you

• Integrator

• Developer

• How do I connect Plone
to an LDAP user
directory?

• What’s new in
pas.plugins.ldap?
• About me

• Fred van Dijk

• Zest Software

• Rotterdam - NL

• Using Plone since 2002

• From user to integrator,
dev, consultant, trainer
Agenda
• Quick: what’s LDAP?

• LDAP and organisations

• Users/Groups in Plone

• LDAP integration in Plone

• pas.plugins.ldap

• Install & setup 

• sharing users/groups

• Advanced setup

• Wrap up

• Questions
Why LDAP
• Centralised database of users and groups inside
organisations

• old school: copy the users and groups file to different pc’s

• On UNIX this goes back a long way in the 80’s 90’s

NIS, network information service, X.500

• PC’s: Windows: Lan manager, Novell Netware 2/3
From flat to hierarchical
user databases
• Organisational units, departments, mirror org. structure

• Some Implementations

• UNIX: SLAPD - Netscape Directory server 

• Windows: NDS: Novell Directory Services

• Windows: Microsoft Active Directory

• LDAP: Lightweight Directory Access Protocol

• Protocol becomes server, becomes protocol
Users in Plone
• Plone has its own user database

• Works fine, but with larger organisations and/or many
services you don’t want to maintain many user/group lists for
every service. 

• Connect to central directory service maintaining user, groups

• Authentication vs Authorisation

• who you are - which groups you belong to. ID - LDAP

• What is the ID allowed to do: in the the separate services

Recommended

Drupal commerce performance profiling and tunning using loadstorm experiments...
Drupal commerce performance profiling and tunning using loadstorm experiments...Drupal commerce performance profiling and tunning using loadstorm experiments...
Drupal commerce performance profiling and tunning using loadstorm experiments...Andy Kucharski
 
How to use the new Domino Query Language
How to use the new Domino Query LanguageHow to use the new Domino Query Language
How to use the new Domino Query LanguageTim Davis
 
SharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 PerformanceSharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 PerformanceBrian Culver
 
Scaling High Traffic Web Applications
Scaling High Traffic Web ApplicationsScaling High Traffic Web Applications
Scaling High Traffic Web ApplicationsAchievers Tech
 
One drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp CaceresOne drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp Cacereshernanibf
 

More Related Content

What's hot

NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQLNoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQLAndrew Morgan
 
How_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_FarmHow_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_FarmNigel Price
 
SharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceSharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceBrian Culver
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i  Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Zend by Rogue Wave Software
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsAchievers Tech
 
Infrastructure as Code with Chef
Infrastructure as Code with ChefInfrastructure as Code with Chef
Infrastructure as Code with ChefSarah Hynes Cheney
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackCesar Capillas
 
Making Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRICMaking Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRICMichael Greene
 
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...Heiko Voigt
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesGabriella Davis
 
New life inside monolithic application
New life inside monolithic applicationNew life inside monolithic application
New life inside monolithic applicationTaras Matyashovsky
 
Learn from my Mistakes - Building Better Solutions in SPFx
Learn from my  Mistakes - Building Better Solutions in SPFxLearn from my  Mistakes - Building Better Solutions in SPFx
Learn from my Mistakes - Building Better Solutions in SPFxThomas Daly
 
High Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningHigh Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningAlbert Chen
 
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014Kathy Brown
 
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming -  ITProDevConnections 2012 (Greek)Parallel and Asynchronous Programming -  ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)Panagiotis Kanavos
 
Picnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationPicnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationNick Josevski
 

What's hot (20)

Awr doag
Awr doagAwr doag
Awr doag
 
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQLNoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
 
How_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_FarmHow_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_Farm
 
SharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceSharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 Performance
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i  Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty Details
 
Infrastructure as Code with Chef
Infrastructure as Code with ChefInfrastructure as Code with Chef
Infrastructure as Code with Chef
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
 
Making Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRICMaking Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRIC
 
Sharepoint Deployments
Sharepoint DeploymentsSharepoint Deployments
Sharepoint Deployments
 
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
 
Oozie meetup - HA
Oozie meetup - HAOozie meetup - HA
Oozie meetup - HA
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
 
New life inside monolithic application
New life inside monolithic applicationNew life inside monolithic application
New life inside monolithic application
 
Oozie at Yahoo
Oozie at YahooOozie at Yahoo
Oozie at Yahoo
 
Learn from my Mistakes - Building Better Solutions in SPFx
Learn from my  Mistakes - Building Better Solutions in SPFxLearn from my  Mistakes - Building Better Solutions in SPFx
Learn from my Mistakes - Building Better Solutions in SPFx
 
High Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningHigh Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance Tuning
 
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
 
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming -  ITProDevConnections 2012 (Greek)Parallel and Asynchronous Programming -  ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
 
Picnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationPicnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable application
 

Similar to Plone pas.plugins.ldap user/group search

Alfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019   Performance Tools of the TradeAlfresco DevCon 2019   Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the TradeLuis Colorado
 
Angular 2 overview
Angular 2 overviewAngular 2 overview
Angular 2 overviewJesse Warden
 
Power shell saturday ravikanth
Power shell saturday  ravikanthPower shell saturday  ravikanth
Power shell saturday ravikanthRavikanth Chaganti
 
SOA with PHP and Symfony
SOA with PHP and SymfonySOA with PHP and Symfony
SOA with PHP and SymfonyMichalSchroeder
 
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev  "Building, deploying and running production code at Dropbox"Leonid Vasilyev  "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"IT Event
 
Staged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business SuiteStaged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business Suitevasuballa
 
Puppet getting started by Dirk Götz
Puppet getting started by Dirk GötzPuppet getting started by Dirk Götz
Puppet getting started by Dirk GötzNETWAYS
 
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
TXLF: Chef- Software Defined Infrastructure Today & TomorrowTXLF: Chef- Software Defined Infrastructure Today & Tomorrow
TXLF: Chef- Software Defined Infrastructure Today & TomorrowMatt Ray
 
Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Bachkoutou Toutou
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsLetsConnect
 
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Software, Inc.
 
Zarafa SummerCamp 2012 - Steve Hardy Friday Keynote
Zarafa SummerCamp 2012 - Steve Hardy Friday KeynoteZarafa SummerCamp 2012 - Steve Hardy Friday Keynote
Zarafa SummerCamp 2012 - Steve Hardy Friday KeynoteZarafa
 
Automated Configuration & Deployment of Atlassian Applications
Automated Configuration & Deployment of Atlassian ApplicationsAutomated Configuration & Deployment of Atlassian Applications
Automated Configuration & Deployment of Atlassian Applicationscolleenfry
 
Caching strategies with lucee
Caching strategies with luceeCaching strategies with lucee
Caching strategies with luceeGert Franz
 
How to setup a development environment for ONAP
How to setup a development environment for ONAPHow to setup a development environment for ONAP
How to setup a development environment for ONAPVictor Morales
 
Chef for OpenStack - OpenStack Fall 2012 Summit
Chef for OpenStack  - OpenStack Fall 2012 SummitChef for OpenStack  - OpenStack Fall 2012 Summit
Chef for OpenStack - OpenStack Fall 2012 SummitMatt Ray
 
Change Management in Hybrid landscapes 2017
Change Management in Hybrid landscapes 2017Change Management in Hybrid landscapes 2017
Change Management in Hybrid landscapes 2017Chris Kernaghan
 
DrupalCampLA 2014 - Drupal backend performance and scalability
DrupalCampLA 2014 - Drupal backend performance and scalabilityDrupalCampLA 2014 - Drupal backend performance and scalability
DrupalCampLA 2014 - Drupal backend performance and scalabilitycherryhillco
 

Similar to Plone pas.plugins.ldap user/group search (20)

Alfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019   Performance Tools of the TradeAlfresco DevCon 2019   Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the Trade
 
Angular 2 overview
Angular 2 overviewAngular 2 overview
Angular 2 overview
 
Power shell saturday ravikanth
Power shell saturday  ravikanthPower shell saturday  ravikanth
Power shell saturday ravikanth
 
SOA with PHP and Symfony
SOA with PHP and SymfonySOA with PHP and Symfony
SOA with PHP and Symfony
 
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev  "Building, deploying and running production code at Dropbox"Leonid Vasilyev  "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
 
DevOps tools for winning agility
DevOps tools for winning agilityDevOps tools for winning agility
DevOps tools for winning agility
 
Staged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business SuiteStaged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business Suite
 
Puppet getting started by Dirk Götz
Puppet getting started by Dirk GötzPuppet getting started by Dirk Götz
Puppet getting started by Dirk Götz
 
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
TXLF: Chef- Software Defined Infrastructure Today & TomorrowTXLF: Chef- Software Defined Infrastructure Today & Tomorrow
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
 
Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
 
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
 
Zarafa SummerCamp 2012 - Steve Hardy Friday Keynote
Zarafa SummerCamp 2012 - Steve Hardy Friday KeynoteZarafa SummerCamp 2012 - Steve Hardy Friday Keynote
Zarafa SummerCamp 2012 - Steve Hardy Friday Keynote
 
Automated Configuration & Deployment of Atlassian Applications
Automated Configuration & Deployment of Atlassian ApplicationsAutomated Configuration & Deployment of Atlassian Applications
Automated Configuration & Deployment of Atlassian Applications
 
Caching strategies with lucee
Caching strategies with luceeCaching strategies with lucee
Caching strategies with lucee
 
How to setup a development environment for ONAP
How to setup a development environment for ONAPHow to setup a development environment for ONAP
How to setup a development environment for ONAP
 
Chef for OpenStack - OpenStack Fall 2012 Summit
Chef for OpenStack  - OpenStack Fall 2012 SummitChef for OpenStack  - OpenStack Fall 2012 Summit
Chef for OpenStack - OpenStack Fall 2012 Summit
 
Chef for OpenStack- Fall 2012.pdf
Chef for OpenStack- Fall 2012.pdfChef for OpenStack- Fall 2012.pdf
Chef for OpenStack- Fall 2012.pdf
 
Change Management in Hybrid landscapes 2017
Change Management in Hybrid landscapes 2017Change Management in Hybrid landscapes 2017
Change Management in Hybrid landscapes 2017
 
DrupalCampLA 2014 - Drupal backend performance and scalability
DrupalCampLA 2014 - Drupal backend performance and scalabilityDrupalCampLA 2014 - Drupal backend performance and scalability
DrupalCampLA 2014 - Drupal backend performance and scalability
 

Recently uploaded

ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024  - Need for Speed: Removing speed bumps in API ProjectsConFoo 2024  - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024 - Need for Speed: Removing speed bumps in API ProjectsŁukasz Chruściel
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPTPraveenKumarThota7
 
Reactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxReactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxJoão Esperancinha
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Prometix Pty Ltd
 
WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024Damian Radcliffe
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionŁukasz Chruściel
 

Recently uploaded (8)

ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024  - Need for Speed: Removing speed bumps in API ProjectsConFoo 2024  - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPT
 
Reactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptxReactive programming with Spring Webflux.pptx
Reactive programming with Spring Webflux.pptx
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
 
WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024WAN-IFRA: World Press Trends Outlook 2023-2024
WAN-IFRA: World Press Trends Outlook 2023-2024
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
 

Plone pas.plugins.ldap user/group search

  • 1. LDAP integration with user/group search (in pas.plugins.ldap) Fred van Dijk - Zest Software)
  • 2. Welcome • About you • Integrator • Developer • How do I connect Plone to an LDAP user directory? • What’s new in pas.plugins.ldap? • About me • Fred van Dijk • Zest Software • Rotterdam - NL • Using Plone since 2002 • From user to integrator, dev, consultant, trainer
  • 3. Agenda • Quick: what’s LDAP? • LDAP and organisations • Users/Groups in Plone • LDAP integration in Plone • pas.plugins.ldap • Install & setup • sharing users/groups • Advanced setup • Wrap up • Questions
  • 4. Why LDAP • Centralised database of users and groups inside organisations • old school: copy the users and groups file to different pc’s • On UNIX this goes back a long way in the 80’s 90’s
 NIS, network information service, X.500 • PC’s: Windows: Lan manager, Novell Netware 2/3
  • 5. From flat to hierarchical user databases • Organisational units, departments, mirror org. structure • Some Implementations • UNIX: SLAPD - Netscape Directory server • Windows: NDS: Novell Directory Services • Windows: Microsoft Active Directory • LDAP: Lightweight Directory Access Protocol • Protocol becomes server, becomes protocol
  • 6. Users in Plone • Plone has its own user database • Works fine, but with larger organisations and/or many services you don’t want to maintain many user/group lists for every service. • Connect to central directory service maintaining user, groups • Authentication vs Authorisation • who you are - which groups you belong to. ID - LDAP • What is the ID allowed to do: in the the separate services
  • 7. What’s the problem for us? • Us being Plone users and integrators trying to set up LDAP • Multiple moving parts, LDAP is protocol, data depends on the directory service (LDAP implementations, AD)
 Zope, PAS, Plone Config • You only set this up once for a project, until it works, then you don’t look back … • Everything is always (a bit) different
  • 8. Authentication in Zope • Plone is built on top of Zope. - Zope is ‘mature’ • acl_users folder - Zope Simple user folder (1996?)
 • Products.LDAPUserFolder, replacement for acl_users (1.0beta2 from 2001)
 • Pluggable Authentication Service - Products.PlonePAS (version 2.3 from 2007) • PAS -> Products.LDAPMultiplugins -> (LDAPUserFolder)
  • 9. On top of Zope in Plone • Webmaster facing configuration and support in Plone & controlpanel: • Products.PloneLDAP • plone.app.ldap • wrapping the stuff on the
 previous page • That’s a a lot of history and stack…
  • 10. pas.plugins.ldap • “New” implementation without depending on the existing plugins • developed by BlueDynamics Alliance • based on node and node.ext.ldap, virtual node tree • Version 1.1.0 - 2014 • upgraded from bda.ldap - 2007 - so not that new • Can/should cache results in memcached - speed vs freshness • Not totally feature equivalent with plone.app.ldap • underlying node.ext.ldap can also work with Pyramid
  • 11. And so it goes (with add’ons for Plone) • People start using and improving • Open source, on branches, sometimes specifics for their organisation. • 2016 - fundraising to implement pagination in pas.plugins.ldap • Fixes and improvements by Asko Soukka from & for University of Jyväskylä • Speed optimisations for huge (university) directories • User search • Not yet merged to master, needs more testing
  • 12. Our ‘quest’ with pas.plugins.ldap • Have setups at different customers with plone.app.ldap stack. Very stable, fire and forget, but old. • pagination and unicode issues • Let’s test this pas.plugins.ldap stuff (on Plone 4) • Did fixes in main branch and dependent packages, fork Asko’s branch for search fixes • Not yet merged to master either. Is this generic and stable enough?
  • 13. There’s some work to be done • Our versions available at • https://github.com/zestsoftware/pas.plugins.ldap & node.ext.ldap • http://pypi.zestsoftware.nl/public/ • Sprint this saturday / sunday? • More documentation • check changes and prepare merge back
  • 14. Demonstration • To test and demo this stuff: get your own ldap-server • Local setup of openldap on my Mac (quick show) > slapd -d1 -f slapd.conf -h "ldap://127.0.0.1:8389/" • Import users/groups with ldapadd and an ldif file • querying locally on the command line: > ldapsearch -D "cn=root,dc=ldapdemo,dc=com" -w secret -p 8389 -h localhost -b "dc=ldapdemo,dc=com" -s sub “(objectclass=inetOrgPerson)"
  • 15. Browsing your LDAP • Apache Directory Studio • cross platform • Big Java Tool, has LDAP browser but also built in LDAP server, maybe useful on Windows? • http://directory.apache.org/studio • Demo
  • 16. Configuring Plone • Demo in plone 5.0.8 • Buildout • pas.plugins.ldap in eggs sections of plone.rezipe.zope2instance • Some version pinnings - You always pin your versions, right? • Show config in editor # pas.plugins.ldap pas.plugins.ldap = 1.5.2+zest1 node.ext.ldap = 1.0b4+zest1 bda.cache = 1.2.0 pylibmc = 1.5.1 node = 0.9.16 plumber = 1.3.1 yafowil = 2.2 yafowil.plone = 2.3.1 PyYAML = 3.11 loremipsum = 1.0.5 node.ext.ugm = 0.9.8 odict = 1.5.2 python-memcached = 1.57 smbpasswd = 1.0.2 yafowil.widget.array = 1.4 yafowil.widget.dict = 1.6 yafowil.yaml = 1.2 python-ldap = 2.4.45
  • 17. configuring the Plug-in • Activate Add’on • Configuration panel. A lot of options • Server Settings • User Settings • Group Settings
  • 18. Server settings • Use SSL in production • The manager user can/should be read only for safety in production setups • ignore certificate check option for nasty in company introspecting firewalls • Page size: fundraising option to not overquery a large ldap
  • 19. User settings • Where are your users coming from? • Path in the directory • Can and sometimes should be recursive depending on the structure • Limit your search, Limit objects returned for consideration • Same query language as ldapsearch on the command line • keep objectClass on iNetOrgPerson for now, not finished option yet
  • 20. User settings • User attribute Aliases: which required Plone user attributes map to the attributes found on your objects in LDAP? • for my local LDAP it’s uid, but Active Directory often uses sAMAccountName • User Property Sheet: extra attributes coming into the Plone user object, full name, email, etc.
  • 21. Group support • Same drill as with users, inspect your directory first • Different options support for different LDAP backends: memberOf support on User objects default activated in Active Directory
  • 22. mapping ldap fields to user fields • There’s no one size fits all • Trial and error is very much that: a lot of trial, please don’t • Inspect your directory through an ldap browser
  • 23. actual objects in my local slapd demo server
  • 24. Demo of adding users on the sharing menu • Add users to sharing tab • Add groups to sharing tab • search parts of name with * syntax at the moment. • Also searches in other attributes like location or email • Should also work in global sharing tab, but bug in Plone 5.0.8,will investigate • hierarchical searching - One Level - Subtree
  • 25. Example of LDAP object in Active Directory
  • 26. Better performance • ALWAYS use memcached with pas.plugins.ldap in production, use system supplied memcached or install with buildout [memcached] recipe = zc.recipe.cmmi url = http://www.memcached.org/files/memcached-1.5.2.tar.gz [supervisor] recipe = collective.recipe.supervisor ….. programs = 80 memcached (stderr_logfile=NONE stdout_logfile=${buildout:directory}/var/log/ memcached-stdout.log) ${memcached:location}/bin/memcached [ -m ${conf:memcached-size} - l localhost -p ${conf:memcached} -U ${conf:memcached} ] true
  • 27. Automatic configuration • Generic Setup: • ldap_settings.xml • Configure and export with portal_setup • Don’t forget registry.xml with the memcached settings • Demo of ldapdemo.policy product • show config in editor • demo
  • 28. Final thoughts • This is not plug and play easy stuff • Know your directory, don’t trial and error attributes, use Apache Directory Studio to find them • Production: • SSL communication with LDAP • Read only admin user • Add’on still needs more polishment • Plone 5 / Plone 4
  • 29. Thank You • Questions ? • Sprint on pas.plugins.ldap improvements?