SlideShare a Scribd company logo

Plone pas.plugins.ldap user/group search

F
fredvd

Presentation given at PloneConf 2017, how to set up pas.plugins.ldap with in Plone with your ldap directory service

Internet
1 of 29
Download to read offline
LDAP integration with user/group search (in pas.plugins.ldap) Fred van Dijk - Zest Software)
Welcome • About you • Integrator • Developer • How do I connect Plone to an LDAP user directory? • What’s new in pas.plugins.ldap? • About me • Fred van Dijk • Zest Software • Rotterdam - NL • Using Plone since 2002 • From user to integrator, dev, consultant, trainer
Agenda • Quick: what’s LDAP? • LDAP and organisations • Users/Groups in Plone • LDAP integration in Plone • pas.plugins.ldap • Install & setup • sharing users/groups • Advanced setup • Wrap up • Questions
Why LDAP • Centralised database of users and groups inside organisations • old school: copy the users and groups file to different pc’s • On UNIX this goes back a long way in the 80’s 90’s
 NIS, network information service, X.500 • PC’s: Windows: Lan manager, Novell Netware 2/3
From flat to hierarchical user databases • Organisational units, departments, mirror org. structure • Some Implementations • UNIX: SLAPD - Netscape Directory server • Windows: NDS: Novell Directory Services • Windows: Microsoft Active Directory • LDAP: Lightweight Directory Access Protocol • Protocol becomes server, becomes protocol
Users in Plone • Plone has its own user database • Works fine, but with larger organisations and/or many services you don’t want to maintain many user/group lists for every service. • Connect to central directory service maintaining user, groups • Authentication vs Authorisation • who you are - which groups you belong to. ID - LDAP • What is the ID allowed to do: in the the separate services
What’s the problem for us? • Us being Plone users and integrators trying to set up LDAP • Multiple moving parts, LDAP is protocol, data depends on the directory service (LDAP implementations, AD)
 Zope, PAS, Plone Config • You only set this up once for a project, until it works, then you don’t look back … • Everything is always (a bit) different
Authentication in Zope • Plone is built on top of Zope. - Zope is ‘mature’ • acl_users folder - Zope Simple user folder (1996?)
 • Products.LDAPUserFolder, replacement for acl_users (1.0beta2 from 2001)
 • Pluggable Authentication Service - Products.PlonePAS (version 2.3 from 2007) • PAS -> Products.LDAPMultiplugins -> (LDAPUserFolder)
On top of Zope in Plone • Webmaster facing configuration and support in Plone & controlpanel: • Products.PloneLDAP • plone.app.ldap • wrapping the stuff on the
 previous page • That’s a a lot of history and stack…
pas.plugins.ldap • “New” implementation without depending on the existing plugins • developed by BlueDynamics Alliance • based on node and node.ext.ldap, virtual node tree • Version 1.1.0 - 2014 • upgraded from bda.ldap - 2007 - so not that new • Can/should cache results in memcached - speed vs freshness • Not totally feature equivalent with plone.app.ldap • underlying node.ext.ldap can also work with Pyramid
And so it goes (with add’ons for Plone) • People start using and improving • Open source, on branches, sometimes specifics for their organisation. • 2016 - fundraising to implement pagination in pas.plugins.ldap • Fixes and improvements by Asko Soukka from & for University of Jyväskylä • Speed optimisations for huge (university) directories • User search • Not yet merged to master, needs more testing
Our ‘quest’ with pas.plugins.ldap • Have setups at different customers with plone.app.ldap stack. Very stable, fire and forget, but old. • pagination and unicode issues • Let’s test this pas.plugins.ldap stuff (on Plone 4) • Did fixes in main branch and dependent packages, fork Asko’s branch for search fixes • Not yet merged to master either. Is this generic and stable enough?
There’s some work to be done • Our versions available at • https://github.com/zestsoftware/pas.plugins.ldap & node.ext.ldap • http://pypi.zestsoftware.nl/public/ • Sprint this saturday / sunday? • More documentation • check changes and prepare merge back
Demonstration • To test and demo this stuff: get your own ldap-server • Local setup of openldap on my Mac (quick show) > slapd -d1 -f slapd.conf -h "ldap://127.0.0.1:8389/" • Import users/groups with ldapadd and an ldif file • querying locally on the command line: > ldapsearch -D "cn=root,dc=ldapdemo,dc=com" -w secret -p 8389 -h localhost -b "dc=ldapdemo,dc=com" -s sub “(objectclass=inetOrgPerson)"
Browsing your LDAP • Apache Directory Studio • cross platform • Big Java Tool, has LDAP browser but also built in LDAP server, maybe useful on Windows? • http://directory.apache.org/studio • Demo
Configuring Plone • Demo in plone 5.0.8 • Buildout • pas.plugins.ldap in eggs sections of plone.rezipe.zope2instance • Some version pinnings - You always pin your versions, right? • Show config in editor # pas.plugins.ldap pas.plugins.ldap = 1.5.2+zest1 node.ext.ldap = 1.0b4+zest1 bda.cache = 1.2.0 pylibmc = 1.5.1 node = 0.9.16 plumber = 1.3.1 yafowil = 2.2 yafowil.plone = 2.3.1 PyYAML = 3.11 loremipsum = 1.0.5 node.ext.ugm = 0.9.8 odict = 1.5.2 python-memcached = 1.57 smbpasswd = 1.0.2 yafowil.widget.array = 1.4 yafowil.widget.dict = 1.6 yafowil.yaml = 1.2 python-ldap = 2.4.45
configuring the Plug-in • Activate Add’on • Configuration panel. A lot of options • Server Settings • User Settings • Group Settings
Server settings • Use SSL in production • The manager user can/should be read only for safety in production setups • ignore certificate check option for nasty in company introspecting firewalls • Page size: fundraising option to not overquery a large ldap
User settings • Where are your users coming from? • Path in the directory • Can and sometimes should be recursive depending on the structure • Limit your search, Limit objects returned for consideration • Same query language as ldapsearch on the command line • keep objectClass on iNetOrgPerson for now, not finished option yet
User settings • User attribute Aliases: which required Plone user attributes map to the attributes found on your objects in LDAP? • for my local LDAP it’s uid, but Active Directory often uses sAMAccountName • User Property Sheet: extra attributes coming into the Plone user object, full name, email, etc.
Group support • Same drill as with users, inspect your directory first • Different options support for different LDAP backends: memberOf support on User objects default activated in Active Directory
mapping ldap fields to user fields • There’s no one size fits all • Trial and error is very much that: a lot of trial, please don’t • Inspect your directory through an ldap browser
actual objects in my local slapd demo server
Demo of adding users on the sharing menu • Add users to sharing tab • Add groups to sharing tab • search parts of name with * syntax at the moment. • Also searches in other attributes like location or email • Should also work in global sharing tab, but bug in Plone 5.0.8,will investigate • hierarchical searching - One Level - Subtree
Example of LDAP object in Active Directory
Better performance • ALWAYS use memcached with pas.plugins.ldap in production, use system supplied memcached or install with buildout [memcached] recipe = zc.recipe.cmmi url = http://www.memcached.org/files/memcached-1.5.2.tar.gz [supervisor] recipe = collective.recipe.supervisor ….. programs = 80 memcached (stderr_logfile=NONE stdout_logfile=${buildout:directory}/var/log/ memcached-stdout.log) ${memcached:location}/bin/memcached [ -m ${conf:memcached-size} - l localhost -p ${conf:memcached} -U ${conf:memcached} ] true
Automatic configuration • Generic Setup: • ldap_settings.xml • Configure and export with portal_setup • Don’t forget registry.xml with the memcached settings • Demo of ldapdemo.policy product • show config in editor • demo
Final thoughts • This is not plug and play easy stuff • Know your directory, don’t trial and error attributes, use Apache Directory Studio to find them • Production: • SSL communication with LDAP • Read only admin user • Add’on still needs more polishment • Plone 5 / Plone 4
Thank You • Questions ? • Sprint on pas.plugins.ldap improvements?

Recommended

Avoid boring work_v2
Avoid boring work_v2Avoid boring work_v2
Avoid boring work_v2
Marcin Przepiórowski
 
Drupal commerce performance profiling and tunning using loadstorm experiments...
Drupal commerce performance profiling and tunning using loadstorm experiments...Drupal commerce performance profiling and tunning using loadstorm experiments...
Drupal commerce performance profiling and tunning using loadstorm experiments...
Andy Kucharski
 
How to use the new Domino Query Language
How to use the new Domino Query LanguageHow to use the new Domino Query Language
How to use the new Domino Query Language
Tim Davis
 
SharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 PerformanceSharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 Performance
Brian Culver
 
Scaling High Traffic Web Applications
Scaling High Traffic Web ApplicationsScaling High Traffic Web Applications
Scaling High Traffic Web Applications
Achievers Tech
 
One drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp CaceresOne drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp Cacereshernanibf
 
XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...
XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...
XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...
BCC - Solutions for IBM Collaboration Software
 
Life in the Fast Lane: Full Speed XPages!, #dd13
Life in the Fast Lane: Full Speed XPages!, #dd13Life in the Fast Lane: Full Speed XPages!, #dd13
Life in the Fast Lane: Full Speed XPages!, #dd13
Dominopoint - Italian Lotus User Group
 

Recommended

Avoid boring work_v2
Avoid boring work_v2Avoid boring work_v2
Avoid boring work_v2
Marcin Przepiórowski
 
Drupal commerce performance profiling and tunning using loadstorm experiments...
Drupal commerce performance profiling and tunning using loadstorm experiments...Drupal commerce performance profiling and tunning using loadstorm experiments...
Drupal commerce performance profiling and tunning using loadstorm experiments...
Andy Kucharski
 
How to use the new Domino Query Language
How to use the new Domino Query LanguageHow to use the new Domino Query Language
How to use the new Domino Query Language
Tim Davis
 
SharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 PerformanceSharePoint Saturday The Conference 2011 - SP2010 Performance
SharePoint Saturday The Conference 2011 - SP2010 Performance
Brian Culver
 
Scaling High Traffic Web Applications
Scaling High Traffic Web ApplicationsScaling High Traffic Web Applications
Scaling High Traffic Web Applications
Achievers Tech
 
One drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp CaceresOne drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp Cacereshernanibf
 
XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...
XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...
XPages Performance Master Class - Survive in the fast lane on the Autobahn (E...
BCC - Solutions for IBM Collaboration Software
 
Life in the Fast Lane: Full Speed XPages!, #dd13
Life in the Fast Lane: Full Speed XPages!, #dd13Life in the Fast Lane: Full Speed XPages!, #dd13
Life in the Fast Lane: Full Speed XPages!, #dd13
Dominopoint - Italian Lotus User Group
 
Awr doag
Awr doagAwr doag
Awr doag
Marcin Przepiórowski
 
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQLNoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
Andrew Morgan
 
How_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_FarmHow_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_FarmNigel Price
 
SharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceSharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 Performance
Brian Culver
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i
Zend by Rogue Wave Software
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty Details
Achievers Tech
 
Infrastructure as Code with Chef
Infrastructure as Code with ChefInfrastructure as Code with Chef
Infrastructure as Code with Chef
Sarah Hynes Cheney
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
Cesar Capillas
 
Making Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRICMaking Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRIC
Michael Greene
 
Sharepoint Deployments
Sharepoint DeploymentsSharepoint Deployments
Sharepoint DeploymentsInformation Technology
 
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
Heiko Voigt
 
Oozie meetup - HA
Oozie meetup - HAOozie meetup - HA
Oozie meetup - HA
Mona Chitnis
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
Gabriella Davis
 
New life inside monolithic application
New life inside monolithic applicationNew life inside monolithic application
New life inside monolithic application
Taras Matyashovsky
 
Oozie at Yahoo
Oozie at YahooOozie at Yahoo
Oozie at Yahoo
Mona Chitnis
 
Learn from my Mistakes - Building Better Solutions in SPFx
Learn from my Mistakes - Building Better Solutions in SPFxLearn from my Mistakes - Building Better Solutions in SPFx
Learn from my Mistakes - Building Better Solutions in SPFx
Thomas Daly
 
High Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningHigh Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance Tuning
Albert Chen
 
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
Kathy Brown
 
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Panagiotis Kanavos
 
Picnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationPicnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable application
Nick Josevski
 
Alfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the TradeAlfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the Trade
Luis Colorado
 
Angular 2 overview
Angular 2 overviewAngular 2 overview
Angular 2 overview
Jesse Warden
 

More Related Content

What's hot

Awr doag
Awr doagAwr doag
Awr doag
Marcin Przepiórowski
 
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQLNoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
Andrew Morgan
 
How_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_FarmHow_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_FarmNigel Price
 
SharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceSharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 Performance
Brian Culver
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i
Zend by Rogue Wave Software
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty Details
Achievers Tech
 
Infrastructure as Code with Chef
Infrastructure as Code with ChefInfrastructure as Code with Chef
Infrastructure as Code with Chef
Sarah Hynes Cheney
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
Cesar Capillas
 
Making Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRICMaking Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRIC
Michael Greene
 
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
Heiko Voigt
 
Oozie meetup - HA
Oozie meetup - HAOozie meetup - HA
Oozie meetup - HA
Mona Chitnis
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
Gabriella Davis
 
New life inside monolithic application
New life inside monolithic applicationNew life inside monolithic application
New life inside monolithic application
Taras Matyashovsky
 
Oozie at Yahoo
Oozie at YahooOozie at Yahoo
Oozie at Yahoo
Mona Chitnis
 
Learn from my Mistakes - Building Better Solutions in SPFx
Learn from my Mistakes - Building Better Solutions in SPFxLearn from my Mistakes - Building Better Solutions in SPFx
Learn from my Mistakes - Building Better Solutions in SPFx
Thomas Daly
 
High Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningHigh Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance Tuning
Albert Chen
 
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
Kathy Brown
 
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Panagiotis Kanavos
 
Picnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationPicnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable application
Nick Josevski
 

What's hot (20)

Awr doag
Awr doagAwr doag
Awr doag
 
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQLNoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
NoSQL and SQL - Why Choose? Enjoy the best of both worlds with MySQL
 
How_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_FarmHow_To_Soup_Up_Your_Farm
How_To_Soup_Up_Your_Farm
 
SharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 PerformanceSharePoint Saturday San Antonio: SharePoint 2010 Performance
SharePoint Saturday San Antonio: SharePoint 2010 Performance
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i
 
Profiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty DetailsProfiling and Tuning a Web Application - The Dirty Details
Profiling and Tuning a Web Application - The Dirty Details
 
Infrastructure as Code with Chef
Infrastructure as Code with ChefInfrastructure as Code with Chef
Infrastructure as Code with Chef
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
 
Making Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRICMaking Life Easier with PowerShell - SPSRIC
Making Life Easier with PowerShell - SPSRIC
 
Sharepoint Deployments
Sharepoint DeploymentsSharepoint Deployments
Sharepoint Deployments
 
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
What is cool with Domino V10, Proton and Node.JS, and why would I use it in ...
 
Oozie meetup - HA
Oozie meetup - HAOozie meetup - HA
Oozie meetup - HA
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
 
New life inside monolithic application
New life inside monolithic applicationNew life inside monolithic application
New life inside monolithic application
 
Oozie at Yahoo
Oozie at YahooOozie at Yahoo
Oozie at Yahoo
 
Learn from my Mistakes - Building Better Solutions in SPFx
Learn from my Mistakes - Building Better Solutions in SPFxLearn from my Mistakes - Building Better Solutions in SPFx
Learn from my Mistakes - Building Better Solutions in SPFx
 
High Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance TuningHigh Concurrency Architecture and Laravel Performance Tuning
High Concurrency Architecture and Laravel Performance Tuning
 
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014
 
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (Greek)
 
Picnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable applicationPicnic Software - Developing a flexible and scalable application
Picnic Software - Developing a flexible and scalable application
 

Similar to Plone pas.plugins.ldap user/group search

Alfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the TradeAlfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the Trade
Luis Colorado
 
Angular 2 overview
Angular 2 overviewAngular 2 overview
Angular 2 overview
Jesse Warden
 
Power shell saturday ravikanth
Power shell saturday ravikanthPower shell saturday ravikanth
Power shell saturday ravikanthRavikanth Chaganti
 
SOA with PHP and Symfony
SOA with PHP and SymfonySOA with PHP and Symfony
SOA with PHP and Symfony
MichalSchroeder
 
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
IT Event
 
DevOps tools for winning agility
DevOps tools for winning agilityDevOps tools for winning agility
DevOps tools for winning agility
Kellyn Pot'Vin-Gorman
 
Staged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business SuiteStaged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business Suite
vasuballa
 
Puppet getting started by Dirk Götz
Puppet getting started by Dirk GötzPuppet getting started by Dirk Götz
Puppet getting started by Dirk Götz
NETWAYS
 
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
TXLF: Chef- Software Defined Infrastructure Today & TomorrowTXLF: Chef- Software Defined Infrastructure Today & Tomorrow
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
Matt Ray
 
Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Bachkoutou Toutou
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
LetsConnect
 
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Software, Inc.
 
Zarafa SummerCamp 2012 - Steve Hardy Friday Keynote
Zarafa SummerCamp 2012 - Steve Hardy Friday KeynoteZarafa SummerCamp 2012 - Steve Hardy Friday Keynote
Zarafa SummerCamp 2012 - Steve Hardy Friday KeynoteZarafa
 
Automated Configuration & Deployment of Atlassian Applications
Automated Configuration & Deployment of Atlassian ApplicationsAutomated Configuration & Deployment of Atlassian Applications
Automated Configuration & Deployment of Atlassian Applicationscolleenfry
 
Caching strategies with lucee
Caching strategies with luceeCaching strategies with lucee
Caching strategies with lucee
Gert Franz
 
How to setup a development environment for ONAP
How to setup a development environment for ONAPHow to setup a development environment for ONAP
How to setup a development environment for ONAP
Victor Morales
 
Chef for OpenStack - OpenStack Fall 2012 Summit
Chef for OpenStack - OpenStack Fall 2012 SummitChef for OpenStack - OpenStack Fall 2012 Summit
Chef for OpenStack - OpenStack Fall 2012 Summit
Matt Ray
 
Chef for OpenStack- Fall 2012.pdf
Chef for OpenStack- Fall 2012.pdfChef for OpenStack- Fall 2012.pdf
Chef for OpenStack- Fall 2012.pdf
OpenStack Foundation
 
Change Management in Hybrid landscapes 2017
Change Management in Hybrid landscapes 2017Change Management in Hybrid landscapes 2017
Change Management in Hybrid landscapes 2017
Chris Kernaghan
 
DrupalCampLA 2014 - Drupal backend performance and scalability
DrupalCampLA 2014 - Drupal backend performance and scalabilityDrupalCampLA 2014 - Drupal backend performance and scalability
DrupalCampLA 2014 - Drupal backend performance and scalability
cherryhillco
 

Similar to Plone pas.plugins.ldap user/group search (20)

Alfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the TradeAlfresco DevCon 2019 Performance Tools of the Trade
Alfresco DevCon 2019 Performance Tools of the Trade
 
Angular 2 overview
Angular 2 overviewAngular 2 overview
Angular 2 overview
 
Power shell saturday ravikanth
Power shell saturday ravikanthPower shell saturday ravikanth
Power shell saturday ravikanth
 
SOA with PHP and Symfony
SOA with PHP and SymfonySOA with PHP and Symfony
SOA with PHP and Symfony
 
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"Leonid Vasilyev "Building, deploying and running production code at Dropbox"
Leonid Vasilyev "Building, deploying and running production code at Dropbox"
 
DevOps tools for winning agility
DevOps tools for winning agilityDevOps tools for winning agility
DevOps tools for winning agility
 
Staged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business SuiteStaged Patching Approach in Oracle E-Business Suite
Staged Patching Approach in Oracle E-Business Suite
 
Puppet getting started by Dirk Götz
Puppet getting started by Dirk GötzPuppet getting started by Dirk Götz
Puppet getting started by Dirk Götz
 
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
TXLF: Chef- Software Defined Infrastructure Today & TomorrowTXLF: Chef- Software Defined Infrastructure Today & Tomorrow
TXLF: Chef- Software Defined Infrastructure Today & Tomorrow
 
Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011Zend Framework 2, What's new, Confoo 2011
Zend Framework 2, What's new, Confoo 2011
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
 
Chef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of ChefChef Fundamentals Training Series Module 1: Overview of Chef
Chef Fundamentals Training Series Module 1: Overview of Chef
 
Zarafa SummerCamp 2012 - Steve Hardy Friday Keynote
Zarafa SummerCamp 2012 - Steve Hardy Friday KeynoteZarafa SummerCamp 2012 - Steve Hardy Friday Keynote
Zarafa SummerCamp 2012 - Steve Hardy Friday Keynote
 
Automated Configuration & Deployment of Atlassian Applications
Automated Configuration & Deployment of Atlassian ApplicationsAutomated Configuration & Deployment of Atlassian Applications
Automated Configuration & Deployment of Atlassian Applications
 
Caching strategies with lucee
Caching strategies with luceeCaching strategies with lucee
Caching strategies with lucee
 
How to setup a development environment for ONAP
How to setup a development environment for ONAPHow to setup a development environment for ONAP
How to setup a development environment for ONAP
 
Chef for OpenStack - OpenStack Fall 2012 Summit
Chef for OpenStack - OpenStack Fall 2012 SummitChef for OpenStack - OpenStack Fall 2012 Summit
Chef for OpenStack - OpenStack Fall 2012 Summit
 
Chef for OpenStack- Fall 2012.pdf
Chef for OpenStack- Fall 2012.pdfChef for OpenStack- Fall 2012.pdf
Chef for OpenStack- Fall 2012.pdf
 
Change Management in Hybrid landscapes 2017
Change Management in Hybrid landscapes 2017Change Management in Hybrid landscapes 2017
Change Management in Hybrid landscapes 2017
 
DrupalCampLA 2014 - Drupal backend performance and scalability
DrupalCampLA 2014 - Drupal backend performance and scalabilityDrupalCampLA 2014 - Drupal backend performance and scalability
DrupalCampLA 2014 - Drupal backend performance and scalability
 

Recently uploaded

Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 

Recently uploaded (20)

Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 

Plone pas.plugins.ldap user/group search

  • 1. LDAP integration with user/group search (in pas.plugins.ldap) Fred van Dijk - Zest Software)
  • 2. Welcome • About you • Integrator • Developer • How do I connect Plone to an LDAP user directory? • What’s new in pas.plugins.ldap? • About me • Fred van Dijk • Zest Software • Rotterdam - NL • Using Plone since 2002 • From user to integrator, dev, consultant, trainer
  • 3. Agenda • Quick: what’s LDAP? • LDAP and organisations • Users/Groups in Plone • LDAP integration in Plone • pas.plugins.ldap • Install & setup • sharing users/groups • Advanced setup • Wrap up • Questions
  • 4. Why LDAP • Centralised database of users and groups inside organisations • old school: copy the users and groups file to different pc’s • On UNIX this goes back a long way in the 80’s 90’s
 NIS, network information service, X.500 • PC’s: Windows: Lan manager, Novell Netware 2/3
  • 5. From flat to hierarchical user databases • Organisational units, departments, mirror org. structure • Some Implementations • UNIX: SLAPD - Netscape Directory server • Windows: NDS: Novell Directory Services • Windows: Microsoft Active Directory • LDAP: Lightweight Directory Access Protocol • Protocol becomes server, becomes protocol
  • 6. Users in Plone • Plone has its own user database • Works fine, but with larger organisations and/or many services you don’t want to maintain many user/group lists for every service. • Connect to central directory service maintaining user, groups • Authentication vs Authorisation • who you are - which groups you belong to. ID - LDAP • What is the ID allowed to do: in the the separate services
  • 7. What’s the problem for us? • Us being Plone users and integrators trying to set up LDAP • Multiple moving parts, LDAP is protocol, data depends on the directory service (LDAP implementations, AD)
 Zope, PAS, Plone Config • You only set this up once for a project, until it works, then you don’t look back … • Everything is always (a bit) different
  • 8. Authentication in Zope • Plone is built on top of Zope. - Zope is ‘mature’ • acl_users folder - Zope Simple user folder (1996?)
 • Products.LDAPUserFolder, replacement for acl_users (1.0beta2 from 2001)
 • Pluggable Authentication Service - Products.PlonePAS (version 2.3 from 2007) • PAS -> Products.LDAPMultiplugins -> (LDAPUserFolder)
  • 9. On top of Zope in Plone • Webmaster facing configuration and support in Plone & controlpanel: • Products.PloneLDAP • plone.app.ldap • wrapping the stuff on the
 previous page • That’s a a lot of history and stack…
  • 10. pas.plugins.ldap • “New” implementation without depending on the existing plugins • developed by BlueDynamics Alliance • based on node and node.ext.ldap, virtual node tree • Version 1.1.0 - 2014 • upgraded from bda.ldap - 2007 - so not that new • Can/should cache results in memcached - speed vs freshness • Not totally feature equivalent with plone.app.ldap • underlying node.ext.ldap can also work with Pyramid
  • 11. And so it goes (with add’ons for Plone) • People start using and improving • Open source, on branches, sometimes specifics for their organisation. • 2016 - fundraising to implement pagination in pas.plugins.ldap • Fixes and improvements by Asko Soukka from & for University of Jyväskylä • Speed optimisations for huge (university) directories • User search • Not yet merged to master, needs more testing
  • 12. Our ‘quest’ with pas.plugins.ldap • Have setups at different customers with plone.app.ldap stack. Very stable, fire and forget, but old. • pagination and unicode issues • Let’s test this pas.plugins.ldap stuff (on Plone 4) • Did fixes in main branch and dependent packages, fork Asko’s branch for search fixes • Not yet merged to master either. Is this generic and stable enough?
  • 13. There’s some work to be done • Our versions available at • https://github.com/zestsoftware/pas.plugins.ldap & node.ext.ldap • http://pypi.zestsoftware.nl/public/ • Sprint this saturday / sunday? • More documentation • check changes and prepare merge back
  • 14. Demonstration • To test and demo this stuff: get your own ldap-server • Local setup of openldap on my Mac (quick show) > slapd -d1 -f slapd.conf -h "ldap://127.0.0.1:8389/" • Import users/groups with ldapadd and an ldif file • querying locally on the command line: > ldapsearch -D "cn=root,dc=ldapdemo,dc=com" -w secret -p 8389 -h localhost -b "dc=ldapdemo,dc=com" -s sub “(objectclass=inetOrgPerson)"
  • 15. Browsing your LDAP • Apache Directory Studio • cross platform • Big Java Tool, has LDAP browser but also built in LDAP server, maybe useful on Windows? • http://directory.apache.org/studio • Demo
  • 16. Configuring Plone • Demo in plone 5.0.8 • Buildout • pas.plugins.ldap in eggs sections of plone.rezipe.zope2instance • Some version pinnings - You always pin your versions, right? • Show config in editor # pas.plugins.ldap pas.plugins.ldap = 1.5.2+zest1 node.ext.ldap = 1.0b4+zest1 bda.cache = 1.2.0 pylibmc = 1.5.1 node = 0.9.16 plumber = 1.3.1 yafowil = 2.2 yafowil.plone = 2.3.1 PyYAML = 3.11 loremipsum = 1.0.5 node.ext.ugm = 0.9.8 odict = 1.5.2 python-memcached = 1.57 smbpasswd = 1.0.2 yafowil.widget.array = 1.4 yafowil.widget.dict = 1.6 yafowil.yaml = 1.2 python-ldap = 2.4.45
  • 17. configuring the Plug-in • Activate Add’on • Configuration panel. A lot of options • Server Settings • User Settings • Group Settings
  • 18. Server settings • Use SSL in production • The manager user can/should be read only for safety in production setups • ignore certificate check option for nasty in company introspecting firewalls • Page size: fundraising option to not overquery a large ldap
  • 19. User settings • Where are your users coming from? • Path in the directory • Can and sometimes should be recursive depending on the structure • Limit your search, Limit objects returned for consideration • Same query language as ldapsearch on the command line • keep objectClass on iNetOrgPerson for now, not finished option yet
  • 20. User settings • User attribute Aliases: which required Plone user attributes map to the attributes found on your objects in LDAP? • for my local LDAP it’s uid, but Active Directory often uses sAMAccountName • User Property Sheet: extra attributes coming into the Plone user object, full name, email, etc.
  • 21. Group support • Same drill as with users, inspect your directory first • Different options support for different LDAP backends: memberOf support on User objects default activated in Active Directory
  • 22. mapping ldap fields to user fields • There’s no one size fits all • Trial and error is very much that: a lot of trial, please don’t • Inspect your directory through an ldap browser
  • 23. actual objects in my local slapd demo server
  • 24. Demo of adding users on the sharing menu • Add users to sharing tab • Add groups to sharing tab • search parts of name with * syntax at the moment. • Also searches in other attributes like location or email • Should also work in global sharing tab, but bug in Plone 5.0.8,will investigate • hierarchical searching - One Level - Subtree
  • 25. Example of LDAP object in Active Directory
  • 26. Better performance • ALWAYS use memcached with pas.plugins.ldap in production, use system supplied memcached or install with buildout [memcached] recipe = zc.recipe.cmmi url = http://www.memcached.org/files/memcached-1.5.2.tar.gz [supervisor] recipe = collective.recipe.supervisor ….. programs = 80 memcached (stderr_logfile=NONE stdout_logfile=${buildout:directory}/var/log/ memcached-stdout.log) ${memcached:location}/bin/memcached [ -m ${conf:memcached-size} - l localhost -p ${conf:memcached} -U ${conf:memcached} ] true
  • 27. Automatic configuration • Generic Setup: • ldap_settings.xml • Configure and export with portal_setup • Don’t forget registry.xml with the memcached settings • Demo of ldapdemo.policy product • show config in editor • demo
  • 28. Final thoughts • This is not plug and play easy stuff • Know your directory, don’t trial and error attributes, use Apache Directory Studio to find them • Production: • SSL communication with LDAP • Read only admin user • Add’on still needs more polishment • Plone 5 / Plone 4
  • 29. Thank You • Questions ? • Sprint on pas.plugins.ldap improvements?