HOWTO integrate ldapuserfolder and ldapgroupuserfolder
From Chaos
Contents |
Summary
This how-to implies that you already have an LDAP server setup, with the appropriate schema and any other external information you m ay need (Manager DN, etc). This is by no means a 'difinitive guide' on how to setup Plone / Zope LDAP Authentication. I wrote most o f this down from memory. If something you do breaks your site because this how-to said to do it, it is not Kyle Mott's, or Gadoz Inc orporated's fault; you take full responsibility for your own actions.
Installation Procedure
- Download the current versions of python-ldap, LDAPUserFolder, and GroupUserFolder.
- Unpack python-ldap somewhere on the system.
- Unpack LDAPUserFolder and GroupUserFolder to the desired instances' Products folder.
- Change into the directory of python-ldap.
- Run the following: /Applications/Plone2/Tools/pysetup <instancename> (Where <instancename> is the instance you have previously installed LDAPUserFolder and GroupUserFolder to).
- Re-start your plone instance.
- Login to your ZMI as admin.
- Browse to your Plone Instance.
- Click on 'acl_users'.
- Click on the 'Sources' tab.
- Add a new source, selecting 'LDAPUserFolder' from the drop-down box.
- Input the various information for your specific server setup. Our settings are below.
- Click 'Add'.
- Click on 'LDAPUserFolder', and double check your settings.
- Click on the 'LDAP Schema' tab.
- Select 'sn' and click 'Delete'.
- Go back to /<instancename>/acl_users/.
- Click on Sources.
- Next to Groups source, select from the drop-down box 'LDAPGroupFolder'. Select 'Im sure'.
- Click 'Ok'.
- It should ask you where the default LDAPUserFolder is. It should be correct, so just click 'Ok'.
- Go back to /<instancename>/acl_users/.
- Click on the 'Sources' tab.
- Click on 'LDAPUserFolder'.
- Click on the 'Groups' tab.
- Add Groups based on the standard plone roles (Manager, Member, Reviewer) with Object class of 'groupOfNames'.
- Add a Group mapping for each one, e.g., Map LDAP Group Manager => to Zope Role Manager.
- Go back to /<instancehome>/acl_users/.
- Click on the 'Sources' tab.
- Select the old 'User Folder' and Delete it. WARNING: THIS WILL DELETE ALL CURRENTLY REGISTERED USERS!!!!!!!!!!!!
- You should be done!
To verify, go to the main portal's site, and try to register a new user. It should insert a new record into the LDAP database with t he appropriate information. I have also put below some simple steps to follow to manage your LDAP users through the ZMI.
Server Setup
LDAP Server is 'localhost'. Login Name Attribute, User ID Attribute, and RDN Attribute are all 'uid'. Users Base DN is 'cn=cerium-users, dc=gadoz, dc=com'. Group storage is set to 'Groups stored on LDAP server'. Groups Base DN is 'cn=cerium-groups, dc=gadoz, dc=com'. Manager DN is 'uid=somelogin, cn=users, dc=domain, dc=tld'. User object classes is 'top,person,inetOrgPerson'. User password encryption is 'SHA'. Default User Roles is 'Member'.
Administration Procedure
Delete a user
- Login to the ZMI.
- Browse to <instancehome>.
- Click on 'acl_users' folder.
- Click on 'Users' tab.
- If the name(s) do not show up, force an update by clicking on 'Clicking here'.
- Select the user, and press Delete.
Add a user
- Login to the ZMI.
- Browse to <instancehome>.
- Click on 'acl_users' folder.
- Click on 'Users' tab.
- If the name(s) do not show up, force an update by clicking on 'Clicking here'.
- Fill out 'Create users:' as the login you want the person to have.
- Fill out 'Default password:' as the password you want the person to have.
- Select their 'Affect roles' for the role(s) you want them to have.
- Click 'Create'.
Change a users role (group)
- Login to the ZMI.
- Browse to <instancehome>.
- Click on 'acl_users' folder.
- Click on 'Users' tab.
- If the name(s) do not show up, force an update by clicking on 'Clicking here'.
- Select the user(s) role you wish to change.
- Select or Deselect their 'Affect roles'.
- Click 'Change'.
