Skip to main content

LDAP-backed plugins for the Zope2 PluggableAuthService

Project description

The LDAPMultiPlugins provides PluggableAuthService plugins that use LDAP as the backend for the services they provide. The PluggableAuthService is a Zope user folder product that can be extended in modular fashion using various plugins.

Please make sure to read the documentation included in the LDAPUserFolder package (http://pypi.python.org/pypi/Products.LDAPUserFolder) as well.

Bug tracker

Please post questions, bug reports or feature requests to the bug tracker at http://www.dataflake.org/tracker/

SVN version

You can retrieve the latest code from Subversion using setuptools or zc.buildout via this URL:

http://svn.dataflake.org/svn/Products.LDAPMultiPlugins/trunk#egg=Products.LDAPMultiPlugins

Caching

The results of some calls into the plugins provided by these package can be cached using the Zope ZCacheable mechanism:

  • In the Zope Management Interface (ZMI) of your PluggableAuthService instance, select ‘RAM Cache Manager’ from the dropdown, give it an ID and configure it according to your needs.

  • Click on your LDAP/ActiveDirectoryMultiPlugin and use the ‘Cache’ ZMI tab on the far right to associate the newly created RAM Cache Manager object with the plugin.

Now your plugin will use the RAM Cache Manager object to cache results from some of the possibly expensive API calls.

Special features - Active Directory Multi Plugin

Properties of the ADMultiPlugin instance:

  • groupid_attr - the LDAP attribute used for group ids.

  • grouptitle_attr - the LDAP attribute used to compose group titles.

  • group_class - the LDAP class of group objects.

  • group_recurse - boolean indicating whether to determine group memberships of a user by unrolling nested group relationships (expensive). This feature is not guaranteed to work at this moment.

Active Directory configuration hints

In order for groups support to work correctly, you may have to set the following properties. Every situation is different, but this has helped some people succeed:

  • On the “Properties” tab for the ActiveDirectoryMultiPlugin, set the groupid_attr property to “name”.

  • On the contained LDAPUserFolder’s “Configure” tab, choose a property other than “objectGUID”, e.g. “sAMAccountName” for the User ID property. To get to the LDAPUserFolder, click on the ActiveDirectoryMultiPlugin “Content” tab.

Please see README.ActiveDirectory from the LDAPUserFolder package for additional information.


Changelog for Products.LDAPMultiplugins

To see earlier changes please see HISTORY.txt.

1.10 (2010-05-27)

1.9 (2010-01-27)

  • Feature: The enumerateUsers method has a parameter “exact_match” that was only applied if the search was by logn or user id, since that is the way it is used in the standard PluggableAuthService plugins. However, the user folder searchUsers method can accept this parameter as well and thus limit searches by other criteria to exact matches. This is useful enough to implement, even though it breaks the standard. (http://www.dataflake.org/tracker/issue_00656)

1.8 (2009-02-17)

  • Bug: Move plugin registration from initialize method to module level to avoid multiple registrations. (http://www.dataflake.org/tracker/issue_00631 by Ramon Navarro Bosch)

  • Feature: Implemented GenericSetup import/export handlers and registered import/export steps.

  • Bug: Fixed the Zope dependency, which was listed as 2.8+. It’s 2.9+.

1.7 (2008-07-19)

  • Bug: LDAPMultiPlugin.enumerateUsers: The variable used as key for the caching mechanism was mutated after being computed, leading to cache keys that can never be found again. Found by Wichert Akkerman. (http://www.dataflake.org/tracker/issue_00613)

1.6 (2008-06-05)

  • Bug: ActiveDirectoryMultiPlugin.enumerateGroups: In order to support group searches on the binary objectGUID attribute, utilize a new flag exposed by the LDAPUserFolder LDAPDelegate search method that prevents the customary UTF8-encoding of the search filter expression. NOTE: With this change the LDAPUserFolder version dependency changes to version 2.9 or higher! (http://www.dataflake.org/tracker/issue_00576 by Wichert Akkerman)

  • Bug: ActiveDirectoryMultiPlugin.enumerateGroups: If the requested group id is a binary string, like a objectGUID attribute, it was mangled by a lowercasing operation. Removed the lowercasing. (http://www.dataflake.org/tracker/issue_00575 by Wichert Akkerman)

  • Feature: Added caching to the getGroupsForPrincipal method. Thanks to Wichert Akkerman for the patch. (http://www.dataflake.org/tracker/issue_00571)

1.5 (2007-06-13)


Download

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Products.LDAPMultiPlugins-1.10.tar.gz (23.7 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page