Personal tools
You are here: Home Downloads Tutorials Plone-LDAP-Connection Plone-LDAP-HowTos
nrcfoss logo aukbc cdac iit mumbai iit madras ow2 iosn flosscc
Digital India


Pre-requisite is OpenLdap server/client :   It should be version-2.4 version2.3 won't work with python-ldap-2.4.7


download python-ldap-2.4.7  untar  edit setup.cfg and change the include-dir and library-dir locations to /usr/local/include  /usr/local/include/sasl
and /usr/local/lib  /usr/local/lib/sasl2

and zope's python build    and  install  

> But I ran into a problem while trying to build on my x86_64 Linux box:
> Modules/constants.c: In function 'LDAPinit_constants':
> Modules/constants.c:152: error: 'LDAP_OPT_DIAGNOSTIC_MESSAGE'

Problem is that those variables avail with  openldap 2.4.x not with 2.3 so you need to upgrade to opne-ldap- 2.4  after a cvsup -g -L 2 /root/portsupfile

But then it complained about libtool >=2.4  so I tried to  portupgrade -R libtool.  but it unable to find  devel/libtool.

so I   cd   /usr/ports/devel/libtool   which 2.4   then done make install clean
 then installed openldap-24-server  with  SASL option checked. 

#library_dirs = /opt/openldap-RE24/lib
library_dirs = /usr/local/lib /usr/local/lib/sasl2
#include_dirs = /opt/openldap-RE24/include /usr/include/sasl
include_dirs = /usr/local/include /usr/local/include/sasl

after editing the setup.cfg file in python-ldap2.4.7  I ran   ~/zope/Python/bin/python build  successful

then     ~/zope/Python/bin/python install

setuptools 0.6c9 is already the active version in easy-install.pth
Installing easy_install script to /usr/local/PLONE33INTR/Python-2.4/bin
Installing easy_install-2.4 script to /usr/local/PLONE33INTR/Python-2.4/bin

Using /usr/local/PLONE33INTR/Python-2.4/lib/python2.4/site-packages/setuptools-0.6c9-py2.4.egg
Finished processing dependencies for python-ldap==2.4.7
[root@sun /usr/local/PLONELDAP/python-ldap-2.4.7]#

Success...  No  Buildout.cfg installation  for   python-ldap successful.

But when I  tried to start my openldap using   /usr/local/etc/rc.d/slapd   nothing is starting  sockstat -4p 389 returns nothing runnning.

 but no error reporrt : 

Checking   /var/log/debug.log     telling  ldap   can't find  backend  bdb.  I forgot bdb to checked  while installing  openldap24-server.  So I reinstalled  openldap24-server with bdb  and sasl options checked.
Now everything okay.

Next step is to Install PloneLDAP   for our PLONE3.3 installation.
I downloaded the PloneLDAP  PloneLDAP-bundle-1.0.tar.gz  and untarred  it to the zinstance/products directory and restarted the server I am able to find the ActiveDirectory and PloneLDAP plugins in the ACL_User folder of my intranet site.

Here we need to install simplon.plone.ldap  for getting the LDAP config panel in Plone control panel.

simplon.plone.ldap-1.0.tar.gz  downloaded and  and untarred it a location say /usr/local    then edite for the following to disable.

only this option should be enabled for simplone.


Then   ~/zopeinstance/python/bin/python build && install  will install successfully. But doesn't appear in  Plone Control panel.

Solution :  

[root@storm /usr/local/PLONE33/zinstance/src/intranet.policy/intranet/policy]# ee configure.zcml

add an entry for    simplon.plone.ldap

    <include package="intranet.theme"/>
    <include package="simplon.plone.ldap"/>

then restart the zope then in Plone control panel add/remove section it will be visible as LDAP Support just install it.

Then configure it   for the ldap parameters.
add the attributes 
Please share the following details

1. rDN attribute  ( is it cn/sn/mail or uid ? )  ==>uid

2. user id attribute ( is it cn/sn/mail or uid ? ) ==> uid

3. login name attribute ( is it cn/sn/mail or uid ? ) ==>

4. Ldap object class ( is it inetOrgPerson  or pilotPerson ?) ==>inetOrgPerson

5. Bind DN  ( will be a manager account with the bind password
(  format: cn=Manager,dc=asdc,dc=army,dc=mil)   password ?
==>  cn=admin,dc=dbrait,dc=edu    password is admin

6. Base DN for users  ==> ou=people,dc=dbrait,dc=edu

7. Base DN for groups ==>  ou=groups,dc=dbrait,dc=edu

Then   in LDAP Servers 

You add  server Name (Not IP address)
                       type    just  LDAP  (not ssl)
connection timeout 5
operation timeout   10 sec  thats it   :  But in the Plone machine were it hosted   you  add   /etc/hosts

then save it   Now plone will accept the ldap users credentials for auth. is the latest interface to manage ldap connections for Plone-4.0 onwards

you can install it with downloading the package and  using your zope instance python build and install

Then it won't appear in add/remove product of  plone sitesetup
You need to do   a   ee "" file in
[root@sun /usr/PLONE-414/zinstance/parts/instance/etc/package-includes

]#   with the following contents

<include package="" />  then restart plone it will appear in sitesetup.

If you want to manually add the ploneLdap plugin,  go to  ZMI then select your website's  acl_user folder add the ploneLdap plugin from the dropdown list and add the dn,rdn etc attributes.

Then add the ldap server and port for the connection.


thats it


Describe your new note here.

Document Actions