Hi Diego, Bit busy so all I can do is provide you with a copy and paste of the rest of the instructions I made up for a client on how to get this going (YMMV):
5. Assuming there were no issues with the buildout, access your Plone site as a 'Manager' user and go into 'Site Setup' → 'Add-on Products'. Select the checkbox next to 'LDAP support' and click 'Install'. N.B. If you don't see 'LDAP support' in the list of available products for install then something has gone wrong with the previous buildout installation step. Try shutting down the server again and rerunning the buildout and take note of any error messages that appear. To get more information out of buildout, try running it as follows (in fact you can put more v's after the hyphen to get even more detail, e.g. -vvvv): python\python.exe bin\buildoutscript.py v 6. Following successful installation of the 'LDAP support' product, you should now have an additional option on the left-hand side under 'Add-on Product Configuration' entitled 'LDAP Connection'. Click on this and then make the following changes to match the LDAP environment. If a setting on this page is not specifically mentioned below, then you can assume the default value is sufficient. i. Set 'LDAP object classes' to: person,organizationalPerson,inetorgperson ii. Set 'Bind DN' to a valid fully-qualified LDAP user name. The user must be able to access all user and group information and be able to update and create users and groups. iii. Set the 'Bind Password' to be the password of the above user. iv. Set 'Base DN for users' to: <insert yours here> v. Set 'Search scope for users' to: subtree vi. Set 'Base DN for groups' to: <insert yours here> vii. Set 'Search scope for groups' to: subtree 7. Click on the 'LDAP Servers' tab and then click on the 'Add LDAP server' button. Enter the information below and click the 'Save' button. Again if a specific field on this page isn't mentioned below, you can assume the default value is fine. i. Put a check mark in the 'Enabled' check box. ii. Set 'LDAP server' to the LDAP server address. 8. Now attempt logging into the Plone site with an existing user in the LDAP directory. Note that you will need to enter their 'uid' as the username and then their password. If you are able to successfully logon to the Plone site then you have successfully setup LDAP authentication. N.B. You can also test the LDAP setup by going into 'Site Setup' → 'Users and Groups' and typing a user's 'uid' (or part therof) into the 'User Search' box. By default the LDAP integration in Plone searches on 'user ids' (i.e. whatever has been set as the 'user id attribute' in your LDAP connection setup). To test that the Groups are being read correctly, click on the 'Groups' tab and type in a portion of a LDAP group name. Any groups prefixed with '(Group)' have been read from LDAP. To assign specific roles to your LDAP groups, go to: http://your_server_name:8080/Plone/acl_users/ldap/acl_users/manage_addGroup, scroll to the bottom of the screen and click on the 'Map LDAP Group...' dropdown menu and select the relevant group. Then select the relevant Zope Role in the dropdown menu next to this and click the 'Add' button. Now users in these LDAP groups will automatically have these roles assigned when logging on to the Plone site. Thanks, Tim On Thu, 2010-05-20 at 01:57 -0700, didakus wrote: > Hi Tim, > > Finally what I was looking for a step by step explanation that actually > works! I got this working first time, no errors. > > I used another instruction to enter the settings for LDAP: > http://t4dbm.wordpress.com/2008/08/18/integrating-active-directory-into-plone-3-with-working-group-roles/ > (step 4 and on) > > I just have one issue, when I am in the sharing tab of a page or folder and > enter a name, nothing happens. If I enter a group I see a whole list. Any > idea why the users are not showing up? > > These are the LDAP attributes that I have: > cn Canonical Name fullname No No > mail Email address email No No > sn Surname (unused) No No > uid User id No No > name Name fullname No No > sAMAccountName sAMAccountName sAMAccountName No No > > Kind regards, > > Diego > _______________________________________________ Setup mailing list [email protected] http://lists.plone.org/mailman/listinfo/setup
