Plone Active Directory Authentication

I will be using the same system from my earlier Plone Installation post to continue with the Active Directory authentication.

python-ldap and plone.app.ldap are required to be installed for this purpose.

Installation of python-ldap took me quite sometime with errors like [Error: Couldn't install: python-ldap 2.4.10] as shown in the figure below:


To properly install python-ldap, development libraries are required to be installed. So, for my Fedora System, i install the following libraries as shown below:

yum install python-ldap python-devel openldap openldap-devel cyrus-sasl-devel

To install the python-ldap, add the entries in the buildout.cfg as shown below:

eggs =
…..
plone.app.ldap

zcml =
…...
plone.app.ldap

After building the buildout (./bin/buildout), start the plone (./bin/plonectl start)

Login to the site as admin and start the Zope Management Interface and click the "acl_users" as shown below:


Select the "ActiveDirectory Multi Plugin" and click "Add"

Feel up the necessary details for the PluggableAuthService (PAS) as shown in the figure below: This window is required for every OU to be authenticated
Once it's done, you can then change the basic properties of your LDAPUserFolder. A test case working image is shown below:


Once the "Apply Changes" button is approved (error message will be thrown if there are wrong or missing entries), the authentication can be performed.

Comments

Post a Comment

Popular posts from this blog

Wireless DPSK setup with Ruckus Zone Director

Image
Configure the AAA Server (Using local database howto is out of this scope) Log in to the zone director and configure the AAA Server from Configure > AAA Servers as shown in the figure below. Name: Give a name for the AAA Server for identification {jcua for this example} Type: Active Directory Global Catalog: {leave it un-check} IP Address: IP address of the domain controller Port: 389 {ldap port} Windows Domain Name: domain name {test.com for this example}   Configure the Hotspot Service Configure a Hotspot to authenticate the users before allowing the traffic from Configure > Hotspot Services as shown in the figure below. Name: Give a name for the hotspot service {JCU-Wireless-Provisioning for this example} Login Page: https://wireless.test.com/activate {or https://zonedirectorIP/activate} Start Page: I leave to redirect to the URL that the user intends to visit Authentication Server: The AAA server that we created {i.e., jcua} Accounting Server: none {out...
Read more

Access denied for user 'bacula'@'localhost' (using password: YES)

Image
While installing a test backup server (Bacula), I got the error "Access denied for user 'bacula'@'localhost' (using password: YES)" while connecting to the MySQL database. Root access was fine. Grant permission as well as the user password was correct and thus it took me quite some time to understand that though the user password was correct, it wasn't encrypted like the root when checked from Webmin.  Thus from mysql command, instead of - mysql> UPDATE mysql.user SET Password = 'baculauserpassword' WHERE user = 'bacula'; mysql> FLUSH PRIVILEGES; I change it too  mysql> UPDATE mysql.user SET Password = PASSWORD('baculauserpassword') WHERE user = 'bacula'; mysql> FLUSH PRIVILEGES; After getting the password encrypted, I can finally connect to the MySQL server and run the Bacula.
Read more

Operation could not be completed (error 0x00000709)

Image
We just had an upgrade of the printer infrastructure. New printers are installed, Canon Uniflow software are being upgraded as well as the existing drivers are being upgraded. Things went fine except for few users having issues like: Cannot set default printer Cannot print directly from Outlook client Thanks to the link  http://www.howtogeek.com/forum/topic/can-not-set-any-printer-as-default-printer  the issues were resolved following the steps there. The fix, which worked for me yesterday, is simple: Go to HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ -If the Windows key doesn't exist, create a new key; Then check for the following entry (or create it if it is not there) Name: Device Type: Reg_SZ (String Value) Value: winspool,Ne00 Should you be unable to save it, just make sure the user has Full (or special) access to the Windows key (by right-clicking on the key) After that I ran the "gpupdate /force" as the drivers were pushed using gr...
Read more