entrouvert
/
Products.LDAPMultiPlugins
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
Products.LDAPMultiPlugins/Products/LDAPMultiPlugins/README.txt

62 lines
2.3 KiB
Plaintext
Raw Blame History

README for the Zope LDAPMultiPlugins Product
The LDAPMultiPlugins provides PluggableAuthService plugins that use
LDAP as the backend for the services they provide. The
PluggableAuthService is a Zope user folder product that can be extended
in modular fashion using various plugins. See DEPENDENCIES.txt for
software needed by this package.
Please make sure to read the documentation included in the
LDAPUserFolder package as well.
**Caching**
The results of some calls into the plugins provided by these package can
be cached using the Zope ZCacheable mechanism:
- In the Zope Management Interface (ZMI) of your PluggableAuthService
instance, select 'RAM Cache Manager' from the dropdown, give it an ID
and configure it according to your needs.
- Click on your LDAP/ActiveDirectoryMultiPlugin and use the 'Cache'
ZMI tab on the far right to associate the newly created RAM Cache
Manager object with the plugin.
Now your plugin will use the RAM Cache Manager object to cache results
from some of the possibly expensive API calls.
**Special features - Active Directory Multi Plugin**
* Properties of the ADMultiPlugin instance:
* groupid_attr - the LDAP attribute used for group ids.
* grouptitle_attr - the LDAP attribute used to compose group titles.
* group_class - the LDAP class of group objects.
* group_recurse - boolean indicating whether to determine group
memberships of a user by unrolling nested group relationships
(expensive). This feature is not guaranteed to work at this moment.
**Active Directory configuration hints**
In order for groups support to work correctly, you may have to set the
following properties. Every situation is different, but this has helped
some people succeed:
* On the "Properties" tab for the ActiveDirectoryMultiPlugin, set the
groupid_attr property to "name".
* On the contained LDAPUserFolder's "Configure" tab, choose a
property other than "objectGUID", e.g. "sAMAccountName" for the
User ID property. To get to the LDAPUserFolder, click on the
ActiveDirectoryMultiPlugin "Content" tab.
Please see README.ActiveDirectory from the LDAPUserFolder package for
additional information.
View Git Blame Copy Permalink