def connectLDAP(portal):
'''Set up LDAP parameters.'''
try:
ldapConfig = getUtility(ILDAPConfiguration)
except ComponentLookupError:
return
if ldapConfig.user_object_classes == 'edrnPerson':
# Already configured
return
ldapConfig.user_object_classes = 'edrnPerson'
ldapConfig.ldap_type = u'LDAP'
ldapConfig.user_scope = 1
ldapConfig.user_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov'
for i in ldapConfig.servers.keys():
del ldapConfig.servers[i]
ldapConfig.servers['ldapserver-1'] = LDAPServer('edrn.jpl.nasa.gov',
connection_type=1,
connection_timeout=5,
operation_timeout=15,
enabled=True)
p = ldapConfig.schema['uid']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'uid', '', u'User ID', False
p = ldapConfig.schema['mail']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'mail', 'email', u'Email Address', False
p = ldapConfig.schema['cn']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'cn', 'fullname', u'Full Name', False
p = ldapConfig.schema['sn']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'sn', '', u'Surname', False
ldapConfig.schema['description'] = LDAPProperty('description',
'description',
u'Description', False)
ldapConfig.userid_attribute = 'uid'
ldapConfig.rdn_attribute = 'uid'
ldapConfig.login_attribute = 'uid'
ldapConfig.group_scope = 1
ldapConfig.group_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov'
ldapConfig.bind_password = '******'
ldapConfig.bind_dn = 'uid=admin,ou=system'
guaranteePluginExists()
# To enable accurate counts of failed attempts by LoginLockout:
portal.acl_users['ldap-plugin'].acl_users.setCacheTimeout('negative', 0)
# plone.app.ldap doesn't provide an API to set the encryption type (CA-1231):
portal.acl_users['ldap-plugin'].acl_users._pwd_encryption = 'SHA'
# plone.app.ldap doesn't associate acl_users & acl_users/ldap-plugin with the RAMCache (CA-1231):
ramCache = getToolByName(portal, 'RAMCache')
ramCache.ZCacheManager_setAssociations({
'associate_acl_users': 1,
'associate_acl_users/ldap-plugin': 1
})
# Strangely, the "Super User" (LDAP group) to "Manager" (Zope role) mapping doesn't appear in the
# operational EDRN portal, even though it somehow works. But in a newly stripped-down portal,
# we definitely need it in there
portal.acl_users['ldap-plugin'].acl_users.manage_addGroupMapping(
'Super User', 'Manager')
def HandleModified(property, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
configureLDAPSchema()
def HandleRemoved(property, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
luf=getLDAPPlugin()._getLDAPUserFolder()
luf.manage_deleteLDAPSchemaItems([str(property.ldap_name)])
def connectLDAP(portal):
'''Set up LDAP parameters.'''
try:
ldapConfig = getUtility(ILDAPConfiguration)
except ComponentLookupError:
return
if ldapConfig.user_object_classes == 'edrnPerson':
# Already configured
return
ldapConfig.user_object_classes = 'edrnPerson'
ldapConfig.ldap_type = u'LDAP'
ldapConfig.user_scope = 1
ldapConfig.user_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov'
for i in ldapConfig.servers.keys():
del ldapConfig.servers[i]
ldapConfig.servers['ldapserver-1'] = LDAPServer(
'edrn.jpl.nasa.gov', connection_type=1, connection_timeout=5, operation_timeout=15, enabled=True
)
p = ldapConfig.schema['uid']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'uid', '', u'User ID', False
p = ldapConfig.schema['mail']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'mail', 'email', u'Email Address', False
p = ldapConfig.schema['cn']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'cn', 'fullname', u'Full Name', False
p = ldapConfig.schema['sn']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'sn', '', u'Surname', False
ldapConfig.schema['description'] = LDAPProperty('description', 'description', u'Description', False)
ldapConfig.userid_attribute = 'uid'
ldapConfig.rdn_attribute = 'uid'
ldapConfig.login_attribute = 'uid'
ldapConfig.group_scope = 1
ldapConfig.group_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov'
ldapConfig.bind_password = '******'
ldapConfig.bind_dn = 'uid=admin,ou=system'
guaranteePluginExists()
# To enable accurate counts of failed attempts by LoginLockout:
portal.acl_users['ldap-plugin'].acl_users.setCacheTimeout('negative', 0)
# plone.app.ldap doesn't provide an API to set the encryption type (CA-1231):
portal.acl_users['ldap-plugin'].acl_users._pwd_encryption = 'SHA'
# plone.app.ldap doesn't associate acl_users & acl_users/ldap-plugin with the RAMCache (CA-1231):
ramCache = getToolByName(portal, 'RAMCache')
ramCache.ZCacheManager_setAssociations({'associate_acl_users': 1, 'associate_acl_users/ldap-plugin': 1})
# Strangely, the "Super User" (LDAP group) to "Manager" (Zope role) mapping doesn't appear in the
# operational EDRN portal, even though it somehow works. But in a newly stripped-down portal,
# we definitely need it in there
portal.acl_users['ldap-plugin'].acl_users.manage_addGroupMapping('Super User', 'Manager')
def HandleModified(server, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
# We have no good way to determine which servers was edited, so just
# reload them all
configureLDAPServers()
def HandleModified(server, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
# We have no good way to determine which servers was edited, so just
# reload them all
configureLDAPServers()
def HandleRemoved(server, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
luf=getLDAPPlugin()._getLDAPUserFolder()
servers=luf.getServers()
for i in range(len(servers)):
if servers[i]['host']==server.server and servers[i]['port']==server.port:
luf.manage_deleteServers((i,))
return
def HandleRemoved(server, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
luf=getLDAPPlugin()._getLDAPUserFolder()
servers=luf.getServers()
for i in range(len(servers)):
if servers[i]['host']==server.server and servers[i]['port']==server.port:
luf.manage_deleteServers((i,))
return
def HandleCreated(server, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
if not server.enabled:
return
luf=getLDAPPlugin()._getLDAPUserFolder()
luf.manage_addServer(host=server.server,
port=server.port,
use_ssl=server.connection_type,
conn_timeout=server.connection_timeout,
op_timeout=server.operation_timeout)
def setupLDAP(portal):
qi = getToolByName(portal, 'portal_quickinstaller')
if not qi.isProductInstalled('plone.app.ldap'):
qi.installProduct('plone.app.ldap')
try:
ldapConfig = getUtility(ILDAPConfiguration)
except ComponentLookupError:
return
if ldapConfig.user_object_classes == 'edrnPerson':
return
ldapConfig.user_object_classes = 'edrnPerson'
ldapConfig.ldap_type = u'LDAP'
ldapConfig.user_scope = 1
ldapConfig.user_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov'
for i in ldapConfig.servers.keys():
del ldapConfig.servers[i]
ldapConfig.servers['ldapserver-1'] = LDAPServer(
'edrn.jpl.nasa.gov', connection_type=1, connection_timeout=5, operation_timeout=15, enabled=True
)
p = ldapConfig.schema['uid']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'uid', '', u'User ID', False
p = ldapConfig.schema['mail']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'mail', 'email', u'Email Address', False
p = ldapConfig.schema['cn']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'cn', 'fullname', u'Full Name', False
p = ldapConfig.schema['sn']
p.ldap_name, p.plone_name, p.description, p.multi_valued = 'sn', '', u'Surname', False
ldapConfig.schema['description'] = LDAPProperty('description', 'description', u'Description', False)
ldapConfig.userid_attribute = 'uid'
ldapConfig.rdn_attribute = 'uid'
ldapConfig.login_attribute = 'uid'
ldapConfig.group_scope = 1
ldapConfig.group_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov'
ldapConfig.bind_password = '******'
ldapConfig.bind_dn = 'uid=admin,ou=system'
guaranteePluginExists()
def HandleCreated(server, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
if not server.enabled:
return
luf=getLDAPPlugin()._getLDAPUserFolder()
luf.manage_addServer(host=server.server,
port=server.port,
use_ssl=server.connection_type,
conn_timeout=server.connection_timeout,
op_timeout=server.operation_timeout)
def HandleCreated(property, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
luf = getLDAPPlugin()._getLDAPUserFolder()
# In case if the user is adding a property which is already present in the
# backend since it is obligatory we try to delete it first.
luf.manage_deleteLDAPSchemaItems([str(property.ldap_name)])
luf.manage_addLDAPSchemaItem(ldap_name=str(property.ldap_name),
friendly_name=property.description,
public_name=str(property.plone_name),
multivalued=property.multi_valued,
binary=property.binary)
def HandleCreated(property, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
luf=getLDAPPlugin()._getLDAPUserFolder()
# In case if the user is adding a property which is already present in the
# backend since it is obligatory we try to delete it first.
luf.manage_deleteLDAPSchemaItems([str(property.ldap_name)])
luf.manage_addLDAPSchemaItem(
ldap_name=str(property.ldap_name),
friendly_name=property.description,
public_name=str(property.plone_name),
multivalued=property.multi_valued,
binary=property.binary)
def HandleModified(config, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
luf=getLDAPPlugin()._getLDAPUserFolder()
luf.manage_edit(
title="Plone managed LDAP",
login_attr=str(config.schema[config.login_attribute].ldap_name),
uid_attr=str(config.schema[config.userid_attribute].ldap_name),
rdn_attr=str(config.schema[config.rdn_attribute].ldap_name),
users_base=config.user_base or "",
users_scope=config.user_scope,
groups_base=config.group_base or "",
groups_scope=config.group_scope,
binduid=str(config.bind_dn) or "",
bindpwd=str(config.bind_password) or "",
roles="Member",
obj_classes=config.user_object_classes)
def HandleModified(config, event):
if guaranteePluginExists():
# A new fully configured plugin has been created, so we do not
# need to do anything anymore.
return
luf = getLDAPPlugin()._getLDAPUserFolder()
luf.manage_edit(
title="Plone managed LDAP",
login_attr=str(config.schema[config.login_attribute].ldap_name),
uid_attr=str(config.schema[config.userid_attribute].ldap_name),
rdn_attr=str(config.schema[config.rdn_attribute].ldap_name),
users_base=config.user_base or "",
users_scope=config.user_scope,
groups_base=config.group_base or "",
groups_scope=config.group_scope,
binduid=str(config.bind_dn) or "",
bindpwd=str(config.bind_password) or "",
encryption=config.password_encryption,
roles=config.default_user_roles or "",
read_only=config.read_only,
obj_classes=config.user_object_classes)
