def connectLDAP(portal): '''Set up LDAP parameters.''' try: ldapConfig = getUtility(ILDAPConfiguration) except ComponentLookupError: return if ldapConfig.user_object_classes == 'edrnPerson': # Already configured return ldapConfig.user_object_classes = 'edrnPerson' ldapConfig.ldap_type = u'LDAP' ldapConfig.user_scope = 1 ldapConfig.user_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov' for i in ldapConfig.servers.keys(): del ldapConfig.servers[i] ldapConfig.servers['ldapserver-1'] = LDAPServer('edrn.jpl.nasa.gov', connection_type=1, connection_timeout=5, operation_timeout=15, enabled=True) p = ldapConfig.schema['uid'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'uid', '', u'User ID', False p = ldapConfig.schema['mail'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'mail', 'email', u'Email Address', False p = ldapConfig.schema['cn'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'cn', 'fullname', u'Full Name', False p = ldapConfig.schema['sn'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'sn', '', u'Surname', False ldapConfig.schema['description'] = LDAPProperty('description', 'description', u'Description', False) ldapConfig.userid_attribute = 'uid' ldapConfig.rdn_attribute = 'uid' ldapConfig.login_attribute = 'uid' ldapConfig.group_scope = 1 ldapConfig.group_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov' ldapConfig.bind_password = '******' ldapConfig.bind_dn = 'uid=admin,ou=system' guaranteePluginExists() # To enable accurate counts of failed attempts by LoginLockout: portal.acl_users['ldap-plugin'].acl_users.setCacheTimeout('negative', 0) # plone.app.ldap doesn't provide an API to set the encryption type (CA-1231): portal.acl_users['ldap-plugin'].acl_users._pwd_encryption = 'SHA' # plone.app.ldap doesn't associate acl_users & acl_users/ldap-plugin with the RAMCache (CA-1231): ramCache = getToolByName(portal, 'RAMCache') ramCache.ZCacheManager_setAssociations({ 'associate_acl_users': 1, 'associate_acl_users/ldap-plugin': 1 }) # Strangely, the "Super User" (LDAP group) to "Manager" (Zope role) mapping doesn't appear in the # operational EDRN portal, even though it somehow works. But in a newly stripped-down portal, # we definitely need it in there portal.acl_users['ldap-plugin'].acl_users.manage_addGroupMapping( 'Super User', 'Manager')
def HandleModified(property, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return configureLDAPSchema()
def HandleRemoved(property, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return luf=getLDAPPlugin()._getLDAPUserFolder() luf.manage_deleteLDAPSchemaItems([str(property.ldap_name)])
def connectLDAP(portal): '''Set up LDAP parameters.''' try: ldapConfig = getUtility(ILDAPConfiguration) except ComponentLookupError: return if ldapConfig.user_object_classes == 'edrnPerson': # Already configured return ldapConfig.user_object_classes = 'edrnPerson' ldapConfig.ldap_type = u'LDAP' ldapConfig.user_scope = 1 ldapConfig.user_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov' for i in ldapConfig.servers.keys(): del ldapConfig.servers[i] ldapConfig.servers['ldapserver-1'] = LDAPServer( 'edrn.jpl.nasa.gov', connection_type=1, connection_timeout=5, operation_timeout=15, enabled=True ) p = ldapConfig.schema['uid'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'uid', '', u'User ID', False p = ldapConfig.schema['mail'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'mail', 'email', u'Email Address', False p = ldapConfig.schema['cn'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'cn', 'fullname', u'Full Name', False p = ldapConfig.schema['sn'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'sn', '', u'Surname', False ldapConfig.schema['description'] = LDAPProperty('description', 'description', u'Description', False) ldapConfig.userid_attribute = 'uid' ldapConfig.rdn_attribute = 'uid' ldapConfig.login_attribute = 'uid' ldapConfig.group_scope = 1 ldapConfig.group_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov' ldapConfig.bind_password = '******' ldapConfig.bind_dn = 'uid=admin,ou=system' guaranteePluginExists() # To enable accurate counts of failed attempts by LoginLockout: portal.acl_users['ldap-plugin'].acl_users.setCacheTimeout('negative', 0) # plone.app.ldap doesn't provide an API to set the encryption type (CA-1231): portal.acl_users['ldap-plugin'].acl_users._pwd_encryption = 'SHA' # plone.app.ldap doesn't associate acl_users & acl_users/ldap-plugin with the RAMCache (CA-1231): ramCache = getToolByName(portal, 'RAMCache') ramCache.ZCacheManager_setAssociations({'associate_acl_users': 1, 'associate_acl_users/ldap-plugin': 1}) # Strangely, the "Super User" (LDAP group) to "Manager" (Zope role) mapping doesn't appear in the # operational EDRN portal, even though it somehow works. But in a newly stripped-down portal, # we definitely need it in there portal.acl_users['ldap-plugin'].acl_users.manage_addGroupMapping('Super User', 'Manager')
def HandleModified(server, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return # We have no good way to determine which servers was edited, so just # reload them all configureLDAPServers()
def HandleModified(server, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return # We have no good way to determine which servers was edited, so just # reload them all configureLDAPServers()
def HandleRemoved(server, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return luf=getLDAPPlugin()._getLDAPUserFolder() servers=luf.getServers() for i in range(len(servers)): if servers[i]['host']==server.server and servers[i]['port']==server.port: luf.manage_deleteServers((i,)) return
def HandleRemoved(server, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return luf=getLDAPPlugin()._getLDAPUserFolder() servers=luf.getServers() for i in range(len(servers)): if servers[i]['host']==server.server and servers[i]['port']==server.port: luf.manage_deleteServers((i,)) return
def HandleCreated(server, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return if not server.enabled: return luf=getLDAPPlugin()._getLDAPUserFolder() luf.manage_addServer(host=server.server, port=server.port, use_ssl=server.connection_type, conn_timeout=server.connection_timeout, op_timeout=server.operation_timeout)
def setupLDAP(portal): qi = getToolByName(portal, 'portal_quickinstaller') if not qi.isProductInstalled('plone.app.ldap'): qi.installProduct('plone.app.ldap') try: ldapConfig = getUtility(ILDAPConfiguration) except ComponentLookupError: return if ldapConfig.user_object_classes == 'edrnPerson': return ldapConfig.user_object_classes = 'edrnPerson' ldapConfig.ldap_type = u'LDAP' ldapConfig.user_scope = 1 ldapConfig.user_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov' for i in ldapConfig.servers.keys(): del ldapConfig.servers[i] ldapConfig.servers['ldapserver-1'] = LDAPServer( 'edrn.jpl.nasa.gov', connection_type=1, connection_timeout=5, operation_timeout=15, enabled=True ) p = ldapConfig.schema['uid'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'uid', '', u'User ID', False p = ldapConfig.schema['mail'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'mail', 'email', u'Email Address', False p = ldapConfig.schema['cn'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'cn', 'fullname', u'Full Name', False p = ldapConfig.schema['sn'] p.ldap_name, p.plone_name, p.description, p.multi_valued = 'sn', '', u'Surname', False ldapConfig.schema['description'] = LDAPProperty('description', 'description', u'Description', False) ldapConfig.userid_attribute = 'uid' ldapConfig.rdn_attribute = 'uid' ldapConfig.login_attribute = 'uid' ldapConfig.group_scope = 1 ldapConfig.group_base = 'dc=edrn,dc=jpl,dc=nasa,dc=gov' ldapConfig.bind_password = '******' ldapConfig.bind_dn = 'uid=admin,ou=system' guaranteePluginExists()
def HandleCreated(server, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return if not server.enabled: return luf=getLDAPPlugin()._getLDAPUserFolder() luf.manage_addServer(host=server.server, port=server.port, use_ssl=server.connection_type, conn_timeout=server.connection_timeout, op_timeout=server.operation_timeout)
def HandleCreated(property, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return luf = getLDAPPlugin()._getLDAPUserFolder() # In case if the user is adding a property which is already present in the # backend since it is obligatory we try to delete it first. luf.manage_deleteLDAPSchemaItems([str(property.ldap_name)]) luf.manage_addLDAPSchemaItem(ldap_name=str(property.ldap_name), friendly_name=property.description, public_name=str(property.plone_name), multivalued=property.multi_valued, binary=property.binary)
def HandleCreated(property, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return luf=getLDAPPlugin()._getLDAPUserFolder() # In case if the user is adding a property which is already present in the # backend since it is obligatory we try to delete it first. luf.manage_deleteLDAPSchemaItems([str(property.ldap_name)]) luf.manage_addLDAPSchemaItem( ldap_name=str(property.ldap_name), friendly_name=property.description, public_name=str(property.plone_name), multivalued=property.multi_valued, binary=property.binary)
def HandleModified(config, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return luf=getLDAPPlugin()._getLDAPUserFolder() luf.manage_edit( title="Plone managed LDAP", login_attr=str(config.schema[config.login_attribute].ldap_name), uid_attr=str(config.schema[config.userid_attribute].ldap_name), rdn_attr=str(config.schema[config.rdn_attribute].ldap_name), users_base=config.user_base or "", users_scope=config.user_scope, groups_base=config.group_base or "", groups_scope=config.group_scope, binduid=str(config.bind_dn) or "", bindpwd=str(config.bind_password) or "", roles="Member", obj_classes=config.user_object_classes)
def HandleModified(config, event): if guaranteePluginExists(): # A new fully configured plugin has been created, so we do not # need to do anything anymore. return luf = getLDAPPlugin()._getLDAPUserFolder() luf.manage_edit( title="Plone managed LDAP", login_attr=str(config.schema[config.login_attribute].ldap_name), uid_attr=str(config.schema[config.userid_attribute].ldap_name), rdn_attr=str(config.schema[config.rdn_attribute].ldap_name), users_base=config.user_base or "", users_scope=config.user_scope, groups_base=config.group_base or "", groups_scope=config.group_scope, binduid=str(config.bind_dn) or "", bindpwd=str(config.bind_password) or "", encryption=config.password_encryption, roles=config.default_user_roles or "", read_only=config.read_only, obj_classes=config.user_object_classes)