Integrating Active Directory into Plone 3… with working group roles.

So I decided to integrate Active Directory into a Plone 3 instance. There’s pretty much 2 solutions out there recomended on other boards, etc.

1. Use a tool called simplon.plone
2. Use PloneLDAP, LDAPMultiPlugins and LDAPUserFolder and install an Plone Active Directory Plugin in your acl_users folder.

The second solution was my first approach and was piece of cake to setup, however I could not get Plone to take note of the mapped group -> Plone roles I set up in Zope. I thought this was a bug related to PythonLDAP or some other library on Windows so I quickly jumped on my Ubuntu server environment and noted the same problem was present.

The next solution is to use simplon.plone which claims to be an improvement of the above but with Plone configuration abilities and some bug fixes. Unfortunatly installing it is not as straight forward as the first solution. Here is what needs to be done.

1. Assuming you have Plone 3 installed via the automated installer (follow the instructions I posted in another blog), download simplon_installed.zip and extract it into your plone instance root.
2. Now navigate to your instance root directory and run the following command

   ..\Python\Scripts\easy_install.exe eggs\simplon.plone.ldap-1.0-py2.4.egg

   Now you will have registered the simplon egg with python.

3. Download my pre-patched PloneLDAP-bundle-1.0rc3_PATCHED.zip and extract to the parts/plone folder in your instance home.
4. Start your server and in the add/remove products for Plone you can now install one called “LDAP support unknown”.
   
5. Click  LDAP Connection in your Add-on-Configuration section to bring up the configuration page.
   
6. Fill out your details in the first tab as I have.
   
   Note I have left the LDAP server type as LDAP not Active Directory.
7. Now click the LDAP Schema tab and add the following property.
   
8. Return to the first tab and set the login name attribute to sAMAccountName.
   
9. Finally click the LDAP Servers tab and add a server.
   
   You have now setup Active Directory in your Plone instance. Unfortuantly there is still more to do.
10. Navigate to your ZMI and click acl_users and delete credentials_cookie_auth from the list.
    
11. Go up a level to your site root in the ZMI and add a new cookie crumbler item. Set it’s id to credentials_cookie_auth.
    
12. Return to the root of your site in the ZMI and click portal_memberdata. The click the properties tab and add a new property as I have.
    
13. Return to the root of your site in the ZMI and click acl_users and the click the ldap connector.
    
14. On the next screen ensure everything is ticked and click Authentication.
    
15. Make sure the ldap plugin is at the top on the right hand box then return to the previous page.
    
16. Click the contents tab and then the acl_users (Plone managed LDAP) item.
    
17. You will now be at the Zope configuration page for the LDAP connector. If you want to make any more complex changes to the settings you can do so here.
    
18. To check your connector works, click the Groups tab and you should get a list of all your Active Directory groups.
    
19. At the bottom of this page you can add a mapping from an Active Directory group to a Plone role. I have mapped Administrator to the Manager role.
    

You have now setup your Active Directory to Plone connection. Go ahead and try and login as a user.