Gmane -- Mail To News And Back Again

From: Anders Bruun Olsen <anders@...>
Subject: Re: Plone 2.5 control panel won't list LDAP users
Newsgroups: gmane.comp.web.zope.plone.user
Date: 2006-11-09 08:56:08 GMT (2 years, 34 weeks, 23 hours and 51 minutes ago)
On Thu, Nov 02, 2006 at 10:53:57AM +0100, Anders Bruun Olsen wrote:
> My setup: Plone 2.5.1, Zope 2.9.5, Python 2.4.3, Python-ldap 2.0.11,
> LDAPUserFolder 2.7, LDAPMultiPlugins 1.4, OpenLDAP 2.1.30.
> I have followed the guide
> http://plone.org/documentation/how-to/plone-2-5-and-openldap-integration-for-users-and-groups
> in order to setup Plone to use LDAP for storing users. I have a working
> LDAP directory with around 50 users to test against.
> My problem: In the ZMI I can navigate to the LDAPUserFolder and list
> users in LDAP through the Users-tab without problems, but when I go to
> the "Users and Groups Administration" part of the Plone control panel
> (prefs_users_overview) I can't list any users from LDAP. If I type in a
> username that exists in LDAP (and that can be searched for and found in
> the ZMI) no users are found. This makes it a bit difficult to do user
> administration (assignment of roles and so forth).

I'm just going to reply to myself here as I have now done some more
research and have it working now.

1. LDAPUserFolder 2.6 does not work correctly with Plone 2.5 and
LDAPMultiPlugins 1.4. This means that when trying to view groups through
Site Setup -> Users and Groups Administration Plone will just give an
error (traceback) and no matter what you do you can't find any LDAP
users through searching in Plone. Upgrading to 2.7 fixes this problem.

2. LDAPUserFolder does not implement functionality to list all users
because LDAP directories can be almost limitlessly huge, so only
searching for users are supported. This explains why the "Show All"
button does not list LDAP users.

3. Plone searches the fullname attribute, which most people will map to
the cn LDAP attribute, thus searching for values in the LDAP uid
attribute won't reveal any results. Search for users by their canonical
name instead of their username.

4. Plone's UI when used with an LDAP backend makes much more sense when
setup to expect large userfolders, thus I have found that enabling "Many
users/groups" in Site Setup -> Portal Settings is a good thing.

-- 
Anders
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V
PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y?
------END GEEK CODE BLOCK------
PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642