Using LDAP with Plone 5

This looks fine and works here with Plone 5.

I do not think the problem is releated to the addon package.

According to your log output:

IOError: [Errno 13] Permission denied: '/opt/plone/buildout-cache/eggs/yafowil.widget.dict-1.5-py2.7.egg/EGG-INFO/entry_points.txt

Your Plone daemon user has no read access to the given package (a dependency of pas.plugins.ldap). You need to fix the access permissions on your file system using chmod. This happens if you forget to run buildout prefixed with sudo -u plone_buildout .... Once forgotten it wont get fixed on subsequent runs, so manual intervention is needed.

I will try to change manually the permission on that file, however the command was correct, in fact there is also the sanity check that prevent to make the buildout with root (see text below).


buildout.sanitycheck:
`***********************************************************
Buildout should not be run while superuser. Doing so allows
untrusted code to be run as root.
Instead, you probably wish to do something like:
sudo -u plone_buildout bin/buildout

If you have a good reason to bypass this restriction,
remove the buildout.sanitycheck extension from your buildout.
`***********************************************************

While:
Installing.
Loading extensions.
Error: User attempt to give system ownership to Internet

Finally i have run all successfully, the eggs with wrong permissions are:

  • odict-1.5.1-py2.7.egg
  • yafowil.widget.dict-1.5-py2.7.egg
  • node.ext.ugm-0.9.8-py2.7.egg
  • plumber-1.3.1-py2.7.egg
  • node-0.9.16-py2.7.egg
  • yafowil-2.1.3-py2.7.egg

In particular in the EGG-INFO folder of the eggs above, the files have the correct group/owner (respectively plone_group and plone_buildout), but they are saved with this permissions: -rw-------, while all other eggs have: -rw-r--r--.

Thank you all for the responses :smile:

Today I spent hours trying to make pas.plugins.ldap working on a Plone 4.3.7.
I tested this one instead of plone.app.ldap because with the latter we find issues with groups on a customer LDAP and I was trying if the new package can help.

I'm a little astonished because I was not able to make it work: just installing it leave my site in a broken state. After fixing the issue found (ticket opened) I'm still not able to make it work: groups are found, but not users... remember that this LDAP is working with p.a.ldap so I have a working configuration.

It's 90% an issue on my side, but the lack of documentation, inline help on forms, or example sometimes depress me :smile:

I would like to mention that your solution for Products.PloneLDAP worked well for me on Plone 5. Thanks for providing that answer.

I also made pas.plugins.ldap work, but it attempts to download and cache the entire user tree from LDAP. That didn't work for me because our LDAP server requires pagination for more than 1000 results, which causes an error in the plugin. I don't think I'd like to have to keep a cache of all that data anyway since we only need to authenticate a small subset of users.

indeed pas.plugins.ldap had this problem. we fixed it already, but release is waiting until we field tested the new code more in our projects. thanks for the reminder :slight_smile:

FYI: I'am preparing a beta release with the performance improvements. We have it already in production w/o problems. Travis CI is red at the moment, mainly because of download timeouts while buildout. If this goes green I'll release asap.

1 Like

Hi.

My apologies for dredging this up from March 2nd, but I'm a bit stuck :(.

I've got a vanilla Plone 5.0.4 instance that I just installed fresh.

I've tried to add:

plone.app.ldap

Many, many times now - and for some reason (even though the buildout seems to run through to completion), it always seems to break the buildout when I then try to run the instance/the instance never starts up.

What am I missing? I have been reading widely and I see a lot of conflicting information about whether plone.app.ldap vs Products.PloneLDAP are actually compatible with 5.x, which one should be used where and which PAS is older than the other.

I didn't want to start another thread, but a very basic 1-2-3 to make ActiveDirectory work out of the box with a buildout would be really appreciated. I thought it might be as simple as adding plone.app.ldap to the buildout - but that seems to be confounding me.

I found this thread:

And it suggested that I should add zope.formlib and everything should work, but it still seems to break and the instance never starts up. It then went on to say that if I used Products.PloneLDAP, it should work as normal if I plug it into the ZMI. I did that, got a fair distance, but things seem wrong and stuff isn't working as anticipated.

Then I looked at pas.plugins.ldap and it doesn't seem to work at all.

I asked on the IRC channel too, but nobody seems to respond, thus far.

Thanks for your time.

--z

What's the problem with https://pypi.python.org/pypi/pas.plugins.ldap ? Please give details (buildout.cfg, error messages, etc.) because pas.plugins.ldap is the best Plone 5 way to use LDAP.

1 Like

We use plone.app.ldap on plone5 with ploneintranet for Active Directory integration, no problems. An actual traceback may be helpful.

Hi to tkimnguyen and gyst.

Thanks for replying, guys! Really appreciate it.

  1. The problem with plone.app.ldap is that it fails silently. I'm not seeing any traceback. At all. The instance appears to start, but then shortly after stops without any obvious information. No errors thrown, no traceback from python.

Is there a way I can see something more verbose?

  1. The problem with pas.plugins.ldap is that, (and please, correct me if I'm wrong, because I am learning!) from what I can see it has no obvious support for active directory and only seems to be able to support raw native open LDAP transports, and not specifically microsoft Active Directory.

Again, correct me if I'm wrong there, because I really want something simple that just works neatly with AD!

Here is my buildout.cfg when I try to use plone.app.ldap:

############################################
#
# Buildout Configuration File for Plone
# -------------------------------------
#
# ALWAYS back up all Plone/Zope data and components
# before changing configuration.
#
# Running "bin/buildout" will update your installation,
# installing missing components as necessary.
#
# This will update the add-on products you've added in the eggs= lines.
# This will not, however, upgrade Plone itself (or anything else you've
# pinned with a version specification). To upgrade Plone itself, see the
# comments in "Plone Component Versions".
#
# Tutorial instructions for using zc.buildout for
# configuration management are available at:
# http://plone.org/documentation/tutorial/buildout
# Full details at http://pypi.python.org/pypi/zc.buildout
#
############################################

[buildout]
############################################
# Plone Component Versions
# ------------------------
# This version of the Unified Installer has the components of Plone 5
# preloaded so that it can install without an Internet connection.
# If you want to update, uncomment the "http://..." line below,
# edit it to point to the current version URL, comment out the
# "versions.cfg" line and run "bin/buildout" while attached to the
# Internet. Generally, you only want to do that as part of a planned migration.
# Note that if you are updating components, you should also check the versions
# section at the end of this file, since recipes or components other than
# those of Zope and Plone may need updating at the same time.
#
extends =
    base.cfg
    versions.cfg
#    http://dist.plone.org/release/5.0.4/versions.cfg

# If you change your Plone version, you'll also need to update
# the repository link below.
find-links +=
    http://dist.plone.org/release/5.0.4
# If you try to start Zope as root, it will change user id to run as
# the effective user specified here. This user id must own the var directory
# of your buildout.
effective-user = plone_daemon
# This user will own the rest of the installation, and should be used to
# run buildout.
buildout-user = plone_buildout
# A flag to tell the Unified Installer whether or not to document sudo use.
need-sudo = yes

############################################
# Eggs
# ----
# Add an indented line to the eggs section for any Python
# eggs or packages you wish to include in your Plone instance.
#
# Note that versions may be specified here or in the [versions]
# section below. You should always specify versions that you know
# are compatible with the Plone release and at an acceptable
# development level.
#
# If you update to a later version of Plone, remove the hotfix.
#
eggs =
    Plone
    Pillow
    plone.app.ldap
############################################
# ZCML Slugs
# ----------
# Some eggs need ZCML slugs to tell Zope to
# use them. This is increasingly rare.
zcml =
#    plone.reload

############################################
# Development Eggs
# ----------------
# You can use paster to create "development eggs" to
# develop new products/themes. Put these in the src/
# directory.
# You will also need to add the egg names in the
# eggs section above, and may also need to add them
# to the zcml section.
#
# Provide the *paths* to the eggs you are developing here:
develop =
#    src/my.package

############################################
# var Directory
# -------------
# Sets the target directory for the "var" components of the install such as
# database and log files.
#
var-dir=${buildout:directory}/var

############################################
# Backup Directory
# ----------------
# Sets the target directory for the bin/backup and bin/snapshotbackup
# commands. Default is inside this project's var directory, but ideally
# this should be on a separate volume or backup server.
#
backups-dir=${buildout:var-dir}

############################################
# Initial User
# ------------
# This is the user id and password that will be used to create the initial
# user id that will allow you to log in and create a Plone site. This only
# sets the initial password; it will not allow you to change an already
# existing password. If you change the admin password via the web interface,
# the one below will no longer be valid.
# If you find yourself locked out of your Zope/Python installation, you may
# add an emergency user via "bin/plonectl adduser".
user=admin:**********

############################################
# Debug Options
# -------------
# Start Zope/Plone instances in "fg" mode to turn on debug mode;
# this will dramatically slow Plone.
#
# Add-on developers should turn deprecation warnings on
deprecation-warnings = off
# change verbose-security to "on" for useful security errors while developing
verbose-security = off

############################################
# Parts Specification
#--------------------
# Specifies the components that should be included in the buildout.
# Most are defined in the base.cfg extension; you may add your
# own if you need them at the end of this file.
parts =
    instance
    repozo
    backup
    zopepy
    unifiedinstaller
    precompiler
    setpermissions

############################################
# Major Parts
# ----------------------
# These common parts make use of sane base settings from
# base.cfg. To customize a part, just add whatever options
# you need. Read base.cfg for common settings.

[instance]
<= instance_base
recipe = plone.recipe.zope2instance
http-address = 8080
############################################
# Versions Specification
# ----------------------
# Version information supplied here will "pin" Python packages to a particular
# version number, even when you use the "newest" flag running buildout.
# Specifying versions for all packages is a good idea and can prevent
# accidental changes when you add new packages to your buildout.
# Note that versions specified here will override those specified earlier
# in the configuration, including those from the Plone and Zope version
# config files.
#
[versions]
# Use the setuptools and zc.buildout versions that are
# available in our Python environment.
setuptools =
zc.buildout =
bobtemplates.plone = 1.0.1
buildout.sanitycheck = 1.0.2
collective.checkdocs = 0.2
collective.recipe.backup = 3.0.0
colorama = 0.3.7
MarkupSafe = 0.23
mr.bob = 0.1.2
pkginfo = 1.2.1
plone.recipe.unifiedinstaller = 4.3.2
Products.DocFinderTab = 1.0.5
requests-toolbelt = 0.6.0
twine = 1.6.5
zest.pocompile = 1.4
zest.releaser = 6.6.4

The university where I worked uses plone.app.ldap with ActiveDirectory configured to present an LDAP interface, but I don't know how to set that up in ActiveDirectory.

You may also have a problem in the way you've configured your Plone LDAP plugin. Difficult to say/debug from the outside.

To view what's going on, start your instance or client in the foreground, e.g.

bin/instance fg

or

bin/client1 fg

or view the logs with something like

tail -f event.log

See other debugging tips at http://docs.plone.org/manage/troubleshooting/basic.html and http://training.plone.org/5/api.html#debugging

OK.

Getting somewhere. Stack crash/traceback:

zope.configuration.xmlconfig.ZopeXMLConfigurationError: File "/opt/plone/zinstance/parts/instance/etc/site.zcml", line 16.2-16.23
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/Products.ATContentTypes-2.2.11-py2.7.egg/Products/ATContentTypes/configure.zcml", line 18.2-18.44
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.collection-1.1.6-py2.7.egg/plone/app/collection/configure.zcml", line 9.2-9.45
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.querystring-1.3.14-py2.7.egg/plone/app/querystring/configure.zcml", line 11.2-11.42
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.registry-1.3.11-py2.7.egg/plone/app/registry/configure.zcml", line 12.4-12.34
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.registry-1.3.11-py2.7.egg/plone/app/registry/browser/configure.zcml", line 6.4-6.43
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.z3cform-1.2.0-py2.7.egg/plone/app/z3cform/configure.zcml", line 10.2-10.41
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.widgets-2.0.4-py2.7.egg/plone/app/widgets/configure.zcml", line 12.2-12.41
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/Products.CMFPlone-5.0.4-py2.7.egg/Products/CMFPlone/configure.zcml", line 108.4-112.10
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.ldap-1.4.0.dev0-py2.7.egg/plone/app/ldap/configure.zcml", line 15.2-15.32
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.ldap-1.4.0.dev0-py2.7.egg/plone/app/ldap/browser/configure.zcml", line 5.4-9.8
    ImportError: No module named formlib.formbase

So to my eggs, I added:

zope.formlib

It didn't complain on buildout, so then I ran the instance again:

And it still all falls apart down here:

  File "/opt/plone/buildout-cache/eggs/plone.app.ldap-1.4.0.dev0-py2.7.egg/plone/app/ldap/browser/controlpanel.py", line 2, in <module>
    from five.formlib.formbase import EditForm
zope.configuration.xmlconfig.ZopeXMLConfigurationError: File "/opt/plone/zinstance/parts/instance/etc/site.zcml", line 16.2-16.23
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/Products.ATContentTypes-2.2.11-py2.7.egg/Products/ATContentTypes/configure.zcml", line 18.2-18.44
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.collection-1.1.6-py2.7.egg/plone/app/collection/configure.zcml", line 9.2-9.45
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.querystring-1.3.14-py2.7.egg/plone/app/querystring/configure.zcml", line 11.2-11.42
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.registry-1.3.11-py2.7.egg/plone/app/registry/configure.zcml", line 12.4-12.34
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.registry-1.3.11-py2.7.egg/plone/app/registry/browser/configure.zcml", line 6.4-6.43
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.z3cform-1.2.0-py2.7.egg/plone/app/z3cform/configure.zcml", line 10.2-10.41
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.widgets-2.0.4-py2.7.egg/plone/app/widgets/configure.zcml", line 12.2-12.41
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/Products.CMFPlone-5.0.4-py2.7.egg/Products/CMFPlone/configure.zcml", line 108.4-112.10
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.ldap-1.4.0.dev0-py2.7.egg/plone/app/ldap/configure.zcml", line 15.2-15.32
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/plone.app.ldap-1.4.0.dev0-py2.7.egg/plone/app/ldap/browser/configure.zcml", line 5.4-9.8
    ImportError: No module named formlib.formbase

I'm curious why you chose to use plone.app.ldap 1.4.0 which according to https://github.com/plone/plone.app.ldap/blob/master/CHANGES.rst is unreleased. The latest released version is 1.3.2... have you tried it instead? Or perhaps you need to pin five.formlib to a newer version.

1 Like

As the line above tells you seem to need (at least at this point) five.formlib instead of zope.formlib

A post was split to a new topic: Pas.plugins.ldap install fails on Windows because of Samba

A post was merged into an existing topic: Pas.plugins.ldap install fails on Windows because of Samba

3 posts were split to a new topic: Help with pas.plugins.ldap 1.4?