Plone 5.0.x, app.ldap, and app.form broken

I'm struggling to prove Plone is useful to my organization which requires AD LDAP authentication. Thus far I've tried and failed to use the following combinations:

Plone 5.0.6, plone.app.ldap 1.4.0, plone.app.form 2.3.2
Plone 5.0.6, plone.app.ldap 1.3.2, plone.app.form 2.2.7
Plone 5.0.7, plone.app.ldap 1.4.0, plone.app.form 2.3.2
Plone 5.0.7, plone.app.ldap 1.3.2, plone.app.form 2.2.7

Each of those combinations does this:

Traceback (innermost last):
Module ZPublisher.Publish, line 138, in publish
Module ZPublisher.mapply, line 77, in mapply
Module ZPublisher.Publish, line 48, in call_object
Module zope.formlib.form, line 800, in __call__
Module zope.formlib.form, line 920, in render
Module zope.formlib.form, line 790, in render
Module zope.browserpage.namedtemplate, line 60, in __get__
Module zope.component._api, line 96, in getAdapter
ComponentLookupError: (<Products.Five.metaclass.PropertyAddForm object at 0x7ff97ddfdbd0>, <InterfaceClass zope.browserpage.namedtemplate.INamedTemplate>, 'default')

Steps to reproduce:

  • install Plone v5.0.6 or v5..07 per Plone instructions
  • edit buildout.cfg to include these eggs
    plone.app.ldap
    plone.app.form
  • rebuild using, sudo -u plone_buildout bin/buildout
  • start plone in the foreground for testing, bin/plonectl fg

Logon to web interface, enter Site config, install LDAP add-in, enter LDAP configuration, click the button to add a LDAP Server

Maybe @jensens has some ideas

you should try pas.plugins.ldap instead.

1 Like

Indeed, pas.plugins.ldap is much more flexible. It is not perfect, but we work on it in order to make it even better. And we love to hear from you, all contributions are welcome, bug reports, pull requests, or a good word about it :wink:

I have successfully installed pas.plugins.ldap-1.5.1 with a small bug fix of running chmod -R g+r /path/to/Plone/buildout-cache after the build out and everything works. But as per my post Plone 5.0.7 LDAP - pas.plugins.ldap-1.5.1 connection test fails their is something that derails the connection test on save. Maybe you can try installing it and see if you have the same error then maybe Mr jensens can take a look at it for us ?

Please remember we are all volunteers here, but if you'd like to hire Jens I'm sure he'd be willing to listen :slight_smile:

My apologies if my comment came across as rude or demanding, that was not my intention.

It's more that I'm trying to make sure that you don't expect Jens to do anything like debug your system. If you hire him, then I'm sure he'd be ok with it. But as a volunteer, he would likely (as I would) only want to help you based on information you post here. The more detailed the better. For example, in your other post, it seems to me that the issue could be in how you configured the plugin. But, without knowing the specifics of your LDAP schema and other settings, it's impossible to know. If you've run into what you think is a bug, you have to provide us with enough information to replicate it.

I can tell you for sure that people have used Plone 5 and AD LDAP successfully.

The component lookup error above is in fact (Products.Five.metaclass.PropertyAddForm, zope.browserpage.namedtemplate.INamedTemplate, "default").
It may indicate a missing ZCML registration.

Some eggs depend on egg specific ZCML registrations but do not use "z3c.autoinclude". For those eggs, it is not sufficient to extend the eggs buildout definition, but in addition the zcml definition must be extended as well.

Not sure whether the eggs mentioned in this problem report belong to those eggs.

Thanks for all the suggestions. I'll try each and provide feedback in different messages here.

Per the suggestion to edit the ZCML section of the buildout ...

fresh install of Plone 5.0.7
... confirmed Plone running and added first site

Edited buildoutcfg by adding
plone.app.ldap and plone.app.form to EGGS section
with plone.app.form added to ZCML section
rebuild = OK with the following warnings

Got Products.PloneLDAP 1.2.
Getting distribution for 'Products.LDAPUserFolder'.

Installed /tmp/easy_install-iwzQjv/Products.LDAPUserFolder-2.27/.eggs/setuptools_git-1.2-py2.7.egg
  File "build/bdist.linux-x86_64/egg/Products/LDAPUserFolder/skins/cmfldap/members_add_control.py", line 32
    return context.setStatus(False, errmsg)
SyntaxError: 'return' outside function

  File "build/bdist.linux-x86_64/egg/Products/LDAPUserFolder/skins/cmfldap/join_form.py", line 26
    return
SyntaxError: 'return' outside function

  File "/opt/plone/buildout-cache/eggs/tmpcE3LLR/Products.LDAPUserFolder-2.27-py2.7.egg/Products/LDAPUserFolder/skins/cmfldap/members_add_control.py", line 32
    return context.setStatus(False, errmsg)
SyntaxError: 'return' outside function

  File "/opt/plone/buildout-cache/eggs/tmpcE3LLR/Products.LDAPUserFolder-2.27-py2.7.egg/Products/LDAPUserFolder/skins/cmfldap/join_form.py", line 26
    return
SyntaxError: 'return' outside function

Got Products.LDAPUserFolder 2.27.

... running this configuration using, bin/plonectl fg

On web interface, go to add-ins, Install LDAP support, and see the following warnings

2017-03-29 12:31:11 INFO GenericSetup.ldapsettings
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/ZServer/PubCore/ZServerPublisher.py", line 31, in __init__
    response=b)
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/ZPublisher/Publish.py", line 455, in publish_module
    environ, debug, request, response)
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/ZPublisher/Publish.py", line 249, in publish_module_standard
    response = publish(request, module_name, after_list, debug=debug)
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/ZPublisher/Publish.py", line 143, in publish
    notify(PubBeforeCommit(request))
  File "/opt/plone/buildout-cache/eggs/zope.event-3.5.2-py2.7.egg/zope/event/__init__.py", line 31, in notify
    subscriber(event)
  File "/opt/plone/buildout-cache/eggs/zope.component-3.9.5-py2.7.egg/zope/component/event.py", line 24, in dispatch
    zope.component.subscribers(event, None)
  File "/opt/plone/buildout-cache/eggs/zope.component-3.9.5-py2.7.egg/zope/component/_api.py", line 136, in subscribers
    return sitemanager.subscribers(objects, interface)
  File "/opt/plone/buildout-cache/eggs/zope.component-3.9.5-py2.7.egg/zope/component/registry.py", line 321, in subscribers
    return self.adapters.subscribers(objects, provided)
  File "/opt/plone/buildout-cache/eggs/zope.interface-3.6.7-py2.7-linux-x86_64.egg/zope/interface/adapter.py", line 585, in subscribers
    subscription(*objects)
  File "/opt/plone/buildout-cache/eggs/plone.transformchain-1.2.0-py2.7.egg/plone/transformchain/zpublisher.py", line 85, in applyTransformOnSuccess
    transformed = applyTransform(event.request)
  File "/opt/plone/buildout-cache/eggs/plone.transformchain-1.2.0-py2.7.egg/plone/transformchain/zpublisher.py", line 74, in applyTransform
    transformed = transformer(request, result, encoding)
  File "/opt/plone/buildout-cache/eggs/plone.transformchain-1.2.0-py2.7.egg/plone/transformchain/transformer.py", line 49, in __call__
    newResult = handler.transformIterable(result, encoding)
  File "/opt/plone/buildout-cache/eggs/plone.protect-3.0.23-py2.7.egg/plone/protect/auto.py", line 182, in transformIterable
    if not self.check():
  File "/opt/plone/buildout-cache/eggs/plone.protect-3.0.23-py2.7.egg/plone/protect/auto.py", line 207, in check
    return self._check()
  File "/opt/plone/buildout-cache/eggs/plone.protect-3.0.23-py2.7.egg/plone/protect/auto.py", line 279, in _check
    traceback.print_stack(),
2017-03-29 12:31:11 INFO plone.protect None

Continue with install of LDAP.
Configure the LDAP Connection add-in, click Add LDAP Server, get these warnings

2017-03-29 12:33:06 ERROR Zope.SiteErrorLog 1490805186.970.0900153174975 http://janus:8085/staffportal/+ldapserver/plone.LdapServer
Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module ZPublisher.Publish, line 48, in call_object
  Module zope.formlib.form, line 800, in __call__
  Module zope.formlib.form, line 920, in render
  Module zope.formlib.form, line 790, in render
  Module plone.app.form._named, line 42, in __call__
  Module Products.Five.browser.pagetemplatefile, line 125, in __call__
  Module Products.Five.browser.pagetemplatefile, line 59, in __call__
  Module zope.pagetemplate.pagetemplate, line 132, in pt_render
  Module five.pt.engine, line 98, in __call__
  Module z3c.pt.pagetemplate, line 163, in render
  Module chameleon.zpt.template, line 261, in render
  Module chameleon.template, line 191, in render
  Module chameleon.template, line 171, in render
  Module e42f66efdf8dc611fd11016dfedb4bd7.py, line 123, in render
  Module five.pt.expressions, line 154, in __call__
  Module five.pt.expressions, line 126, in traverse
  Module zope.traversing.adapters, line 136, in traversePathElement
   - __traceback_info__: ([Products.Five.metaclass.ServerAdding object at 0x7fbe573f1c50], 'main_template')
  Module zope.traversing.adapters, line 50, in traverse
   - __traceback_info__: ([Products.Five.metaclass.ServerAdding object at 0x7fbe573f1c50], 'main_template', ('macros', 'master'))
LocationError: ([Products.Five.metaclass.ServerAdding object at 0x7fbe573f1c50], 'main_template')

 - Expression: "context/main_template/macros/master"
 - Filename:   ... pp.form-2.3.2-py2.7.egg/plone/app/form/addingpageform.pt
 - Location:   (line 5: col 23)
 - Source:     ... etal:use-macro="context/main_template/macros/master"]
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - Arguments:  repeat: {...} (0)
               template: [ViewPageTemplateFile - at 0x7fbe5b412a10]
               views: [ViewMapper - at 0x7fbe58795dd0]
               modules: [instance - at 0x7fbe61b28c68]
               args: [tuple - at 0x7fbe6a3bf050]
               here: [ImplicitAcquisitionWrapper +ldapserver at 0x7fbe58f0adc0]
               user: [ImplicitAcquisitionWrapper - at 0x7fbe58f0a370]
               nothing: [NoneType - at 0x936be0]
               container: [ImplicitAcquisitionWrapper +ldapserver at 0x7fbe58f0adc0]
               request: [instance - at 0x7fbe59870908]
               wrapped_repeat: [SafeMapping - at 0x7fbe596c8b50]
               traverse_subpath: [list - at 0x7fbe58e28560]
               default: [object - at 0x7fbe6a2da590]
               loop: {...} (0)
               context: [ImplicitAcquisitionWrapper +ldapserver at 0x7fbe58f0adc0]
               view: [ServerAddForm plone.LdapServer at 0x7fbe58795290]
               translate: [function translate at 0x7fbe571b6de8]
               root: [ImplicitAcquisitionWrapper Zope at 0x7fbe5be07c30]
               options: {...} (0)
               target_language: [NoneType - at 0x936be0]

Go back to LDAP Connection configuration, add info to the few blank required fields, click SAVE, see the following warnings

  2017-03-29 12:34:47 CRITICAL event.LDAPDelegate No servers defined
  2017-03-29 12:34:47 CRITICAL event.LDAPDelegate No servers defined
  2017-03-29 12:34:47 CRITICAL event.LDAPDelegate No servers defined

Go back to LDAP Connection configuration, click Add LDAP Server and see the following warning,

2017-03-29 12:35:42 ERROR Zope.SiteErrorLog 1490805342.840.822181003448 http://janus:8085/staffportal/+ldapserver/plone.LdapServer
Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module ZPublisher.Publish, line 48, in call_object
  Module zope.formlib.form, line 800, in __call__
  Module zope.formlib.form, line 920, in render
  Module zope.formlib.form, line 790, in render
  Module plone.app.form._named, line 42, in __call__
  Module Products.Five.browser.pagetemplatefile, line 125, in __call__
  Module Products.Five.browser.pagetemplatefile, line 59, in __call__
  Module zope.pagetemplate.pagetemplate, line 132, in pt_render
  Module five.pt.engine, line 98, in __call__
  Module z3c.pt.pagetemplate, line 163, in render
  Module chameleon.zpt.template, line 261, in render
  Module chameleon.template, line 191, in render
  Module chameleon.template, line 171, in render
  Module e42f66efdf8dc611fd11016dfedb4bd7.py, line 123, in render
  Module five.pt.expressions, line 154, in __call__
  Module five.pt.expressions, line 126, in traverse
  Module zope.traversing.adapters, line 136, in traversePathElement
   - __traceback_info__: ([Products.Five.metaclass.ServerAdding object at 0x7fbe573e50d0], 'main_template')
  Module zope.traversing.adapters, line 50, in traverse
   - __traceback_info__: ([Products.Five.metaclass.ServerAdding object at 0x7fbe573e50d0], 'main_template', ('macros', 'master'))
LocationError: ([Products.Five.metaclass.ServerAdding object at 0x7fbe573e50d0], 'main_template')

 - Expression: "context/main_template/macros/master"
 - Filename:   ... pp.form-2.3.2-py2.7.egg/plone/app/form/addingpageform.pt
 - Location:   (line 5: col 23)
 - Source:     ... etal:use-macro="context/main_template/macros/master"]
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - Arguments:  repeat: {...} (0)
               template: [ViewPageTemplateFile - at 0x7fbe5b412a10]
               views: [ViewMapper - at 0x7fbe587a7cd0]
               modules: [instance - at 0x7fbe61b28c68]
               args: [tuple - at 0x7fbe6a3bf050]
               here: [ImplicitAcquisitionWrapper +ldapserver at 0x7fbe59a570a0]
               user: [ImplicitAcquisitionWrapper - at 0x7fbe59a57190]
               nothing: [NoneType - at 0x936be0]
               container: [ImplicitAcquisitionWrapper +ldapserver at 0x7fbe59a570a0]
               request: [instance - at 0x7fbe5aba2f38]
               wrapped_repeat: [SafeMapping - at 0x7fbe58743788]
               traverse_subpath: [list - at 0x7fbe59d95a70]
               default: [object - at 0x7fbe6a2da590]
               loop: {...} (0)
               context: [ImplicitAcquisitionWrapper +ldapserver at 0x7fbe59a570a0]
               view: [ServerAddForm plone.LdapServer at 0x7fbe573e5d50]
               translate: [function translate at 0x7fbe56f74938]
               root: [ImplicitAcquisitionWrapper Zope at 0x7fbe58ecb3c0]
               options: {...} (0)
               target_language: [NoneType - at 0x936be0]

Feedback here for the pas.plugins.ldap add-in ...

fresh install of Plone 5.0.7
... confirmed Plone running and added first site

Edited buildoutcfg by adding
pas.plugins.ldap to EGGS section , per instructions here https://pypi.python.org/pypi/pas.plugins.ldap
Rebuild = OK, with the following warnings

Getting distribution for 'PyYAML'.
build/temp.linux-x86_64-2.7/check_libyaml.c:2:18: fatal error: yaml.h: No such file or directory
 #include ]yaml.h]
                  ^
compilation terminated.

libyaml is not found or a compiler error: forcing --without-libyaml

.........

Getting distribution for 'smbpasswd'.
smbpasswd.c: In function ‘lmhash’:
smbpasswd.c:100:18: warning: pointer targets in passing argument 2 of ‘E_P16’ differ in signedness [-Wpointer-sign]
     E_P16(lmpwd, hashout);
                  ^
smbpasswd.c:35:6: note: expected ‘unsigned char *’ but argument is of type ‘char *’
 void E_P16(unsigned char *p14,unsigned char *p16);
      ^
smbpasswd.c: In function ‘nthash’:
smbpasswd.c:125:12: warning: pointer targets in passing argument 1 of ‘mdfour’ differ in signedness [-Wpointer-sign]
     mdfour(hashout, pwd, pwd_len);
            ^
smbpasswd.c:34:6: note: expected ‘unsigned char *’ but argument is of type ‘char *’
 void mdfour(unsigned char *out, unsigned char *in, int n);
      ^
smbpasswd.c:125:21: warning: pointer targets in passing argument 2 of ‘mdfour’ differ in signedness [-Wpointer-sign]
     mdfour(hashout, pwd, pwd_len);
                     ^
smbpasswd.c:34:6: note: expected ‘unsigned char *’ but argument is of type ‘char *’
 void mdfour(unsigned char *out, unsigned char *in, int n);
      ^
zip_safe flag not set; analyzing archive contents...

Started Plone with bin/plonectl fg , fails with the following errors

Traceback (most recent call last):
  File "/opt/plone/zinstance/parts/instance/bin/interpreter", line 298, in ]module]
    exec(compile(__file__f.read(), __file__, "exec"))
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/Zope2/Startup/run.py", line 76, in ]module]
    run()
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/Zope2/Startup/run.py", line 22, in run
    starter.prepare()
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/Zope2/Startup/__init__.py", line 92, in prepare
    self.startZope()
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/Zope2/Startup/__init__.py", line 268, in startZope
    Zope2.startup()
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/Zope2/__init__.py", line 47, in startup
    _startup()
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/Zope2/App/startup.py", line 120, in startup
    load_zcml()
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/Zope2/App/startup.py", line 52, in load_zcml
    load_site()
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/Zope2/App/zcml.py", line 46, in load_site
    _context = xmlconfig.file(site_zcml)
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/xmlconfig.py", line 649, in file
    include(context, name, package)
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/xmlconfig.py", line 548, in include
    processxmlfile(f, context)
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/xmlconfig.py", line 380, in processxmlfile
    parser.parse(src)
  File "/usr/lib/python2.7/xml/sax/expatreader.py", line 107, in parse
    xmlreader.IncrementalParser.parse(self, source)
  File "/usr/lib/python2.7/xml/sax/xmlreader.py", line 123, in parse
    self.feed(buffer)
  File "/usr/lib/python2.7/xml/sax/expatreader.py", line 210, in feed
    self._parser.Parse(data, isFinal)
  File "/usr/lib/python2.7/xml/sax/expatreader.py", line 352, in end_element_ns
    self._cont_handler.endElementNS(pair, None)
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/xmlconfig.py", line 359, in endElementNS
    self.context.end()
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/config.py", line 558, in end
    self.stack.pop().finish()
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/config.py", line 706, in finish
    actions = self.handler(context, **args)
  File "/opt/plone/buildout-cache/eggs/Zope2-2.13.26-py2.7.egg/OFS/metaconfigure.py", line 46, in loadProducts
    xmlconfig.include(_context, zcml, package=product)
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/xmlconfig.py", line 548, in include
    processxmlfile(f, context)
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/xmlconfig.py", line 380, in processxmlfile
    parser.parse(src)
  File "/usr/lib/python2.7/xml/sax/expatreader.py", line 107, in parse
    xmlreader.IncrementalParser.parse(self, source)
  File "/usr/lib/python2.7/xml/sax/xmlreader.py", line 123, in parse
    self.feed(buffer)
  File "/usr/lib/python2.7/xml/sax/expatreader.py", line 210, in feed
    self._parser.Parse(data, isFinal)
  File "/usr/lib/python2.7/xml/sax/expatreader.py", line 352, in end_element_ns
    self._cont_handler.endElementNS(pair, None)
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/xmlconfig.py", line 359, in endElementNS
    self.context.end()
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/config.py", line 558, in end
    self.stack.pop().finish()
  File "/opt/plone/buildout-cache/eggs/zope.configuration-3.7.4-py2.7.egg/zope/configuration/config.py", line 706, in finish
    actions = self.handler(context, **args)
  File "/opt/plone/buildout-cache/eggs/z3c.autoinclude-0.3.6-py2.7.egg/z3c/autoinclude/zcml.py", line 101, in includePluginsDirective
    info = PluginFinder(dotted_name).includableInfo(zcml_to_look_for)
  File "/opt/plone/buildout-cache/eggs/z3c.autoinclude-0.3.6-py2.7.egg/z3c/autoinclude/plugin.py", line 15, in includableInfo
    for plugin_distribution in find_plugins(self.dottedname):
  File "/opt/plone/buildout-cache/eggs/z3c.autoinclude-0.3.6-py2.7.egg/z3c/autoinclude/plugin.py", line 25, in find_plugins
    for ep in iter_entry_points('z3c.autoinclude.plugin'):
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 725, in iter_entry_points
    entries = dist.get_entry_map(group)
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2656, in get_entry_map
    self._get_metadata('entry_points.txt'), self
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2386, in parse_map
    for group, lines in data:
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2984, in split_sections
    for line in yield_lines(s):
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2246, in yield_lines
    for ss in strs:
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2582, in _get_metadata
    for line in self.get_metadata_lines(name):
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1472, in get_metadata_lines
    return yield_lines(self.get_metadata(name))
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1468, in get_metadata
    value = self._get(self._fn(self.egg_info, name))
  File "/opt/plone/zinstance/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1577, in _get
    with open(path, 'rb') as stream:
zope.configuration.xmlconfig.ZopeXMLConfigurationError: File "/opt/plone/zinstance/parts/instance/etc/site.zcml", line 12.2-12.39
    ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/Products.CMFPlone-5.0.7-py2.7.egg/Products/CMFPlone/meta.zcml", line 46.4-50.10
    IOError: [Errno 13] Permission denied: '/opt/plone/buildout-cache/eggs/plumber-1.3.1-py2.7.egg/EGG-INFO/entry_points.txt'

Per instructions found in this message thread I alter the file permissions in the buildout-cache folder
chmod -R g+r /path/to/Plone/buildout-cache

Started Plone with bin/plonectl fg
Install LDAP/AD support add-in
Configure LDAP/AD support add-in, getting the following error when saving configuration options

2017-03-29 13:45:35 ERROR pas.plugins.ldap Non-LDAP error while connection test!
Traceback (most recent call last):
  File "/opt/plone/buildout-cache/eggs/pas.plugins.ldap-1.5.1-py2.7.egg/pas/plugins/ldap/properties.py", line 153, in connection_test
    ugm.users.iterkeys().next()
StopIteration

The error message does not have anything helpful to better diagnose the issue here. The values added to the LDAP configuration are the same used on other Linux machines which authenticate with our AD server without trouble. I'm not sure what a Non-LDAP error means. Perhaps a bug in the plugin?

I'm unsure if the issue noted in this thread is related:

I'm sure someone out there has Active Directory working with Plone v5.

UPDATE

I was able to get a good connection by editing the search query and object class. For those seeking assistance configuring a connection to AD here are the variables as I have them set:

Users search query = (objectClass=user)
Object class = user
Object class = person
Object class = organizationalPerson

Perhaps the docs for the pas.plugin.ldap can be updated with some of the basic tips for authenticating with AD such as basic AD LDAP attributes and classes

I'll report back here with further findings.

UPDATE 2

With minor sucess installing pas.plugin.ldap I move forward assuring our AD users can logon to Plone.

Go to Site Setup
Choose Users and Groups, error

2017-03-29 14:09:28 ERROR Zope.SiteErrorLog 1490810968.180.655026486193 http://janus:8085/staffportal/@@usergroup-userprefs
Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module ZPublisher.Publish, line 48, in call_object
  Module Products.CMFPlone.controlpanel.browser.usergroups_usersoverview, line 44, in __call__
  Module Products.CMFPlone.controlpanel.browser.usergroups_usersoverview, line 69, in doSearch
  Module Products.PluggableAuthService.PluggableAuthService, line 230, in getUserById
  Module Products.PluggableAuthService.PluggableAuthService, line 789, in _findUser
  Module Products.PluggableAuthService.PluggableAuthService, line 720, in _getGroupsForPrincipal
  Module pas.plugins.ldap.plugin, line 318, in getGroupsForPrincipal
  Module node.ext.ldap.ugm._api, line 203, in groups
  Module plumber._instructions, line 385, in entrance
  Module node.behaviors.nodespace, line 38, in __getitem__
  Module node.locking, line 32, in _locktree_decorator
  Module node.ext.ldap.ugm._api, line 476, in __getitem__
KeyError: u'Smith Bent'

I'm guessing something in the LDAP configuration still isn't right. However from this traceback error the cause is quite unclear. Is the error on the data returned in a certain field? If so, which one? What does a "keyerror" mean to me?

For sure, do not use plone.app.ldap with Plone 5. Use pas.plugins.ldap. I think someone needs to indicate that on the plone.app.ldap README...

Well, looking at https://github.com/plone/plone.app.ldap it seems that the maintainers think it works with Plone 5.0 and 5.1, according to https://github.com/plone/plone.app.ldap/blob/master/setup.py#L15 even though the README doesn't say anything about Plone 5 (but does mention Plone 3 and 4). @MrTango ?

The traceback tells us that we are in "getGroupsForPrincipal". This is calling "groups" - which finally leads to a KeyError: u'Smith Bent'. This indicates that something is problematic with group determination.

Smith Bent does not sound like a group name. If it occurs in connection with a group, it might be, that we have been searching for the groups Smith Bent belongs to and one of those groups does not have this member. Of course, this is a guess only; a look at the code of the functions mentioned in the traceback should allow you to find out what exactly Smith Bent should be and give you some hints about the problem cause.

Indeed we have a security group named "Smith Bent" in our Active Directory. And many others with spaces and special characters. I'm unsure why anything that communicates with LDAP would choke on something so rudimentary. I'll peek into the code for pas.plugins.ldap - however I'm not a Python developer nor familiar with any of the inner-workings and frameworks specific to Plone.

Likely an assuring thing: the "specifics to Plone" ends at "getGroupsForPrincipal" - this functions looks for the groups the "principal" (this likely means the current user; in principle, it could also be a group) belongs to. Below this, you have LDAP specifics.

I do not know the code involved in your traceback below "getGroupsForPrincipal". In general, however, Python code is quite easily to understand.

The error you observe may indicate something like the following:
detail information is collected in a dictionay (syntax either dict() or {...});
in parallel, there seems to be a list of all groups. When the KeyError occurs, maybe a lookup for details fails. In principle, this should not happen -- but you seemlingly observe something like this.

UPDATE

Changed settings for Group in the LDAP configuration.

rdn = gidNumber
id = gidNumber

Those settings permitted the User/Group config page to load but it took about 35 seconds to appear. Clicking on subsequent pages also took 35 seconds.

Also, in order to logon I must use a FDQN account name, not just the username. The username must be suffixed with the full 'at'-FDQN. And no user here knows the FQDN suffix. I'm unable to figure out to make the suffix automatically apply.

Also, I was hoping for SSO (single sign on) to work too since there are many posts regarding this with Plone. For example:
https://docs.plone.org/develop/plone/sessions/login.html#single-sign-on-and-active-directory

However the plugin mentioned there comes with other requirements which are not listed, such as various Kerberos modules. I'm unsure which rabbit hole to follow with "Kerberos modules". Do I look for Plone add-ins? Do I look for Debian (the OS of choice here) for python Kerberos modules?

I did try adding some Debian Python Kerberos modules but they don't work. Running Plone with the NetSight plugin fails with the error:

zope.configuration.xmlconfig.ZopeXMLConfigurationError: File "/opt/plone/zinstance/parts/instance/etc/site.zcml", line 12.2-12.39
ZopeXMLConfigurationError: File "/opt/plone/buildout-cache/eggs/Products.CMFPlone-5.0.7-py2.7.egg/Products/CMFPlone/meta.zcml", line 46.4-50.10
ImportError: No module named kerberos

Well ... this thread has completely turned into something more than app.ldap and app.form information. Perhaps I'll start another for pas.plugin.ldap since that add-in seems somewhat successful, where-as app.ldap clearly does not work under Plone v5.x

Thanks for all the thoughts and comments here.

Plone Foundation Code of Conduct