Zope Role Mapping with pas.plugins.ldap

Back in the Products.LDAPUserFolder days, we could map an LDAP group to a Zope role using a convenient control panel on the "Groups" tab of the plugin:
An example of LDAP Groups to Zope Role mappings
Now that we're firmly ensconcing ourselves in Plone 5.1 and updating to pas.plugins.ldap, is there a similar feature? If not, a suggested way of getting the same result?

With pas.plugins.ldap you can expose the LDAP groups you need as standard Plone groups. After having them as full featured Plone Groups, you can use Plone's default role assigning feature.

Thanks. This did the trick.

I got this to work by:

  1. Making sure the LDAP page group size was ≥ the number of groups in the group branch (otherwise it would take half an hour to search for the group to change).
  2. Adding portal_groups.editGroup to my setuphandlers to automate this during installation (couldn't find a GenericSetup handler).


If you do not need all groups from LDAP in Plone, a method for speedup is to change the query to something more limiting.