[Setup] Active Directory

Steve Adamo sadamo at concoursgroup.com
Fri Feb 29 19:40:04 UTC 2008


Here is a short write-up ive put together to help folks get user/groups
worked out once they are authenticating against AD... i hope it helps! :)


Since you are now able to access details from AD, you need to setup groups
in Plone, and assign AD accounts to that new group… then, you set the
permissions on a Plone folder, and make the contents only accessible to
members of that new Plone group… 

Quick steps:
•	Open up the Zope Management Interface
•	In the root of your Plone site, click the acl_users folder
•	Click the source_groups link
•	Click the Add a group link (next to current groups)
•	Give the new group an ID, Title and Description
o	ID: ExecGroup
o	Title: Executive Group
o	Description: This group contains members of the executive staff
•	Click on the ExecGroup link (now listed under Current Groups)
•	Click the Assign link (next to the group name at the top)
•	Under Principle ID, type the name of the person you want to add to the
group, and click Search
•	The name should show up in the Available list
•	Click the name, and then click the arrow pointing to the right to drop the
name in the Active group
•	Repeat this process until all the executive members are in the new

•	Login to your Plone site through the browser (as an admin)
•	Create a new folder off the root of the site
•	Give the folder a title and description
•	Once the folder is created, leave the State as Private, but click on the
Sharing (light green tab)
•	Under Search for user or group, type the name of the ExecGroup name and
•	The new group should show up under Logged-in users
•	Check the Can view, Can review, etc. checkboxes in the ExecGroup row, and
click Save (leave the inherit permissions box checked)

Now when your employees that are in the ExecGroup login to the plone site,
they will be the only ones who can see/access that folder.  Post all those
sensitive materials etc. in that new folder, and you should be set!


lebluethunder wrote:
> Hi Adamo
> I have this installed over windows:
>     * Plone 3.0.5
>     * CMF-2.1.0
>     * Zope (Zope 2.10.5-final, python 2.4.4, win32)
>     * Python 2.4.4 (#71, Oct 18 2006, 08:34:43) [MSC v.1310 32 bit
> (Intel)]
>     * PIL 1.1.6
> your "how-to" is so good. I applied it and it worked so fine. But I can
> manage groups and users at the plone to sharing folders.
> I was reading about install python-ldap and simplon.plone.ldap but the
> readmes isn't clear to me over windows. the python-ldap that I found was
> the 2.0.6 version for python 2.4 but It doesn't say how to install it.
> I need some "how-to" like yours to install that products or I need to know
> where i should copy the contents of that products and from where I can
> download the python-ldap to my python 2.4.4.
> Can somebody help me please?
> Steve Adamo wrote:
>> Hi Larry,
>> For some reason, a recent “how-to” I put together last month is not
>> showing up in search results. You can find the content here:
>> http://plone.org/documentation/how-to/authenticating-users-with-active-directory-plone-3-x
>> This is a step-by-step guide to enabling AD authentication with Plone 3.x
>> in a Windows environment.
>> Hope it works for you!
>> Steve

View this message in context: http://www.nabble.com/Active-Directory-tp14711775s15482p15765473.html
Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com.

More information about the Setup mailing list