[Setup] Plone + LDAP

Steve Adamo sadamo at concoursgroup.com
Wed Jan 16 14:38:32 UTC 2008

I too was frustrated with finding "how-tos" to assist with my AD
Authentication. After a little fumbling around, I finally managed to just
write my own guide:

Once I was authenticating successfully, i ran into a similar problem with
users/groups. Now, I'm by no means up to speed on exactly how Plone manages
this critical component, but i've outlined the steps i took to handle the
basics. Hopefully it will help push you in the right direction.

•	Open up the Zope Management Interface
•	In the root of your Plone site, click the acl_users folder
•	Click the source_groups link
•	Click the Add a group link (next to current groups)
•	Give the new group an ID, Title and Description
o	ID: ExecGroup
o	Title: Executive Group
o	Description: This group contains members of the executive staff
•	Click on the ExecGroup link (now listed under Current Groups)
•	Click the Assign link (next to the group name at the top)
•	Under Principle ID, type the name of the person you want to add to the
group, and click Search
•	The name should show up in the Available list
•	Click the name, and then click the arrow pointing to the right to drop the
name in the Active group
•	Repeat this process until all the executive members are in the new

•	Login to your Plone site through the browser (as an admin)
•	Create a new folder off the root of the site
•	Give the folder a title and description
•	Once the folder is created, leave the State as Private, but click on the
Sharing (light green tab)
•	Under Search for user or group, type the name of the ExecGroup name and
•	The new group should show up under Logged-in users
•	Check the Can view, Can review, etc. checkboxes in the ExecGroup row, and
click Save (leave the inherit permissions box checked)

Now when your employees that are in the ExecGroup login to the plone site,
they will be the only ones who can see/access that folder.

Clemens Steinkogler wrote:
> I installed Plone 3.0.5 on my Debian machine with
> LDAP/ActiveDirectoy-support and authenticating with my Microsoft
> ActiveDirectory (on another server ;) account is working. I also mapped a
> group where I'm user of to the "Manager" role. But if I login again on my
> site I can't edit or add a page. So for example: How can I assign my
> useraccount/group the same rights like the "admin"-account?
> Where are howtos for this issue?
> It's really a pitty that there is no really good LDAP howto that is
> covering such things. I had to search really long before I found what I
> needed only to add this feature but it seems that I can't find
> documentations for further configuring.
> I beg for help. Has anybody configured Plone with AD?

View this message in context: http://www.nabble.com/Plone-%2B-LDAP-tp14877652s15482p14881403.html
Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com.

More information about the Setup mailing list