Metadata-Version: 1.1
Name: pas.plugins.ldap
Version: 1.5.3
Summary: LDAP/AD Plugin for Plone/Zope PluggableAuthService (users+groups)
Home-page: https://pypi.python.org/pypi/pas.plugins.ldap
Author: BlueDynamics Alliance
Author-email: dev@bluedynamics.com
License: BSD like
Description-Content-Type: UNKNOWN
Description: .. image:: https://secure.travis-ci.org/collective/pas.plugins.ldap.png
            :target: http://travis-ci.org/#!/collective/pas.plugins.ldap
        
        .. image:: https://coveralls.io/repos/collective/pas.plugins.ldap/badge.svg?branch=master&service=github
            :target: https://coveralls.io/github/collective/pas.plugins.ldap?branch=master
        
        This is a `LDAP <https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol>`_ Plugin for the `Zope2 <http://zope2.zope.org>`_ `Pluggable Authentication Service (PAS) <http://pypi.python.org/pypi/Products.PluggableAuthService>`_.
        
        It provides users and/or groups from an LDAP directory.
        
        It works in a plain Zope2 even if it depends on `PlonePAS <http://pypi.python.org/pypi/Products.PlonePAS>`_.
        
        If `Plone <https://plone.org>`_ is installed an integration layer with a setup-profile and a plone-controlpanel page is available.
        
        ``pas.plugins.ldap`` is **not** releated to the old LDAPUserFolder/ LDAPMultiPlugins and the packages (i.e. PloneLDAP) stacked on top of it in any way.
        
        It is based on **node.ext.ldap**, an almost framework independent LDAP stack.
        
        For now users and groups can't be added or deleted. Properties on both are read/write.
        
        See section *TODO*.
        
        
        Installation
        ============
        
        Dependencies
        ------------
        
        This package depends on ``python-ldap``.
        
        To build it correctly you need to have some development libraries included in your system.
        
        On a Debian-based installation use:
        
        .. code-block:: console
        
            sudo apt install python-dev libldap2-dev libsasl2-dev libssl-dev
        
        
        Zope2
        -----
        
        Add to the instance section of your buildout:
        
        .. code-block:: ini
        
            eggs =
                ...
                pas.plugins.ldap
        
            zcml =
                ...
                pas.plugins.ldap
        
        Run buildout. Restart Zope.
        
        Browse to your acl_users folder and add an LDAP-Plugin.
        
        Configure it using the settings form and activate its features with the ``activate`` tab.
        
        
        Plone
        -----
        
        Add to the instance section of your buildout:
        
        .. code-block:: ini
        
            eggs =
                ...
                pas.plugins.ldap
        
        Run buildout. Restart Plone.
        
        Then go to the Plone control-panel, select ``extensions`` and install the LDAP Plugin.
        
        A new LDAP Settings icon appear on the left. Click it and configure the plugin there.
        
        To use an own integration-profile, add to the profiles ``metadata.xml`` file:
        
        .. code-block:: xml
        
            ...
            <dependencies>
                ...
                <dependency>profile-pas.plugins.ldap.plonecontrolpanel:default</dependency>
            </dependencies>
            ...
        
        Additionally ldap settings can be exported and imported with ``portal_setup``.
        You can place the exported ``ldapsettings.xml`` in your integration profile, so it will be imported with your next install again.
        
        **Warning:**
        
           **The ldap-password is in there in plain text!**
        
        
        Caching
        =======
        
        By default the LDAP-queries are not cached.
        
        A must have for a production environment is having `memcached <http://memcached.org/>`_ server configured as LDAP query cache.
        
        Without this this module is slow (as any other module talking to LDAP will be).
        
        Cache at least for ~6 seconds, so a page load with all its resources is covered also in worst case.
        
        The UGM tree is cached by default on the request, that means its built up every request from (cached) ldap queries.
        
        There is an alternative adapter available which will cache the ugm tree as volatile attribute on the persistent plugin.
        
        Volatile attributes are not persisted in the ZODB.
        If the plugin object vanishes from ZODB cache the atrribute is gone.
        
        The volatile plugin cache can be activated by loading its zcml with ``<include package="pas.plugins.ldap" file="cache_volatile.zcml"``.
        
        The caching time can be influenced by overriding the value in ``pas.plugins.ldap.cache.VOLATILE_CACHE_MAXAGE``.
        
        It defaults to 10 and its unit is seconds.
        
        **Note:**
        
           **Caching the UGM tree longer than one request means it could contain outdated data.**
        
        If you plan a different implementation of UGM tree caching,provide your own adapter implementing ``pas.plugins.ldap.interfaces.IPluginCacheHandler``.
        
        
        Limitations and Future Optimizations
        ====================================
        
        This package works fine for several 10000 users or groups, *unless you search or list users*.
        
        This is not that much a problem for small amount of users.
        There is room for future optimization in the underlying `node.ext.ldap <https://pypi.python.org/pypi/node.ext.ldap>`_.
        
        It currently does not support paginated queries.
        Many LDAP servers are having a maximum page size per answer.
        
        If the result is larger than this number, the query might fail or be truncated.
        Contact us if you have resources in time or budget for this development task.
        
        
        Source Code
        ===========
        
        If you want to help with the development (improvement, update, bug-fixing, ...) of ``pas.plugins.ldap`` this is a great idea!
        
        The code is located in the `GitHub Collective <https://github.com/collective/pas.plugins.ldap>`_.
        
        You can clone it or `get access to the GitHub Collective <https://collective.github.com/>`_ and work directly on the project.
        
        Maintainers are Robert Niederreiter, Jens Klein and the `BlueDynamics Alliance <https://bluedynamics.com/>`_ developer team.
        
        We appreciate any contribution and if a release is needed to be done on pypi, please just contact one of us:
        `dev@bluedynamics dot com <mailto:dev@bluedynamics.com>`_
        
        
        Contributors
        ============
        
        - Jens W. Klein
        - Robert Niederrreiter
        - Florian Friesdorf
        - Daniel Widerin
        - Johannes Raggam
        - Luca Fabbri
        
        TODO
        ====
        
        See also `Issue-Tracker <https://github.com/collective/pas.plugins.ldap/issues>`_
        
        
        Milestone 2.0
        -------------
        
        - remove portrait monkey patch
        - add/delete users
        - add/delete groups
        - add flags for readonly groups and users
        - modes for only groups or only users from ldap
        - SSL/TLS configuration TTW
        - creation defaults TTW
        - group in group (depends on: node.ext.ldap: group.groups support)
        - roles from ldap
        - Option on LDAP inspector whether to use query filters from users and
          groups config
        
        History
        =======
        
        1.5.3 (2017-12-15)
        ------------------
        
        - Remove manual LDAP search pagination on UGM principal ``search`` calls.
          This is done in downstream API as of ``node.ext.ldap`` 1.0b7.
          [rnix]
        
        - Fix testing: register plugin type of PlonePAS.
          [jensens, fredvd, mauritsvanrees]
        
        - Overhaul of test setup (travis).
          [jensens]
        
        
        1.5.2 (2017-10-20)
        ------------------
        
        - Set the memcached TTW setting in the form definition to unicode, so that you
          can save the controlpanel form if you change this field.
          [fredvd]
        
        - Improve README
          [svx]
        
        
        1.5.1 (2016-10-18)
        ------------------
        
        - Fix: TTW setting of ``page_size`` resulted in float value.
          Now set form datattype to integer.
          Thanks @datakurre for reporting!
          [jensens]
        
        
        1.5 (2016-10-06)
        ----------------
        
        - No changes.
        
        
        1.5b1 (2016-09-09)
        ------------------
        
        - GroupEnumeration paged.
          [jensens]
        
        - UserEnumeration paged.
          [jensens]
        
        - Add page_size server property.
          [jensens]
        
        - Fix LDAP check.
          [jensens]
        
        - Split profiles for Plone 4 and 5.
          [jensens]
        
        - fix tests for Plone 5
          [jensens]
        
        - Fixed LDAP errors not handled. This prevent leave the site broken
          just after the installation of the plugin
          [keul]
        
        - Adopt LDAP instector to use DN instead of RDN for node identification.
          [rnix]
        
        - Add dummy ``defaults`` setting to ``UsersConfig`` and ``GroupsConfig``
          adapters. These defaults are used to set child creation defaults, thus
          concrete implementation is postponed until user and group creation is
          supported through plone UI.
          [rnix]
        
        - Add ``ignore_cert`` setting to ``LDAPProps`` adapter.
          [rnix]
        
        - Remove ``check_duplicates`` setting which is not available any more in
          node.ext.ldap.
          [rnix]
        
        - Use node.ext.ldap 1.0b1.
          [rnix]
        
        - major speedup expected by using node.ext.ldap >=1.0a1
          [jensens]
        
        - use implementer decorator for better readability.
          [jensens]
        
        - Fix setuptools to v7.0.
          [jensens]
        
        
        1.4.0 (2014-10-24)
        ------------------
        
        - Feature: Alternative volatile cache for UGM tree on plugin.
          [jensens]
        
        - overhaul test setup
          [jensens]
        
        - introduce pluggable caching mechanism on ugm-tree level, defaults to
          caching on request. Can be overruled by providing an adapter implementing
          ``pas.plugins.ldap.interfaces.IPluginCacheHandler``.
          [jensens]
        
        - log how long it takes to build up a users or groups tree.
          [jensens]
        
        1.3.2 (2014-09-10)
        ------------------
        
        - Small fixes in inspector.
          [rnix]
        
        
        1.3.1 (2014-08-05)
        ------------------
        
        - Fix dependency versions.
          [rnix]
        
        
        1.3.0 (2014-05-12)
        ------------------
        
        - Raise ``RuntimeError`` instead of ``KeyError`` when password change method
          couldn't locate the user in LDAP tree. Maybe it's a local user and
          ``Products.PlonePAS.pas.userSetPassword`` expects a ``RuntimeError`` to be
          raised in this case.
          [saily]
        
        
        1.2.0 (2014-03-13)
        ------------------
        
        - add property ``check_duplicates``. Adds ability to disable duplicates check
          for keys in ldap in order to avoid failure if ldap strcuture is not perfect.
        
        - Add new property to disable duplicate primary/secondary key checking
          in LDAP trees. This allows pas.plugins.ldap to read LDAP tree and ignore
          duplicated items instead of raising::
        
            Traceback (most recent call last):
            ...
            RuntimeError: Key not unique: <key>='<value>'.
        
        
        1.1.0 (2014-03-03)
        ------------------
        
        - ldap errors dont block that much if ldap is not reachable,
          timeout blocked in past the whole zope. now default timeout for retry is
          300s - and some code cleanup
          [jensens]
        
        - use more modern base for testing
          [jensens]
        
        - Add URL example to widget help information how to specify an ldap uri.
          [saily]
        
        - Add new bootstrap v2
          [saily]
        
        
        1.0.2
        -----
        
        - sometimes ldap returns an empty string as portrait. take this as no portrait.
          [jensens, 2013-09-11]
        
        1.0.1
        -----
        
        - because of passwordreset problem we figured out that pas searchUsers calls
          plugins search with both login and name, which was passed to ugm and returned
          always an empty result
          [benniboy]
        
        1.0
        ---
        
        - make it work.
        
        - base work done so far in ``bda.pasldap`` and ``bda.plone.ldap`` was merged.
        
        License
        =======
        
        Copyright (c) 2010-2017, BlueDynamics Alliance, Austria, Germany, Switzerland
        All rights reserved.
        
        Redistribution and use in source and binary forms, with or without
        modification, are permitted provided that the following conditions are met:
        
        * Redistributions of source code must retain the above copyright notice, this 
          list of conditions and the following disclaimer.
        * Redistributions in binary form must reproduce the above copyright notice, this 
          list of conditions and the following disclaimer in the documentation and/or 
          other materials provided with the distribution.
        * Neither the name of the BlueDynamics Alliance nor the names of its 
          contributors may be used to endorse or promote products derived from this 
          software without specific prior written permission.
              
        THIS SOFTWARE IS PROVIDED BY BlueDynamics Alliance ``AS IS`` AND ANY
        EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
        WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
        DISCLAIMED. IN NO EVENT SHALL BlueDynamics Alliance BE LIABLE FOR ANY
        DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
        (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
        LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
        ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
        (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
        SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
        
Keywords: zope2 pas plone ldap authentication
Platform: UNKNOWN
Classifier: Environment :: Web Environment
Classifier: Framework :: Zope2
Classifier: Framework :: Plone
Classifier: Framework :: Plone :: 5.0
Classifier: Framework :: Plone :: 5.1
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2.7
Classifier: Operating System :: OS Independent
Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2)
