Integrating pas.plugins.ldap with Plone and Zope for LDAP Authentication

pas.plugins.ldap is a LDAP Plugin for the Zope Pluggable Authentication Service (PAS) that provides user and group information from an LDAP directory. In this article, we will explore how to integrate pas.plugins.ldap with Plone and Zope to enable LDAP authentication in your applications.

Installation and Dependencies

To use pas.plugins.ldap, you need to have python-ldap installed. On a Debian-based system, you can install the necessary development libraries with the following command:

#bash
sudo apt install python-dev libldap2-dev libsasl2-dev libssl-dev

Once the dependencies are installed, you can add pas.plugins.ldap to your buildout configuration. For Zope, add the following lines to your buildout.cfg file:

#ini
[buildout]
...
eggs =
    ...
    pas.plugins.ldap

zcml =
    ...
    pas.plugins.ldap

For Plone, add the following lines to your buildout.cfg file:

#ini
[buildout]
...
eggs =
    ...
    pas.plugins.ldap

After modifying your buildout configuration, run buildout and restart Zope or Plone.

Integration with Zope

To integrate pas.plugins.ldap with Zope, browse to your acl_users folder and add an LDAP Plugin. Configure the plugin using the settings form and activate its features with the activate tab.

Integration with Plone

To integrate pas.plugins.ldap with Plone, go to the Plone control-panel, select extensions, and install the LDAP Plugin. A new LDAP Settings icon will appear on the left. Click it and configure the plugin there.

Caching

By default, pas.plugins.ldap does not cache LDAP queries. To improve performance, it is recommended to configure a memcached server as the LDAP query cache. This can be done by modifying the pas.plugins.ldap.cache.VOLATILE_CACHE_MAXAGE setting.

Limitations and Future Optimizations

pas.plugins.ldap has been tested and developed primarily for non-Windows systems. It may work under Windows, but proper installation of python-ldap and recognition by buildout is required.

The package performs well for several thousands of users or groups, except when listing users. Future optimizations can be made to improve performance in listing users, with potential optimizations in the underlying node.ext.ldap library.

Learn More and Contribute

The source code for pas.plugins.ldap is hosted on GitHub at https://github.com/collective/pas.plugins.ldap. You can clone the repository or get access to the GitHub Collective to contribute to the project. The maintainers are Robert Niederreiter, Jens Klein, and the BlueDynamics Alliance developer team.

If you are interested in contributing or need assistance with the project, please contact the maintainers at dev@bluedynamics.com.

In conclusion, integrating pas.plugins.ldap with Plone and Zope allows you to leverage LDAP authentication in your applications. With proper installation and configuration, you can provide seamless authentication for users from an LDAP directory.