When an ldap based member has their properties updated by a site admin in the @@user-information form, the member properties are updated in LDAP, but cached values remain in use in Plone. I've attempted to invalidate the cache from the zmi in acl_users and acl_users/ldap-plugin/manage_activateInterfacesForm with intermittent results.

I've tested this in a bare Plone 4.2.5 site using plone.app.ldap version 1.3.0.

Might be a bug of LDAPUserFolder, so I reported it also there: https://bugs.launchpad.net/ldapuserfolder/+bug/1308201
(Might be related to #3)

Go to myplonesite.org/@@change-password (or "My Setting" => "Password" tab)

Then try to change your old password to one that contains Umlauts like Ä, ä, Ö, ö, Ü or ü.

Then you get the following traceback:

Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module ZPublisher.Publish, line 48, in call_object
  Module zope.formlib.form, line 795, in __call__
  Module five.formlib.formbase, line 50, in update
  Module zope.formlib.form, line 776, in update
  Module zope.formlib.form, line 620, in success
  Module plone.app.users.browser.personalpreferences, line 471, in action_reset_passwd
  Module <string>, line 4, in setPassword
  Module plone.protect.utils, line 46, in _curried
  Module <string>, line 4, in setPassword
  Module AccessControl.requestmethod, line 70, in _curried
  Module Products.PlonePAS.tools.membership, line 572, in setPassword
  Module Products.PlonePAS.pas, line 100, in _doChangeUser
  Module Products.PlonePAS.pas, line 365, in userSetPassword
  Module Products.PloneLDAP.mixins.usermgmt, line 22, in doChangeUser
  Module Products.LDAPUserFolder.LDAPUserFolder, line 1688, in manage_editUserPassword
  Module Products.LDAPUserFolder.utils, line 87, in _createLDAPPassword
  Module AccessControl.AuthEncoding, line 220, in pw_encrypt
  Module AccessControl.AuthEncoding, line 117, in encrypt
UnicodeEncodeError: 'ascii' codec can't encode character u'\xc4' in position 3: ordinal not in range(128)

PS
Might be also be related to https://bugs.launchpad.net/ldapuserfolder/+bug/898921

There is a default "Plone Property" named "mail" under "LDAP Schema". I think this is a typo, very hard to find, as one wants to map an ldap property of mailaddress to this "mail" property, one would think that this maps a user's mail setting in Plone.

However, the Plone property for mail adresses is actually named "email".

Please fix this typo as it is rather puzzling while setting up plone.app.ldap to match properties between ldap and plone.

Prepared support Plone4? thanks

https://travis-ci.org/plone/plone.app.ldap/jobs/74074299#L3121

Unfortunately Microsaft's AD allows Group Ids with Umlauts. plone.app.ldap has no strategy to deal with umlauts in group ids.

(Pdb) 2012-04-03 15:42:46 ERROR Zope.SiteErrorLog 1333460566.540.0499230695886 http://139.11.81.52:8080/plone/@@new-user
Traceback (innermost last):
Module ZPublisher.Publish, line 126, in publish
Module ZPublisher.mapply, line 77, in mapply
Module Products.PDBDebugMode.runcall, line 70, in pdb_runcall
Module ZPublisher.Publish, line 46, in call_object
Module zope.formlib.form, line 795, in call
Module five.formlib.formbase, line 50, in update
Module zope.formlib.form, line 758, in update
Module zope.formlib.form, line 739, in setUpWidgets
Module zope.formlib.form, line 266, in setUpWidgets
Module zope.schema._field, line 408, in bind
Module zope.schema._field, line 291, in bind
Module Zope2.App.schema, line 33, in get
Module plone.app.users.browser.register, line 173, in getGroupIds
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe4 in position 1: ordinal not in range(128)

Additional criteria for AD should be:

(|(groupType:1.2.840.113556.1.4.803:=2147483648)(&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))))

This ensures that all ldap queries are filtered specifically for "either Groups (including DL) and active user accounts)"

This should be the default. (groupType:1.2.840.113556.1.4.803:=2147483648) could be removed if you are not using LDAP groups.

The clue to why my 4.3.X plone groups panel was returning unusable encoded names from ActiveDirectory was within your description of why the objectguid cannot be used for user id attribute.

You might add a note in the installation instructions that this is also important for groups: to also use sAMAccountName to hook those up properly in plone. Took a lot of web searches for me to find the missing step.

This was tricky to resolve, because ZMI (and getGroups() from the lower acl_users level) presents the group names fine even using objectguid vs. the encoded problem in plone. A quick change to groupid_attr in Plone Active Directory plugin properties seems to have fixed it up.

I guess it also doesn't help that the user id attribute is configured separately from the group id attribute in ZMI, but the controls are there.

Saving the LDAP Configuration control panel blows away settings for local_groups and additional_user_search_filter on the LDAPUserFolder. The control panel should either expose these settings or preserve them.

Clicking on Add-on Configuration -> LDAP Connection raises error:

TypeError: ('Could not adapt', <PloneSite at /Plone>, <InterfaceClass plone.app.ldap.engine.interfaces.ILDAPBinding>) 

(with Plone 4.3.1)

Hi!, I've installed plone.app.ldap 1.3.0 in Plone 4.3, I can see the users already present in the directory, but all the new users are not created in the directory and I don't see any option to enable that.

Is this expected?

p.a.ldap only provides IUserEnumerationPlugin and not IUserIntrospection, so its users do not show up in portal_membership.listMembers(). Should it?

(As is, the current workaround is to search for Members with userids containing '' and then explicitly get those Members one by one, which seems clumsy.)

See: https://travis-ci.org/plone/plone.app.ldap/builds/70302789

The README.txt states that you "need to install PloneLDAP and its requirements in your Zope instance
before you can use plone.app.ldap". However, the product page of PloneLDAP states that it has been superceded by plone.app.ldap. Which one is it? :)

The attribute meta_type on the root ldapplugin element of the exported ldap_plugin.xml file is not used during the import. Therefore the ActiveDirectory plugin gets imported as standard LDAP plugin and does not work.

On Plone 4.1 I'm getting zope instances hanging indefinatly during certain network conditions (a ssh tunnel restarts intermittently for example).
I think it could be related to which timeouts are specified e.g.
http://stackoverflow.com/questions/6679910/python-ldap-simple-bind-s-timeout

Having otherwise successfully connected a Plone 4.1.5 site to an Active Directory server, I noticed there was no mapping from LDAP (AD) attributes to Plone member properties (in fact the AD server had no email data, but there were convenient attributes to be used as fullname).

I finally found http://www.catapultsolutions.net/resources/plone-cms-talks-w-ms-active-directory.html and followed the suggestion of visiting acl_users/plugins in the ZMI and reordering active Properties Plugins. With ldap-plugins at the top,
fullname was finally correctly mapped from the AD attribute I had chosen..

Even if nothing else is changed, it would thus be nice to have that tip included in the brief plone.app.ldap doc text...

Module zope.tales.tales, line 696, in evaluate

• URL:...../eggs/plone.app.ldap-1.3.0-py2.7.egg/plone/app/ldap/browser/controlpanel.pt
• Line 275, Column 31
• Expression: <PathExpr standard:u'context/confirm_icon.gif'>
• Names:
  {'args': (),
  'container': <PloneSite at /aaa>,
  'context': <PloneSite at /aaa>,
  'default': <object object at 0x7f055b9bbb40>,
  'here': <PloneSite at /aaa>,
  'loop': {},
  'nothing': None,
  'options': {},
  'repeat': <Products.PageTemplates.Expressions.SafeMapping object at 0x85c14c8>,
  'request': <HTTPRequest, URL=http://www-test.de:8010/aaa/@@ldap-controlpanel>,
  'root': ,
  'template': <Products.Five.browser.pagetemplatefile.ViewPageTemplateFile object at 0x9c2f290>,
  'traverse_subpath': [],
  'user': <PropertiedUser 'admin'>,
  'view': <Products.Five.metaclass.LDAPControlPanel object at 0x9ca2050>,
  'views': <Products.Five.browser.pagetemplatefile.ViewMapper object at 0x9c2f310>}
  Module zope.tales.expressions, line 217, in call
  Module Products.PageTemplates.Expressions, line 147, in _eval
  Module zope.tales.expressions, line 124, in _eval
  Module Products.PageTemplates.Expressions, line 94, in trustedBoboAwareZopeTraverse
  Module OFS.Traversable, line 300, in unrestrictedTraverse
• traceback_info: ([], 'confirm_icon.gif')
  KeyError: 'confirm_icon.gif'

Hello everybody,
I'm trying to install via buildout (on Windows) plone.app.ldap.
Could you tell what is the exact find-link to use buildout?
Ayway I manually downloaded plone.app.ldap-1.4.3.tar.gz and put in a folder indicated in the buildout.cfg.
Installation requires six...

I'm using Plone 4.2 under WIndows 10.
Any hint?

Luca

Any attempt of save configuration, add server, etc. ends up with TypeError after clicking Save. I have tested with different buildouts and UnifiedInstaller. In all cases installation is fresh and have created new Plone site with plone.app.ldap addon installed.

2011-11-25 12:48:01 CRITICAL event.LDAPDelegate No servers defined
2011-11-25 12:48:01 ERROR Zope.SiteErrorLog 1322218081.060.0726167258739 http://localhost:8080/Plone/+ldapserver/plone.LdapServer
Traceback (innermost last):
Module ZPublisher.Publish, line 126, in publish
Module ZPublisher.mapply, line 77, in mapply
Module ZPublisher.Publish, line 46, in call_object
Module zope.formlib.form, line 795, in call
Module five.formlib.formbase, line 50, in update
Module zope.formlib.form, line 776, in update
Module zope.formlib.form, line 620, in success
Module plone.app.ldap.browser.baseform, line 64, in handle_save_action
Module zope.formlib.form, line 901, in createAndAdd
Module plone.app.ldap.browser.server, line 53, in create
Module zope.event, line 31, in notify
Module zope.component.event, line 24, in dispatch
Module zope.component._api, line 136, in subscribers
Module zope.component.registry, line 321, in subscribers
Module zope.interface.adapter, line 585, in subscribers
Module zope.component.event, line 32, in objectEventNotify
Module zope.component._api, line 136, in subscribers
Module zope.component.registry, line 321, in subscribers
Module zope.interface.adapter, line 585, in subscribers
Module plone.app.ldap.ploneldap.server, line 21, in HandleCreated
Module plone.app.ldap.ploneldap.util, line 42, in guaranteePluginExists
Module plone.app.ldap.ploneldap.util, line 86, in createLDAPPlugin
Module plone.app.ldap.ploneldap.util, line 173, in enablePASInterfaces
TypeError: argument of type 'NoneType' is not iterable
2011-11-25 12:48:01 CRITICAL event.LDAPDelegate No servers defined

Tested with:
Plone-4.1.2-UnifiedInstaller and buildout with http://dist.plone.org/release/4.1.2/versions.cfg

Versions:
Plone == 4.1.2
plone.app.ldap == 1.2.7
python_ldap == 2.4.4

I solved the problem with:

--- plone/app/ldap/engine/storage.py~
+++ plone/app/ldap/engine/storage.py
@@ -30,7 +30,7 @@
default_user_roles = ""
read_only = False
activated_interfaces = []

• activated_plugins = None
• activated_plugins = []
  cache = ''

https://travis-ci.org/plone/plone.app.ldap/jobs/74074299#L3122

Hi,

i am trying to use plone.app.ldap in a Plone 5 environment. Installation via buildout was fine. Quick Installing in Plone works also. But using the control panel view and adding a new server or a new schema leads in the following error:

Traceback (innermost last):
  Module ZPublisher.Publish, line 138, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module Products.PDBDebugMode.runcall, line 71, in pdb_runcall
  Module ZPublisher.Publish, line 48, in call_object
  Module zope.formlib.form, line 800, in __call__
  Module zope.formlib.form, line 920, in render
  Module zope.formlib.form, line 790, in render
  Module plone.app.form._named, line 42, in __call__
  Module Products.Five.browser.pagetemplatefile, line 125, in __call__
  Module Products.Five.browser.pagetemplatefile, line 59, in __call__
  Module zope.pagetemplate.pagetemplate, line 132, in pt_render
  Module five.pt.engine, line 93, in __call__
  Module z3c.pt.pagetemplate, line 163, in render
  Module chameleon.zpt.template, line 257, in render
  Module chameleon.template, line 190, in render
  Module chameleon.template, line 172, in render
  Module 8a51f2b01b43baec52fa6a94857d1613d392a885.py, line 123, in render
  Module five.pt.expressions, line 154, in __call__
  Module five.pt.expressions, line 126, in traverse
  Module zope.traversing.adapters, line 136, in traversePathElement
   - __traceback_info__: (<Products.Five.metaclass.PropertyAdding object at 0x7fbae510aa90>, 'main_template')
  Module zope.traversing.adapters, line 50, in traverse
   - __traceback_info__: (<Products.Five.metaclass.PropertyAdding object at 0x7fbae510aa90>, 'main_template', ('macros', 'master'))
LocationError: (<Products.Five.metaclass.PropertyAdding object at 0x7fbae510aa90>, 'main_template')

 - Expression: "context/main_template/macros/master"
 - Filename:   ... pp.form-2.3.2-py2.7.egg/plone/app/form/addingpageform.pt
 - Location:   (5:23)
 - Source:     ... etal:use-macro="context/main_template/macros/master">
                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - Arguments:  repeat: {...} (0)
               template: <ViewPageTemplateFile - at 0x7fbae6ed6b10>
               views: <ViewMapper - at 0x7fbae499d090>
               modules: <instance - at 0x7fbaef769a70>
               args: <tuple - at 0x7fbafa641050>
               here: <ImplicitAcquisitionWrapper +ldapschema at 0x7fbae70d1e10>
               user: <ImplicitAcquisitionWrapper - at 0x7fbae70e2780>
               nothing: <NoneType - at 0x7b1070>
               container: <ImplicitAcquisitionWrapper +ldapschema at 0x7fbae70d1e10>
               request: <instance - at 0x7fbae6f00998>
               wrapped_repeat: <SafeMapping - at 0x7fbae4b65628>
               traverse_subpath: <list - at 0x7fbae3564560>
               default: <object - at 0x7fbafa617bc0>
               loop: {...} (0)
               context: <ImplicitAcquisitionWrapper +ldapschema at 0x7fbae70d1e10>
               view: <PropertyAddForm plone.LdapProperty at 0x7fbae510aad0>
               translate: <function translate at 0x7fbae4bc9410>
               root: <ImplicitAcquisitionWrapper Zope at 0x7fbae71bcf00>
               options: {...} (0)
               target_language: <NoneType - at 0x7b1070>

I would suggest, that it has something todo with the formlib based forms, which are used here. It was possible to set servers and schemas via the debugger. Than the access to the users and authentication seems to work also...

Is there a way to use this plugin to authenticate in the ZMI?, for now ZMI only authenticates with the "users" plugin.