[Setup] problem on plone.app.ldap with plone 4.1.3

34 views
Skip to first unread message

Stuart Marshall

unread,
Feb 2, 2012, 1:49:45 PM2/2/12
to Se...@lists.plone.org
Hi,

I am struggling to get plong.app.ldap working with a new Plone 4.1.3
installation. It partially works, and I'm trying to understand what I
can do to debug or fix the remaining problem.

Installation details:

- new install of 4.1.3 with Unified installer
- python_ldap-2.4.7
- openldap-2.4.23
- plone.app.ldap 1.2.7 with patch from
https://github.com/plone/plone.app.ldap/issues/1

The ldap server runs on the same machine (apacheds 1.5.7 on port
10389). The ldap server has ~270 users in the DIT.

Behavoir:

- Connection of Plone to the ldap server is okay.

- Plone LDAP configuration (ldap-controlpanel) works fine (after the
patch listed above)

- LDAP Schema mapping is saved including:

ldap plone
uid
kmail ->email
cn ->fullname
kURL ->home_page
kBiography ->description
kLocation ->location

The Main Problem:

Items in "Personal Information" page (eg.
/Plone/@@user-information?userid=marshall) are not filled in from
ldap. That is, the forms where a user would edit these fields
{Full Name, E-mail, Home Page, Biography, Location} are blank. I
was expecting that these fields would be filled in from ldap. They
are blank for both the administrator or a regular user.

However, when accessing via the ZMI at
/Plone/acl_users/ldap-plugin/acl_users/manage_workspace and using
the search function under the "Users" tab, the fields are filled
in.

The Questions:

1.) What can I do to trace the source of the problem. Specifically how
can I debug the code that generates the "Personal Information" page.
It seems like it should get the same info that the corresponding ZMI
page uses.

A Comment:

This particular ldap client setup (plone.app.ldap+python-ldap+openlap)
seems to be rather inefficient in terms of communication with the ldap
server (apacheds here). The ldap server log files show a large number
of transactions per user search including some very unusual filter
definitions. In fact, I had to check the "many users", "many groups"
boxes because otherwise it took ~1 minute for plone to update the
"users overview" page (/Plone/@@usergroup-userprefs). It may be due
to plone's idea of the user tree or may be due to plone.app.ldap's
design.

thanks for listening,
Stuart


_______________________________________________
Setup mailing list
Se...@lists.plone.org
https://lists.plone.org/mailman/listinfo/plone-setup

petschki

unread,
Feb 28, 2012, 5:22:23 PM2/28/12
to se...@lists.plone.org
I've just fighted with the same problem and made this work by changing the
sorting in the "Properties plugin" from /Plone/acl_users. my ldap_plugin had
to be before the "mutable_properties" plugin. Alltough the next problem is,
that my email field is a multivalued field and this doesn't map correctly to
members email field. but after all the value ist there ...

--
View this message in context: http://plone.293351.n2.nabble.com/problem-on-plone-app-ldap-with-plone-4-1-3-tp7248067p7327187.html
Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com.

Stuart Marshall

unread,
Mar 1, 2012, 1:02:27 PM3/1/12
to petschki, se...@lists.plone.org
Thanks! I had done the same thing and will post a summary of steps
at some point.

But I think would agree that an update to plone.app.ldap
instructions would help. Namely pointing out the configuration
issues that need attention. When I went to the docs for the
ldap_lugin (forget which package) it was there, but the docs were
labeled as out of date.

Stuart

Reply all
Reply to author
Forward
0 new messages