LDAPLoginAdapter - Add: Create a new link to an LDAP Directory
Description
LDAPLoginAdapter works just like a user folder. When you create an
LDAPLoginAdapter object, its id will always be set to acl_users.
There is one important difference between LDAPLoginAdapters and User
Folders: LDAPLoginAdapters do not contain users (That's why they're
not called LDAPUserFolders), rather, LDAPLoginAdapters authenticate
against an LDAP server. This can confuse some Zope users who
think they must add a Zope user in order to allow someone to
access a part of Zope. All you need to do is ensure that the user
has an LDAP database entry, and Zope will let them see the branch
of the object database that the LDAPLoginAdapter authenticates for.
This is not a weakness in security, if a user can't authenticate
against LDAP, they will not be allowed to log into Zope.
When you add a LDAPLoginAdapter object it will ask you for the following:
Controls
-
Title
- The (optional) title for this adapter
-
LDAP Server
- Specify the server name or IP address, optionally followed by
a colon and a port number. If no port number is given a default of 389, which
is the standard port LDAP servers listen on, will be assumed. The server name
must not contain any prefixes like "ldap://".
The LDAPLoginAdapter does not support secure LDAP connections via SSL.
-
Login Name Attribute
- The LDAP record attribute used as the username. The list
of default choices can be changed in the Advanced settings after instantiating
the LDAPLoginAdapter.
-
Search base DN for users
- The DN for the branch of your LDAP database that
contains user records.
-
User Search Scope
- Choose the depth for all searches from the user search base dn
-
Search base DN for groups
- The DN for the branch of your LDAP database that
contains group records. These group records are of the LDAP class
"groupOfUniqueNames" and the entry CN attribute constitutes the group name.
Groups embody Zope roles. A user which is part of a "Manager" group will
have the "Manager" role after authenticating through the LDAPLoginAdapter.
-
Group Search Scope
- Choose the depth for all searches from the group search base dn
-
LDAP bind UID and password
- These are optional for
situations where authentication is needed to
bind to your LDAP server.
-
Default User Roles
- All users authenticated from your ldap tree
will be given the roles you put in this comma-delimited list.
Zope expects all users - anonymous as well as authenticated - to
have the role Anonymous.
-
Add
- Instantiate the LDAPLoginAdapter.