Chapter 18. Authenticating with LDAP or Active Directory
Until now, we have stored users and groups in the ZODB, using Plone's built-in user management functionality. This works well for standalone sites, but many organizations have centralized user databases, usually in LDAP or Microsoft Active Directory repositories. Using an external user database means that site members do not have to be explicitly created in Plone, and that users can keep the same username and password across multiple systems.
In this chapter, we will cover:
- The basics of LDAP and Active Directory
- Setting up a test environment using OpenLDAP
- Connecting Plone to LDAP and Active Directory
LDAP and Active Directory
LDAP is not black magic voodoo, even if it can feel that way sometimes. It is in fact very logical, but it uses unfamiliar terminology and relies on precise specifications of how things are stored and searched. Luckily, it is not very difficult to connect to an existing repository for authentication...
