Users and groups management with LDAP
One of the downsides of adding users and groups in this way is that they only exist in the Plone database (ZODB) and as such, may be difficult to manage in large numbers.
Not to mention, you may need to deploy to an organization where an existing user database is in use (for example, LDAP or Active Directory (AD).
Connecting Plone to LDAP and Active Directory is covered in detail in Chapter 21 of "Practical Plone 3", Packt Publishing (https://www.packtpub.com/practical-plone-3-beginners-guide-to-building-powerful-websites/book). So, we will not repeat all of that information here (although there is some overlap).
We will not cover the installation of OpenLDAP or Active Directory, too. We will assume you (or a system administrator) can manage the task (if it is required by your organization).
What we will cover here is the installation and setup of plone.app.ldap, with a particular focus on how Buildout works, and how to achieve results as quickly as possible...
