From ef04c4c3b08f72e802df0308087029b48c604746 Mon Sep 17 00:00:00 2001 From: "alessandro.ceglie" Date: Wed, 17 Feb 2021 18:02:19 +0100 Subject: [PATCH 01/23] implementation of Default User Role scenario. --- src/pas/plugins/ldap/defaults.py | 1 + .../plonecontrolpanel/profiles/base/ldapsettings.xml | 3 +++ src/pas/plugins/ldap/plugin.py | 2 +- src/pas/plugins/ldap/properties.py | 7 ++++++- src/pas/plugins/ldap/properties.yaml | 11 +++++++++++ src/pas/plugins/ldap/testing.py | 1 + 6 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/pas/plugins/ldap/defaults.py b/src/pas/plugins/ldap/defaults.py index a194ef5..cf7b7bc 100644 --- a/src/pas/plugins/ldap/defaults.py +++ b/src/pas/plugins/ldap/defaults.py @@ -9,6 +9,7 @@ "server.ignore_cert": False, "server.start_tls": False, "server.page_size": 1000, + "server.roles": ["Member"], "cache.cache": False, "cache.memcached": "127.0.0.1:11211", "cache.timeout": 300, # seconds diff --git a/src/pas/plugins/ldap/plonecontrolpanel/profiles/base/ldapsettings.xml b/src/pas/plugins/ldap/plonecontrolpanel/profiles/base/ldapsettings.xml index 836e48c..d483449 100644 --- a/src/pas/plugins/ldap/plonecontrolpanel/profiles/base/ldapsettings.xml +++ b/src/pas/plugins/ldap/plonecontrolpanel/profiles/base/ldapsettings.xml @@ -41,6 +41,9 @@ inetOrgPerson + + Anonymous + (objectClass=inetOrgPerson) 1 diff --git a/src/pas/plugins/ldap/plugin.py b/src/pas/plugins/ldap/plugin.py index ac438dc..d8dfedf 100644 --- a/src/pas/plugins/ldap/plugin.py +++ b/src/pas/plugins/ldap/plugin.py @@ -440,7 +440,7 @@ def getRolesForPrincipal(self, principal, request=None): if not users: return default if self.enumerateUsers(id=principal.getId()): - return ('Member', ) + return tuple(set(self._ldap_props.roles + ['Member'])) return default @security.private diff --git a/src/pas/plugins/ldap/properties.py b/src/pas/plugins/ldap/properties.py index 31ab3c5..ae9da8c 100644 --- a/src/pas/plugins/ldap/properties.py +++ b/src/pas/plugins/ldap/properties.py @@ -106,6 +106,7 @@ def fetch(name, default=UNSET): return val props.uri = fetch("server.uri") + if not fetch("server.anonymous"): props.user = fetch("server.user") password = fetch("server.password") @@ -127,8 +128,11 @@ def fetch(name, default=UNSET): props.cache = fetch("cache.cache") props.memcached = fetch("cache.memcached") props.timeout = fetch("cache.timeout") + + props.roles = fetch("users.roles") # a server wide variable, but related to user + users.baseDN = fetch("users.dn") - # build attrmap from static keys and dynamic keys inputs + # build attrmap from static keys and dynamic keys inputs users.attrmap = odict() users.attrmap.update(fetch("users.aliases_attrmap")) users_propsheet_attrmap = fetch("users.propsheet_attrmap") @@ -253,6 +257,7 @@ def __init__(self, plugin): uri = propproxy("server.uri") user = propproxy("server.user") + roles = propproxy("server.roles") password = propproxy("server.password") start_tls = propproxy("server.start_tls") ignore_cert = propproxy("server.ignore_cert") diff --git a/src/pas/plugins/ldap/properties.yaml b/src/pas/plugins/ldap/properties.yaml index 7eb570e..9dc09f0 100644 --- a/src/pas/plugins/ldap/properties.yaml +++ b/src/pas/plugins/ldap/properties.yaml @@ -88,6 +88,17 @@ widgets: value: expr:context.users.memberOfSupport props: label: memberOf attribute supported? + + - roles: + factory: '#array' + value: expr:context.props.roles + props: + label: Roles aquired + array.label: Roles acquired + widgets: + - roles: + factory: field:text + - recursiveGroups: factory: '#field:checkbox' value: expr:context.users.recursiveGroups diff --git a/src/pas/plugins/ldap/testing.py b/src/pas/plugins/ldap/testing.py index 3ea5dc8..82ff174 100644 --- a/src/pas/plugins/ldap/testing.py +++ b/src/pas/plugins/ldap/testing.py @@ -38,6 +38,7 @@ def ldapprops(context): props.uri = ldaptesting.props.uri props.user = ldaptesting.props.user + props.roles = ldaptesting.props.roles props.password = ldaptesting.props.password props.cache = ldaptesting.props.cache props.page_size = ldaptesting.props.page_size From 0a33b1e3f67591cbf3bfbf5ef5036559d32c8000 Mon Sep 17 00:00:00 2001 From: sauzher Date: Tue, 16 Nov 2021 15:42:08 +0100 Subject: [PATCH 02/23] update changelog --- CHANGES.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 9c25f43..3b4bfe7 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,7 +5,8 @@ History 1.8.2 (unreleased) ------------------ -- No changes yet. +- Plugin specific roles aquiring configuration support. + [sauzher] 1.8.1 (2021-10-09) From 2b5ece9be64b5c79b5d90b1946ca0aab00236f20 Mon Sep 17 00:00:00 2001 From: sauzher Date: Tue, 16 Nov 2021 15:52:06 +0100 Subject: [PATCH 03/23] better changelog --- CHANGES.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 3b4bfe7..778c3b9 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,7 +5,7 @@ History 1.8.2 (unreleased) ------------------ -- Plugin specific roles aquiring configuration support. +- Default user roles configuration implementation. [sauzher] From 41116be3af14f87cc3d860940d5232e252f229dc Mon Sep 17 00:00:00 2001 From: Valentin Dumitru Date: Mon, 31 Jul 2023 19:02:10 +0300 Subject: [PATCH 04/23] add uninstall profile --- CHANGES.rst | 4 +- .../ldap/plonecontrolpanel/configure.zcml | 7 ++++ .../ldap/plonecontrolpanel/setuphandlers.py | 39 +++++++++++++++++++ 3 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 src/pas/plugins/ldap/plonecontrolpanel/setuphandlers.py diff --git a/CHANGES.rst b/CHANGES.rst index 28fae20..40cc95f 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,8 +5,8 @@ History 1.8.3 (unreleased) ------------------ -- Nothing changed yet. - +- Add uninstall profile + [dumitval] 1.8.2 (2022-10-31) ------------------ diff --git a/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml b/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml index e261fa1..b699895 100644 --- a/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml +++ b/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml @@ -22,6 +22,13 @@ description="pas.plugins.ldap support for users and groups from ldap/active directory." provides="Products.GenericSetup.interfaces.EXTENSION" /> + + Date: Wed, 2 Aug 2023 19:36:06 +0300 Subject: [PATCH 05/23] remove registry keys and controlpanel when uninstalling --- src/pas/plugins/ldap/plonecontrolpanel/configure.zcml | 1 + .../profiles/uninstall/controlpanel.xml | 6 ++++++ .../plonecontrolpanel/profiles/uninstall/registry.xml | 9 +++++++++ 3 files changed, 16 insertions(+) create mode 100644 src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/controlpanel.xml create mode 100644 src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/registry.xml diff --git a/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml b/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml index b699895..ee68ffd 100644 --- a/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml +++ b/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml @@ -25,6 +25,7 @@ diff --git a/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/controlpanel.xml b/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/controlpanel.xml new file mode 100644 index 0000000..513aee9 --- /dev/null +++ b/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/controlpanel.xml @@ -0,0 +1,6 @@ + + + + + diff --git a/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/registry.xml b/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/registry.xml new file mode 100644 index 0000000..7e43441 --- /dev/null +++ b/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/registry.xml @@ -0,0 +1,9 @@ + + + + + + + + + From a0e6e7cf1cd5ff981a2e2f9a2cf2bb20e2402732 Mon Sep 17 00:00:00 2001 From: Valentin Dumitru Date: Thu, 3 Aug 2023 14:41:28 +0300 Subject: [PATCH 06/23] update yafowil.plone version to match the custom eea one --- setup.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/setup.py b/setup.py index c2eb5bd..419d8fe 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ import os -version = "1.8.3.dev0" +version = "1.8.3-eea.2" shortdesc = "LDAP/AD Plugin for Plone/Zope PluggableAuthService (users+groups)" longdesc = open(os.path.join(os.path.dirname(__file__), "README.rst")).read() longdesc += open(os.path.join(os.path.dirname(__file__), "TODO.rst")).read() @@ -33,7 +33,8 @@ "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python", - "Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP", + "Topic :: System :: Systems Administration :: Authentication/Directory" + " :: LDAP", ], keywords="zope pas plone ldap authentication plugin", author="BlueDynamics Alliance", @@ -63,7 +64,7 @@ "setuptools", "six", "yafowil>=2.3.1", - "yafowil.plone>=4.0.0a3", + "yafowil.plone==4.0.0a6-eea.1", "yafowil.widget.array", "yafowil.widget.dict", "yafowil.yaml", From 44ee73d8e567e43a3fdfb6073022b2652522235c Mon Sep 17 00:00:00 2001 From: valentinab25 <30239069+valentinab25@users.noreply.github.com> Date: Fri, 11 Aug 2023 14:57:55 +0300 Subject: [PATCH 07/23] chore: use dev0 version --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 419d8fe..ae288b4 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ import os -version = "1.8.3-eea.2" +version = "1.8.3.dev0" shortdesc = "LDAP/AD Plugin for Plone/Zope PluggableAuthService (users+groups)" longdesc = open(os.path.join(os.path.dirname(__file__), "README.rst")).read() longdesc += open(os.path.join(os.path.dirname(__file__), "TODO.rst")).read() From 2259d7479096dba09ac1cc3c3bd6dfe84eec4c10 Mon Sep 17 00:00:00 2001 From: valentinab25 Date: Fri, 11 Aug 2023 15:02:14 +0300 Subject: [PATCH 08/23] chore: use dev0 version --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index ae288b4..5a3e93f 100644 --- a/setup.py +++ b/setup.py @@ -64,7 +64,7 @@ "setuptools", "six", "yafowil>=2.3.1", - "yafowil.plone==4.0.0a6-eea.1", + "yafowil.plone==4.0.0a6.dev0", "yafowil.widget.array", "yafowil.widget.dict", "yafowil.yaml", From f7138dc794089fcc8a8d6a228deb3d2ef2646bef Mon Sep 17 00:00:00 2001 From: Valentin Dumitru Date: Fri, 25 Aug 2023 17:40:25 +0300 Subject: [PATCH 09/23] update version to 1.8.3.dev1 for wheel compliance --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 5a3e93f..d1636a0 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ import os -version = "1.8.3.dev0" +version = "1.8.3.dev1" shortdesc = "LDAP/AD Plugin for Plone/Zope PluggableAuthService (users+groups)" longdesc = open(os.path.join(os.path.dirname(__file__), "README.rst")).read() longdesc += open(os.path.join(os.path.dirname(__file__), "TODO.rst")).read() From 157ec4e97460ee86d3151248cd2c2cbbd42e3839 Mon Sep 17 00:00:00 2001 From: Valentin Dumitru Date: Fri, 25 Aug 2023 17:50:39 +0300 Subject: [PATCH 10/23] update dependency to yafowil.plone --- setup.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index d1636a0..9ea3b2e 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ import os -version = "1.8.3.dev1" +version = "1.8.3.dev2" shortdesc = "LDAP/AD Plugin for Plone/Zope PluggableAuthService (users+groups)" longdesc = open(os.path.join(os.path.dirname(__file__), "README.rst")).read() longdesc += open(os.path.join(os.path.dirname(__file__), "TODO.rst")).read() @@ -64,7 +64,7 @@ "setuptools", "six", "yafowil>=2.3.1", - "yafowil.plone==4.0.0a6.dev0", + "yafowil.plone==4.0.0a6.dev1", "yafowil.widget.array", "yafowil.widget.dict", "yafowil.yaml", From 3d73e36cc22ead9e0a7d9ea6d5f0912d19dbafd0 Mon Sep 17 00:00:00 2001 From: Mauro Amico Date: Tue, 17 Oct 2023 22:58:35 +0200 Subject: [PATCH 11/23] use exact_match for searchUsers/searchGroups in getRolesForPrincipal/getPropertiesForUser to avoid unexpected results --- CHANGES.rst | 4 +++- src/pas/plugins/ldap/plugin.py | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 28fae20..c3b3c87 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -5,7 +5,9 @@ History 1.8.3 (unreleased) ------------------ -- Nothing changed yet. +- Fix: use exact_match for searchUsers/searchGroups in getRolesForPrincipal/getPropertiesForUser + to avoid unexpected results + [mamico] 1.8.2 (2022-10-31) diff --git a/src/pas/plugins/ldap/plugin.py b/src/pas/plugins/ldap/plugin.py index b2fd2cb..38cda39 100644 --- a/src/pas/plugins/ldap/plugin.py +++ b/src/pas/plugins/ldap/plugin.py @@ -439,7 +439,7 @@ def getRolesForPrincipal(self, principal, request=None): users = self.users if not users: return default - if self.enumerateUsers(id=principal.getId()): + if self.enumerateUsers(id=principal.getId(), exact_match=True): return ("Member",) return default @@ -561,7 +561,9 @@ def getPropertiesForUser(self, user_or_group, request=None): if not isinstance(ugid, six.text_type): ugid = ugid.decode("utf-8") try: - if self.enumerateUsers(id=ugid) or self.enumerateGroups(id=ugid): + if self.enumerateUsers(id=ugid, exact_match=True) or self.enumerateGroups( + id=ugid, exact_match=True + ): return LDAPUserPropertySheet(user_or_group, self) except KeyError: pass @@ -687,7 +689,6 @@ def getGroupById(self, group_id): for propfinder_id, propfinder in plugins.listPlugins( pas_interfaces.IPropertiesPlugin ): - data = propfinder.getPropertiesForUser(group, None) if not data: continue @@ -696,7 +697,6 @@ def getGroupById(self, group_id): group._addGroups(pas._getGroupsForPrincipal(group, None, plugins=plugins)) # add roles for rolemaker_id, rolemaker in plugins.listPlugins(pas_interfaces.IRolesPlugin): - roles = rolemaker.getRolesForPrincipal(group, None) if not roles: continue From 565f96a82b7b9737e8e002fd8f7d5a4bbc7b06e9 Mon Sep 17 00:00:00 2001 From: Alin Voinea Date: Wed, 18 Oct 2023 17:45:46 +0300 Subject: [PATCH 12/23] fix: Dependency yafowil.plone>=5.0.0a1 and yafowil.bootstrap>=2.0.0a1 --- setup.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 9ea3b2e..a6c0df5 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ import os -version = "1.8.3.dev2" +version = "1.8.3.dev3" shortdesc = "LDAP/AD Plugin for Plone/Zope PluggableAuthService (users+groups)" longdesc = open(os.path.join(os.path.dirname(__file__), "README.rst")).read() longdesc += open(os.path.join(os.path.dirname(__file__), "TODO.rst")).read() @@ -64,7 +64,8 @@ "setuptools", "six", "yafowil>=2.3.1", - "yafowil.plone==4.0.0a6.dev1", + "yafowil.plone>=5.0.0a1", + "yafowil.bootstrap>=2.0.0a1", "yafowil.widget.array", "yafowil.widget.dict", "yafowil.yaml", From 608f7cc78ec1f1839dc86dff3e05a361cf4c5516 Mon Sep 17 00:00:00 2001 From: Sascha Gresk Date: Thu, 7 Dec 2023 15:57:19 +0100 Subject: [PATCH 13/23] just as eee did in pull request 119 - but without changing CHANGES.rst, setup.py --- .../ldap/plonecontrolpanel/configure.zcml | 8 ++++ .../profiles/uninstall/controlpanel.xml | 6 +++ .../profiles/uninstall/registry.xml | 9 +++++ .../ldap/plonecontrolpanel/setuphandlers.py | 39 +++++++++++++++++++ 4 files changed, 62 insertions(+) create mode 100644 src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/controlpanel.xml create mode 100644 src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/registry.xml create mode 100644 src/pas/plugins/ldap/plonecontrolpanel/setuphandlers.py diff --git a/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml b/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml index e261fa1..ee68ffd 100644 --- a/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml +++ b/src/pas/plugins/ldap/plonecontrolpanel/configure.zcml @@ -22,6 +22,14 @@ description="pas.plugins.ldap support for users and groups from ldap/active directory." provides="Products.GenericSetup.interfaces.EXTENSION" /> + + + + + + diff --git a/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/registry.xml b/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/registry.xml new file mode 100644 index 0000000..7e43441 --- /dev/null +++ b/src/pas/plugins/ldap/plonecontrolpanel/profiles/uninstall/registry.xml @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/src/pas/plugins/ldap/plonecontrolpanel/setuphandlers.py b/src/pas/plugins/ldap/plonecontrolpanel/setuphandlers.py new file mode 100644 index 0000000..75c6996 --- /dev/null +++ b/src/pas/plugins/ldap/plonecontrolpanel/setuphandlers.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +from zope.component.hooks import getSite +from pas.plugins.ldap.plugin import LDAPPlugin +import logging + + +logger = logging.getLogger(__name__) + + +TITLE = "LDAP plugin (pas.plugins.ldap)" + + +def _removePlugin(pas, PLUGIN_ID="pasldap"): + installed = pas.objectIds() + if PLUGIN_ID not in installed: + return TITLE + " already uninstalled." + plugin = getattr(pas, PLUGIN_ID) + if not isinstance(plugin, LDAPPlugin): + logger.warning( + "Uninstall aborted. PAS plugin %s is not an LDAPPlugin.", + PLUGIN_ID) + for info in pas.plugins.listPluginTypeInfo(): + interface = info["interface"] + if not interface.providedBy(plugin): + continue + try: + pas.plugins.deactivatePlugin(interface, plugin.getId()) + except KeyError: + # the plugin was not active + pass + pas._delObject(PLUGIN_ID) + logger.info("Removed LDAPPlugin %s from acl_users.", PLUGIN_ID) + + +def uninstall(context): + site = getSite() + pas = site.acl_users + _removePlugin(pas) + \ No newline at end of file From 5bddad9a33f15789e3e2e898a9a0a067ab05ae7b Mon Sep 17 00:00:00 2001 From: mamoep <26142342+mamoep@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:07:30 +0200 Subject: [PATCH 14/23] fix: avoid credential logging in debug mode Log only login name but not the password in debug mode. --- src/pas/plugins/ldap/plugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pas/plugins/ldap/plugin.py b/src/pas/plugins/ldap/plugin.py index 38cda39..a72818e 100644 --- a/src/pas/plugins/ldap/plugin.py +++ b/src/pas/plugins/ldap/plugin.py @@ -221,7 +221,7 @@ def authenticateCredentials(self, credentials): pw = credentials.get("password") if not (login and pw): return default - logger.debug("credentials: %s" % credentials) + logger.debug("login: %s" % login) users = self.users if not users: return default From fcf997e149e3b39271ee6f8104535a8c4647c72f Mon Sep 17 00:00:00 2001 From: metbosch Date: Tue, 8 Oct 2024 10:13:29 +0200 Subject: [PATCH 15/23] Add tls_cacertfile, tls_cacertdir, tls_clcertfile and tls_clkeyfile options --- src/pas/plugins/ldap/defaults.py | 4 ++++ src/pas/plugins/ldap/properties.py | 8 ++++---- src/pas/plugins/ldap/properties.yaml | 24 ++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/src/pas/plugins/ldap/defaults.py b/src/pas/plugins/ldap/defaults.py index 67796f3..6ec957f 100644 --- a/src/pas/plugins/ldap/defaults.py +++ b/src/pas/plugins/ldap/defaults.py @@ -8,6 +8,10 @@ "server.password": "secret", "server.ignore_cert": False, "server.start_tls": False, + "server.tls_cacertfile": None, + "server.tls_cacertdir": None, + "server.tls_clcertfile": None, + "server.tls_clkeyfile": None, "server.page_size": 1000, "server.conn_timeout": 5, "server.op_timeout": 600, diff --git a/src/pas/plugins/ldap/properties.py b/src/pas/plugins/ldap/properties.py index ce2edf5..0650ca9 100644 --- a/src/pas/plugins/ldap/properties.py +++ b/src/pas/plugins/ldap/properties.py @@ -117,10 +117,10 @@ def fetch(name, default=UNSET): props.ignore_cert = fetch("server.ignore_cert") # TODO: later # props.start_tls = fetch('server.start_tls') - # props.tls_cacertfile = fetch('server.tls_cacertfile') - # props.tls_cacertdir = fetch('server.tls_cacertdir') - # props.tls_clcertfile = fetch('server.tls_clcertfile') - # props.tls_clkeyfile = fetch('server.tls_clkeyfile') + props.tls_cacertfile = fetch('server.tls_cacertfile') + props.tls_cacertdir = fetch('server.tls_cacertdir') + props.tls_clcertfile = fetch('server.tls_clcertfile') + props.tls_clkeyfile = fetch('server.tls_clkeyfile') # props.retry_max = fetch(at('server.retry_max') # props.retry_delay = fetch('server.retry_delay') props.page_size = fetch("server.page_size") diff --git a/src/pas/plugins/ldap/properties.yaml b/src/pas/plugins/ldap/properties.yaml index c082540..272b228 100644 --- a/src/pas/plugins/ldap/properties.yaml +++ b/src/pas/plugins/ldap/properties.yaml @@ -54,6 +54,30 @@ widgets: props: label: Ignore certificate check? help: If set on authenticate a failing certificate chain check including CA is ignored. + - tls_cacertfile: + factory: '#field:text' + value: expr:context.props.tls_cacertfile + props: + label: Path to CA certificate file for TLS communication (OPT_X_TLS_CACERTFILE) + help: If set, the LDAP server certificate is checked against the CA certificate file. + - tls_cacertdir: + factory: '#field:text' + value: expr:context.props.tls_cacertfile + props: + label: Path to folder with CA certificate files for TLS communication (OPT_X_TLS_CACERTDIR) + help: If set, the LDAP server certificate is checked against the CA certificates in folder. + - tls_clcertfile: + factory: '#field:text' + value: expr:context.props.tls_clcertfile + props: + label: Path to client certificate file for TLS communication (OPT_X_TLS_CERTFILE). Requires tls_clkeyfile + help: If set, the client certificate is sent to the server. + - tls_clkeyfile: + factory: '#field:text' + value: expr:context.props.tls_clkeyfile + props: + label: Path to client certificate key for TLS communication (OPT_X_TLS_KEYFILE). Requires tls_clcertfile + help: If set, the client certificate is sent to the server. - page_size: factory: '#field:number' value: expr:context.props.page_size From 84fb64c23f50f12080ac42fe5c0f78fce5010fba Mon Sep 17 00:00:00 2001 From: metbosch Date: Tue, 8 Oct 2024 12:13:39 +0200 Subject: [PATCH 16/23] Add start_tls option --- src/pas/plugins/ldap/properties.py | 14 ++++++++------ src/pas/plugins/ldap/properties.yaml | 6 ++++++ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/src/pas/plugins/ldap/properties.py b/src/pas/plugins/ldap/properties.py index 0650ca9..e25bbe5 100644 --- a/src/pas/plugins/ldap/properties.py +++ b/src/pas/plugins/ldap/properties.py @@ -115,12 +115,12 @@ def fetch(name, default=UNSET): props.user = "" props.password = "" props.ignore_cert = fetch("server.ignore_cert") - # TODO: later - # props.start_tls = fetch('server.start_tls') + props.start_tls = fetch('server.start_tls') props.tls_cacertfile = fetch('server.tls_cacertfile') props.tls_cacertdir = fetch('server.tls_cacertdir') props.tls_clcertfile = fetch('server.tls_clcertfile') props.tls_clkeyfile = fetch('server.tls_clkeyfile') + # TODO: later # props.retry_max = fetch(at('server.retry_max') # props.retry_delay = fetch('server.retry_delay') props.page_size = fetch("server.page_size") @@ -246,10 +246,6 @@ def __init__(self, plugin): self.plugin = plugin # XXX: Later - tls_cacertfile = "" - tls_cacertdir = "" - tls_clcertfile = "" - tls_clkeyfile = "" retry_max = 3 retry_delay = 5 @@ -258,6 +254,12 @@ def __init__(self, plugin): password = propproxy("server.password") start_tls = propproxy("server.start_tls") ignore_cert = propproxy("server.ignore_cert") + start_tls = propproxy("server.start_tls") + tls_cacertfile = propproxy("server.tls_cacertfile") + tls_cacertdir = propproxy("server.tls_cacertdir") + tls_clcertfile = propproxy("server.tls_clcertfile") + tls_clkeyfile = propproxy("server.tls_clkeyfile") + page_size = propproxy("server.page_size") conn_timeout = propproxy("server.conn_timeout") op_timeout = propproxy("server.op_timeout") diff --git a/src/pas/plugins/ldap/properties.yaml b/src/pas/plugins/ldap/properties.yaml index 272b228..eae3500 100644 --- a/src/pas/plugins/ldap/properties.yaml +++ b/src/pas/plugins/ldap/properties.yaml @@ -54,6 +54,12 @@ widgets: props: label: Ignore certificate check? help: If set on authenticate a failing certificate chain check including CA is ignored. + - start_tls: + factory: '#field:checkbox' + value: expr:context.props.start_tls + props: + label: Use TLS connection + help: If set, the connection is upgraded to TLS. - tls_cacertfile: factory: '#field:text' value: expr:context.props.tls_cacertfile From 32d634aa68d6e27d03dc54f16c66d74e2d416c88 Mon Sep 17 00:00:00 2001 From: metbosch Date: Tue, 8 Oct 2024 13:49:26 +0200 Subject: [PATCH 17/23] Fix LDAP option value --- src/pas/plugins/ldap/properties.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pas/plugins/ldap/properties.yaml b/src/pas/plugins/ldap/properties.yaml index eae3500..acf55a1 100644 --- a/src/pas/plugins/ldap/properties.yaml +++ b/src/pas/plugins/ldap/properties.yaml @@ -68,7 +68,7 @@ widgets: help: If set, the LDAP server certificate is checked against the CA certificate file. - tls_cacertdir: factory: '#field:text' - value: expr:context.props.tls_cacertfile + value: expr:context.props.tls_cacertdir props: label: Path to folder with CA certificate files for TLS communication (OPT_X_TLS_CACERTDIR) help: If set, the LDAP server certificate is checked against the CA certificates in folder. From 90a0d3a63803e31156c809638f363024ab0a106e Mon Sep 17 00:00:00 2001 From: Alin Voinea Date: Wed, 13 Nov 2024 10:57:20 +0200 Subject: [PATCH 18/23] Preparing release 1.8.3 --- CHANGES.rst | 2 +- setup.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index b8d39d0..ee758fa 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -2,7 +2,7 @@ History ======= -1.8.3 (unreleased) +1.8.3 (2024-11-13) ------------------ - Add uninstall profile diff --git a/setup.py b/setup.py index a6c0df5..d14e271 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ import os -version = "1.8.3.dev3" +version = "1.8.3" shortdesc = "LDAP/AD Plugin for Plone/Zope PluggableAuthService (users+groups)" longdesc = open(os.path.join(os.path.dirname(__file__), "README.rst")).read() longdesc += open(os.path.join(os.path.dirname(__file__), "TODO.rst")).read() From a3d135b4def7f2e4c3988b4bc1253c2d415f6f2f Mon Sep 17 00:00:00 2001 From: Alin Voinea Date: Wed, 13 Nov 2024 11:03:33 +0200 Subject: [PATCH 19/23] Back to development: 1.8.4 --- CHANGES.rst | 7 +++++++ setup.py | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index ee758fa..b70bfe1 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -2,6 +2,13 @@ History ======= + +1.8.4 (unreleased) +------------------ + +- Nothing changed yet. + + 1.8.3 (2024-11-13) ------------------ diff --git a/setup.py b/setup.py index d14e271..47c92ea 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,7 @@ import os -version = "1.8.3" +version = "1.8.4.dev0" shortdesc = "LDAP/AD Plugin for Plone/Zope PluggableAuthService (users+groups)" longdesc = open(os.path.join(os.path.dirname(__file__), "README.rst")).read() longdesc += open(os.path.join(os.path.dirname(__file__), "TODO.rst")).read() From d1ba512598f0a8b6cd013e6af2ecb0ba3770ec3c Mon Sep 17 00:00:00 2001 From: Mauro Amico Date: Thu, 30 Jan 2025 08:19:30 +0100 Subject: [PATCH 20/23] default value --- .../ldap/plonecontrolpanel/profiles/base/ldapsettings.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pas/plugins/ldap/plonecontrolpanel/profiles/base/ldapsettings.xml b/src/pas/plugins/ldap/plonecontrolpanel/profiles/base/ldapsettings.xml index d483449..bf6a5ae 100644 --- a/src/pas/plugins/ldap/plonecontrolpanel/profiles/base/ldapsettings.xml +++ b/src/pas/plugins/ldap/plonecontrolpanel/profiles/base/ldapsettings.xml @@ -42,7 +42,7 @@ inetOrgPerson - Anonymous + Member (objectClass=inetOrgPerson) From a0d336c681f4aa5c333d9c9d6be4f7fd97cc828b Mon Sep 17 00:00:00 2001 From: Mauro Amico Date: Thu, 30 Jan 2025 08:20:22 +0100 Subject: [PATCH 21/23] black --- src/pas/plugins/ldap/properties.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pas/plugins/ldap/properties.py b/src/pas/plugins/ldap/properties.py index cd31a60..e03c522 100644 --- a/src/pas/plugins/ldap/properties.py +++ b/src/pas/plugins/ldap/properties.py @@ -134,7 +134,7 @@ def fetch(name, default=UNSET): props.roles = fetch("users.roles") # a server wide variable, but related to user users.baseDN = fetch("users.dn") - # build attrmap from static keys and dynamic keys inputs + # build attrmap from static keys and dynamic keys inputs users.attrmap = odict() users.attrmap.update(fetch("users.aliases_attrmap")) users_propsheet_attrmap = fetch("users.propsheet_attrmap") From 0c825882fca324e58c02f41bcb37600db3367025 Mon Sep 17 00:00:00 2001 From: "Jens W. Klein" Date: Mon, 3 Feb 2025 12:09:06 +0100 Subject: [PATCH 22/23] bump version on feature level (semver, minor) --- CHANGES.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 909706f..26c1618 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,7 +3,7 @@ History ======= -1.8.4 (unreleased) +1.9.0 (unreleased) ------------------ - Default user roles configuration implementation. From 29d4c6ee920b9f32ead658ea5f9d088cd4ff5f8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cillian=20de=20R=C3=B3iste?= Date: Mon, 23 Jun 2025 17:58:20 +0100 Subject: [PATCH 23/23] Remove five.globalrequest It has been integrated since Zope 4 and breaks in Plone 6.1.2 See: https://github.com/plone/Products.CMFPlone/issues/2618 --- setup.py | 1 - src/pas/plugins/ldap/configure.zcml | 2 -- 2 files changed, 3 deletions(-) diff --git a/setup.py b/setup.py index 47c92ea..0ece5fc 100644 --- a/setup.py +++ b/setup.py @@ -50,7 +50,6 @@ "AccessControl>=3.0", "Acquisition", "bda.cache", - "five.globalrequest", "node", "node.ext.ldap>=1.1", "odict", diff --git a/src/pas/plugins/ldap/configure.zcml b/src/pas/plugins/ldap/configure.zcml index 6bf592d..43c32e6 100644 --- a/src/pas/plugins/ldap/configure.zcml +++ b/src/pas/plugins/ldap/configure.zcml @@ -6,8 +6,6 @@ xmlns:genericsetup="http://namespaces.zope.org/genericsetup" i18n_domain="pas.plugins.ldap"> - -