Skip to content

eea/pas.plugins.eea

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

105 Commits
.github
.github
 
 
docs
docs
 
 
src/pas
src/pas
 
 
.coveragerc
.coveragerc
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.travis.yml
.travis.yml
 
 
DEVELOP.md
DEVELOP.md
 
 
Jenkinsfile
Jenkinsfile
 
 
LICENSE.GPL
LICENSE.GPL
 
 
LICENSE.md
LICENSE.md
 
 
MANIFEST.in
MANIFEST.in
 
 
README.rst
README.rst
 
 
base.cfg
base.cfg
 
 
bobtemplate.cfg
bobtemplate.cfg
 
 
buildout.cfg
buildout.cfg
 
 
constraints.txt
constraints.txt
 
 
constraints_plone52.txt
constraints_plone52.txt
 
 
constraints_plone60.txt
constraints_plone60.txt
 
 
pylint.cfg
pylint.cfg
 
 
pyproject.toml
pyproject.toml
 
 
requirements.txt
requirements.txt
 
 
requirements_plone52.txt
requirements_plone52.txt
 
 
requirements_plone60.txt
requirements_plone60.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 
test_plone52.cfg
test_plone52.cfg
 
 
test_plone60.cfg
test_plone60.cfg
 
 
tox.ini
tox.ini
 
 

Repository files navigation

pas.plugins.eea

Provides user and group enumeration on top of pas.plugins.authomatic

Features

  • user enumeration
  • groups enumeration
  • group member enumeration
  • user group enumeration

Documentation

This addon depends on pas.plugins.authomatic. Upon installation, it will automatically run the setup step for pas.plugins.authomatic.

In order for this plugin to function correctly, the Entra ID application should be granted the following API permissions in the Microsoft.Graph scope via the Azure Portal:

  • Group.Read.All
  • GroupMember.Read.All
  • User.Read.All

The type for all the permissions is Application and “Admin consent” must be granted.

Installation

Install pas.plugins.eea by adding it to your buildout:

::

[buildout]

...

eggs =
pas.plugins.eea

and then running bin/buildout

After enabling the product in Site Setup -> Add-ons, make sure to:

  • go into Site Setup -> Authomatic (OAuth2/OpenID) and make sure that “Generator for Plone User IDs.” is set to UUID as User ID**.

  • update the JSON configuration

  • make sure to add the following to the JSON configuration (for working sync)

    "sync_propertymap": {
  "id": "id",
  "mail": "email",
  "country": "location",
  "displayName": "fullname",
  "userPrincipalName": "email",
  "userType": null
},
  • From control panel run sync users

  • Disable the following functionalities in acl_users:

    • authomatic:
      • User_Enumeration (this is handled by eea_entra - the login property is set to the user email)
      • User_Management (to disable the remove checkboxes, as Entra users cannot be deleted from Plone)
      • Properties (to add “External” emoji)
    • mutable_properties:
      • User_Enumeration (this is handled by eea_entra - the login property is set to the user email)

  • In acl_users -> plugins -> Properties Plugins make sure that eea_entra is at the top of the list of “Active Plugins”.

CRON

A script is provided to sync users and groups from Entra ID. The script is located in pas/plugins/eea/scripts/sync.py and registered in setup.py as a console script.

It can be called from the command line like this:

sync_eea_entra --portal PLONE_PORTAL_ID --zope-conf /path/to/zope.conf

The script initializes itself the same way zconsole run would. It cannot be called with zconsole run as that command does not pass on script arguments, so there is no way to specify the portal id.

EEA specifics

Contribute

License

The project is licensed under the GPLv2.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-2.0, GPL-2.0 licenses found

Licenses found

GPL-2.0
LICENSE.md
GPL-2.0
LICENSE.GPL
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 5

1.4 Latest
Apr 25, 2025
+ 4 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages