Coding, Uncategorized

Plone, LDAP and buildout

I just spent a couple of hours trying to configure a Zeoserver /Plone 3 setup on Ubuntu, build with the “buildout” mechanism, to use LDAP as an authentication mechanism, and ran into a couple of problems, such as the error message:

ImportError: cannot open shared object file: No such file or directory

which might have brought you here. I was using the excellent tutorials by Jens W. Klein and Veit Schiele (German, here the translated version, which describes an even easier setup than than the one provided here; thanks to cra for pointing this out). There is one small detail missing in  both tutorials, namely, that openldap needs the LD_LIBRARY_PATH variable to be set, otherwise python-ldap cannot find the openldap libraries.

To pull both tutorials together, here are the entries that I added to my buildout.cfg (no guarantees that this works unmodified for you).


eggs =

zcml =

parts =



eggs =

environment-vars =
LD_LIBRARY_PATH ${openldap:location}/lib

recipe = zc.recipe.cmmi
url =
extra_options = –with-sasl –with-tls –enable-slapd=no

recipe = zc.recipe.egg:custom
egg = python-ldap
include-dirs  =
library-dirs  =
rpath =

Please note the correct indentation has been lost in the formatting on this blog entry. Hope you find this useful.


4 thoughts on “Plone, LDAP and buildout

  1. Hi,

    Thanks for the great info!

    One note – in the extra_options line, your editor has changed the two dashes to an em-dash. When I copied and pasted that line into my buildout.cfg I got an error. I just changed the em-dash back to two dashes and it works.

    Larry Pitcher

  2. I encountered another problem on a recent (9.10) Ubuntu. It seems that this version of OpenLDAP doesn’t compile cleanly with GCC 4.4, so you need to:

    apt-get install gcc-4.3

    and add some environment variables to the [openldap] section of the buildout:


    environment =
    # Workaround for “error: storage size of ‘peercred’ isn’t known”

    I suppose I could probably have solved this by specifying a newer version of OpenLDAP instead (there have been four stable releases since the 2007-11-18 release), but this seemed like the minimal intervention necessary.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s