Home :: pas.plugins.eea

Metadata

Distro Index Owner:
eea
Home Page:
pas.plugins.eea
License
GPL version 2
Version:
1.7
Last updated:
2026-02-05
Keywords:
EEA Add-ons Plone Zope

pas.plugins.eea

Files

Indexes

Provides user and group enumeration on top of pas.plugins.authomatic

pas.plugins.eea

Provides user and group enumeration on top of pas.plugins.authomatic

Features

  • user enumeration
  • groups enumeration
  • group member enumeration
  • user group enumeration

Documentation

This addon depends on pas.plugins.authomatic. Upon installation, it will automatically run the setup step for pas.plugins.authomatic.

In order for this plugin to function correctly, the Entra ID application should be granted the following API permissions in the Microsoft.Graph scope via the Azure Portal:

  • Group.Read.All
  • GroupMember.Read.All
  • User.Read.All

The type for all the permissions is Application and “Admin consent” must be granted.

Installation

Install pas.plugins.eea by adding it to your buildout:

::

[buildout]

...

eggs =
pas.plugins.eea

and then running bin/buildout

After enabling the product in Site Setup -> Add-ons, make sure to:

  • go into Site Setup -> Authomatic (OAuth2/OpenID) and make sure that “Generator for Plone User IDs.” is set to UUID as User ID**.

  • update the JSON configuration

  • make sure to add the following to the JSON configuration (for working sync)

    "sync_propertymap": {
  "id": "id",
  "mail": "email",
  "country": "location",
  "displayName": "fullname",
  "userPrincipalName": "email",
  "userType": null
},
  • From control panel run sync users

  • Disable the following functionalities in acl_users:

    • authomatic:
      • User_Enumeration (this is handled by eea_entra - the login property is set to the user email)
      • User_Management (to disable the remove checkboxes, as Entra users cannot be deleted from Plone)
      • Properties (to add “External” emoji)
      • User_Ader
    • mutable_properties:
      • User_Enumeration (this is handled by eea_entra - the login property is set to the user email)

  • In acl_users -> plugins -> Properties Plugins make sure that eea_entra is at the top of the list of “Active Plugins”.

CRON

A script is provided to sync users and groups from Entra ID. The script is located in pas/plugins/eea/scripts/sync.py and registered in setup.py as a console script.

It can be called from the command line like this:

sync_eea_entra --portal PLONE_PORTAL_ID --zope-conf /path/to/zope.conf

The script initializes itself the same way zconsole run would. It cannot be called with zconsole run as that command does not pass on script arguments, so there is no way to specify the portal id.

License

The project is licensed under the GPLv2.

Changelog

1.7 - (2026-02-05)

  • Fix: Ensure browser and upgrades packages are importable (add missing __init__.py). [dobri1408]
  • Fix: Align setup.py with standard packaging and rely on MANIFEST.in for data files. [dobri1408]

1.6 - (2025-11-18)

  • Change: Replace Python linting to ruff [mihaidobrescu1111 = refs #286821]
  • Change: Add plone6 tests [mihaidobrescu1111 = refs #293593]

1.5 - (2025-07-23)

  • Change: Update documentation [alecghica]

1.4 - (2025-04-25)

  • Change: Commit transaction at end of sync [david-batranu]

1.3 - (2025-03-12)

  • Change: Tests + coverage [david-batranu]

1.2 - (2025-03-11)

  • Task: EEA Entra ID regular sync script [david-batranu - refs #284052]

1.1 - (2025-03-06)

  • Change: Update README.md [alecghica]

1.0a1 - (2025-03-06)

  • Task: Initial release [david-batranu - refs #281898]