I have just setup LDAP with Zenoss Core 4.2.3. I am using open LDAP, not AD. Followed rmatte's instructions here - http://community.zenoss.org/message/30126#30126 and the base reference here - http://community.zenoss.org/docs/DOC-2510 .
There are issues with recent versions of LDAPUserFolder so again used help from rmatte with the plugins:
sudo su - zenoss
cd ~
wget -c http://pypi.python.org/packages/source/P/Products.LDAPUserFolder/Products.LDAPUserFolder-2.18.tar.gz
tar zxf Products.LDAPUserFolder-2.18.tar.gz
cd Products.LDAPUserFolder-2.18/Products
mv LDAPUserFolder /opt/zenoss/Products
chown -R zenoss:zenoss /opt/zenoss/Products/LDAPUserFolder
cd
rm -rf Products.LDAPUserFolder*
cd ~
tar zxf Products.LDAPMultiPlugins-1.14.tar.gz
cd Products.LDAPMultiPlugins-1.14/Products
mv LDAPMultiPlugins /opt/zenoss/Products
chown -R zenoss:zenoss /opt/zenoss/Products/LDAPMultiPlugins
cd ~
rm -rf Products.LDAPMultiPlugins*
Had a couple of false starts with configuring the LDAP groups / Zenoss roles. This is what I have ended up with:
If you want to add LDAP groups from Zope then you must have ReadOnly unticked and you must supply the Manager DN and password - I found I couldn't set the Manager DN Usage to Always unless I had this. Most of the other parameters will depend on your LDAP setup.
The one that may affect seeing events and other stuff is the Default User Role. if you leave that at Anonymous then the Anonymous role effectively has no powers. You can see some menus but most of the detail is blank. If you have users that are not in any LDAP group then this is the zenoss role that they will get. It may be what you want but it may not.
Using Zenoss roles locally, the default tends to be ZenUser so I used that as the Default User Roles; that way, users not in a LDAP group can see standard stuff.
I now have users who are not defined locally in Zenoss that can both authenticate to Zenoss for the GUI and get the correct role, depending on the group / role mapping setup.
Cheers,
Jane