Hi all, I try to solve some problems with LDAPRoleTwiddler an inherited version from BasicUserFolder I currently use a validate()-function which I saw similar in BasicUserFolder and in LDAPRoleExtender (modifications from Shane) My problem is that if self.authorize(user, a, c, n, v, roles): return user.__of__(self) in validate() does not work, but return user.__of__(self) work better, but does not the same as the API (which I don't know) expect. Can anybody give a hint ? Regards, Dirk used python code: # This must stay accessible to everyone def validate( self, request, auth='', roles=_noroles ): """ The main engine """ v = request['PUBLISHED'] # the published object a, c, n, v = self._getobcontext(v, request) name, password = self.identify(auth) user = self.authenticate(name, password, request) if user is not None: if user is not None: # On my Test-System it works with authorize() # On my Integration-System it works only without authorize() #if self.authorize(user, a, c, n, v, roles): return user.__of__(self) # Could not twiddle a user. Defer to other user folders. return None def authenticate(self, name, password, request): super = self._emergency_user if name is None: return None if super and name == super.getUserName(): user = super else: user = self.getUser(name, password) if user is not None and user.authenticate(password, request): return user else: return None