Jens Vagelpohl schrieb:
well, if all the user folders are configured the same way *except* for the groups-to-role bit then you should get the functionality you need.
Yes, I expect that. but what if you have 100 user-folders configured and need to change one option ? a lot or work.
it's not trivial to program something that would allow retrieval of a user object at the root and then somehow mangle the list of roles based on where you are in the site.
What is about the following: Have a central point of Configure, LDAP Schema, Custom Forms for all LDAPUserFolders and Caches, Users, Groups are local ? And do lookups again, not computed.
you might be able to patch the folder class so that local roles are computed instead of just looked up, but that's hackish.
jens
On Wednesday, May 1, 2002, at 08:32 , Dirk Datzert wrote:
Hi Jens,
one question about possibilities of LDAPUserFolder:
We decide to install only one LDAPUserFolder in the Root-Folder and configure him to do the authentications against LDAP.
In the subfolders we want to install 'LDAPUserFolders' which should not be configured again, but use the top-level LDAPUserFolder. In this 'LDAPUserFolders' there would be done the Groups Management on an base of LDAP-Group to Zope-Role mapping.
Do you think it is possible to split this feature from LDAPUserFolder (with a little programming) ? Where should I look on programming and what need I take care about ?
Regards, Dirk