the objectClass "organizationalRole" is not supported as a suitable group "holder". store your group memberships in objects that are supported, such as groupOfUniqueNames, groupOfNames, or group. jens On Monday, August 12, 2002, at 12:32 , Joel Burton wrote:
I've installed LDAPUserFolder to test its suitability for an upcoming project. It seems to install fine, and I can add/update users through its web interface, but I can never get it to authorize a user from the LDAP database.
1. The LDAP installation:
OpenLDAP 2.0.25 installed from source onto a Linux box. slapd configuration is:
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema
defaultsearchbase "dc=joelburton,dc=com" pidfile /usr/local/var/slapd.pid argsfile /usr/local/var/slapd.args
access to * by anonymous write
database ldbm suffix "dc=joelburton,dc=com" rootdn "cn=Manager,dc=joelburton,dc=com" rootpw MY_PASSWORD_IS_HERE directory /usr/local/var/openldap-ldbm index objectClass eq
I can succesfully perform searches from the command line.
2. python-ldap & Zope
Installed properly, can import it. Python 2.1.3, Zope 2.6.0a1.
3. LDAPUserFolder
Installed in Products directory. Not broken, no warnings.
In folder /ldap, have an LDAPUserFolder with following config:
Server: joelburton.com Not SSL Login Name Attribute: cn RDN Attribute: cn User Base DN: dc=joelburton,dc=com Scope=SUBTREE Group Storage: not in LDAP server LDAP Login DN: cn=Manager,dc=joelburton,dc=com User object classes: top,person Encryption: SHA Default user roles: Anonymous Authentication: Cookie
I can view my users, add a user (& check with ldap commandline tools that they were actually added)
4. LDAP data:
dn: dc=joelburton, dc=com objectClass: dcObject objectClass: organization o: Example Company dc: joelburton
dn: cn=Manager,dc=joelburton,dc=com objectClass: organizationalRole cn: Manager
dn: cn=bob,dc=joelburton,dc=com sn: bob givenName: bob cn: bob objectClass: top objectClass: person objectClass: inetorgperson userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289
'bob' has been given the Manager role & it appears on the Users tab of the LDAPUserFolder.
5. The problem:
When I go to http://server/ldap/manage, and try logging in with user=bob, and his password, it never authenticates. I can log in with my user (located in site's root acl_users, not in LDAPUserFolder).
The log (turned onto 9, Debugging) reads:
(9) Aug 12 12:30:21: joel not found (getUser) (9) Aug 12 12:30:18: bob not found (getUser) (9) Aug 12 12:30:18: No data in _lookupuser for uid bob
Any pointers on where to start would be helpful, as would a LDIF file that I could import w/data that I could use demonstrat that this will work.
I'm not very knowledgable about LDAP, so it's possible that I've done something wrong with my LDAP setting -- but LDAP's commandline tools seem to be working fine.
Thanks!
- J.
--
Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )