On Tue, 2002-04-02 at 14:46, Jens Vagelpohl wrote:
in order to use a role that a user has because his record is in a certain group in LDAP (first of all, look at the user object to make sure the role is actually assigned!) you need to create a role of the same name in zope using the Security tab in a folder or at the root. then you can assign all the permissions you want to this role, also on the Security tab. the user that has this special role from LDAP will then have those permissions in that location and "below".
This is not a complaint, but I gotta grok this before I spend any more time thinking about Zope and LDAP: 1) You create the LDAP schema (including groups and roles) 2) Populate slapd with entries 3) Point LDAPUserFolder to slapd 4) Manually recreate all groups in Zope 5) Manually reassign all users to groups in Zope Ouch. You know, with 11,000 users that's gonna hurt. -;^>= Is anybody working on this? Jens? Bueller? -- Mitch Pirtle Corporate Security Officer Kühne & Nagel Management AG Tel: +41 1 786 96 45 Fax: +41 1 786 95 95