Jens Vagelpohl wrote:
On 27 Sep 2005, at 11:17, bruno modulix wrote:
A normal pattern to use here would be to have one central user folder (e.g. at the root) and work with local roles in the sub-portals instead of having several user folders.
I know, but I don't think it will possible here (this is an euphemism). The UserFolder is a LDAPUserGroupsFolder, users data are stored in a LDAP directory, with one branch for each CPS instance, and some user data and schema varying from one branch to another. We don't have the possibility to change this (it's part of a bigger system), and we don't have the time to rewrite a custom LDAPUserFolder that could accomodate this LDAP schema (this project was already very late when we took on it and we have a *very* tight deadline - I hate this situation, but I have to deal with it...). Any robust solution, as hackish as it may be, will be just fine, as long as we deliver on time.
No idea what "LDAPUserGroupsFolder" is or what it does,
It's a modified LDAPUserFolder that supports CPS/CMF groups.
but for the standard LDAPUserFolder product you would instantiate a LDAPUserSatellite object in the subportals that would be configured to look up LDAP groups in specific DIT branches and convert them to user roles. The "central" user folder would not hand out any roles itself, it's only for authentication purposes in this setup.
Yes, but the problem here is that parts of the *users* schema and data will vary according to the CPM - it's not just a matter of roles and perms - would have been to simple :-/ Once again, I'm well aware that some architectural choices here are less than optimal, but there are strong constraints, very tight deadline, and we just don't have time to make it right - in fact barely enough time to make it work at first. God knows I don't like working that way, but still, I have to deal with it :( -- Bruno Desthuilliers Développeur bruno@modulix.org