ok, my fault, i overlooked that in your configuration settings description. first of all, since you are using cookie auth, make sure to delete all and any cookies with the name "__ac" from that particulat server. sometimes the wrong cookies hang around and you'll never be able to log in. better yet, test this without cookies first. set the user folder to use basic auth. from your description it looks like the LDAPUserFolder is further down in the tree, with at least one other user folder above. it is possible in extreme cases that you will run into problems if both user folders have a user with the same login defined. by the way, what LDAPUserFolder version are you using? the latest revision, 1.5 beta3, has a lot of improvements specifically for running it with role information stored in the ZODB like you are trying to do. that includes a "convenience" user listing on the Users tab for all those user records that have a role associated with them which is only visible if you store roles in the ZODB. if you can find users by searching via the Users tab and if they do have roles associated with them (as would be apparent on the user detail view for specific records) then this should work. are you sure your passwords are set correctly? use the "change password" form on the record detail view from the Users tab to reset the password if you are unsure. jens On Monday, August 12, 2002, at 07:39 , Joel Burton wrote:
On Mon, Aug 12, 2002 at 07:28:56PM -0400, Jens Vagelpohl wrote:
the objectClass "organizationalRole" is not supported as a suitable group "holder". store your group memberships in objects that are supported, such as groupOfUniqueNames, groupOfNames, or group.
dn: dc=joelburton, dc=com objectClass: dcObject objectClass: organization o: Example Company dc: joelburton
dn: cn=Manager,dc=joelburton,dc=com objectClass: organizationalRole cn: Manager
dn: cn=bob,dc=joelburton,dc=com sn: bob givenName: bob cn: bob objectClass: top objectClass: person objectClass: inetorgperson userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289
Jens (& others) --
Thanks for the help. If I understand right, though, the "Manager" here is just the dn of the user who has full privileges to the LDAP server -- it shouldn't be related to the Zope roles (which I'm not storing in the LDAP server). If I were keeping the Zope roles in the LDAP server, I would use groupOfUmiqueNames to connect that group to the users.
My plan was to get authentication to work w/o the additional complications of groups in LDAP, and then try to add the LDAP groups in. Is this not a workable strategy?
Do you have any tips on how to get this authenticated with the groups being stored in the ZODB?
Thanks!
- J. --
Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant