Jens Vagelpohl wrote:
Yes? That's available even on lesser operating systems from M$. Is PAM?
Okay, excellent point. But I also don't understand why so many people are using Windows as a *server* for a service that just seems so much better suited for a unix environment (and with so much less overhead), but that's just me.
You can use the LDAPUserFolder in read-only mode so it does not try to write back to the directory and store group/role information on the LDAPUserFolder itself. That way the users log in with the same credentials *and* you can manage the roles they get in the Zope context locally. It's just a matter of configuration.
But would that give every user in the LDAP server Zope level access to my server? I'm still trying to figure out how to select which users from the LDAP server will get accounts on my server. Do I add/remove the users manually (or programmatically) through Zope? (Sorry for the newbie questions ...) Thanks! Tom