just as a follow-up to the "INAPPROPRIATE_AUTH" message you saw, since i never saw that error message before i looked it up and the docs say:: """ Anappropriate authentication was specified(e.g.LDAP_AUTH_SIMPLE was specified and the entry does not have a userPassword attribute """ to me this sounds like - there is indeed a record with that user name - the record does not have a userPassword attribute. very strange. are you 100% sure there isn't some account in LDAP with that name, maybe even some hidden system account? apart from that i cannot reproduce your problem. i did the following: - create a subfolder on a site - instantiated a LDAPUserFolder in it - at the site root (in a standard zope user folder) i added a user with "Manager" role that has a user name definitely not found in LDAP when i log in as that test user i can do anything i want, outside as well as inside the folder protected by the LDAPUserFolder. when i crank up logging to the highest level inside the LDAPUserFolder it keeps telling me "User not found", but that's the expected behavior. Like any other user folder it will then simply return "None", which prompts the zope security machinery to go up the tree looking at the next user folder it finds and trying again. as far as the roles go, you should do one of two things: - either create groups on the Groups tab that have the same names as meaningful roles in Zope and then adding your user record to the group - or re-use the groups already in LDAP by creating a role with that same name at the root of your zope site and giving it any desired permission. jens On Thursday, November 22, 2001, at 08:34 , Jonathan Cheyne wrote:
jonathan,
it's trying to look up a user with account name "root"? is there such an account name in your zope instance
Yes - in the root folder is the default install acl folder with a 'root' user (an admin user for the whole zope instance). Then there is a zwiki folder and in there the ldapuserfolder. There are no other users in the instance apart from root and whatever is returned from ldap. the ldap server runs authentication for the intranet, some website functions etc and works. I can authenticate ok for our iplanet servers.
I created a new user in the top level regular acl folder called admin. No such user exists in ldap. I gave the admin user a Manager role. I can administer the zope instance EXCEPT for the wiki containing ldapuserfolder. If I try to view this folder I get
Error Type: INAPPROPRIATE_AUTH Error Value: {'desc': 'Inappropriate authentication'}
This message also appears even if I try to /view/ the wiki when logged in as admin. Log back in as jonathan and all is fine. To test if this was because the admin uid might not be in ldap and that a partial lookup was occuring for all other id's I added a user "doodah" and yet this worked ok (in so far that it dod not produce that error). This means that only the admin user creates that prob.
(Is there a protected user admin within zope as a whole maybe?)
Maybe this comes down to your roles question which I am not completely following. I do a look up on a user (say me, jon) and do not get anything saying roles just cn, dn, uid plus a long list of check boxes for groups (hat we use for authentication things). Is this what you mean? In the configure screen there as the box saying default user role - I changed this to Authenticated but no diff.
Do I need to map one of our groups to a zope role?
Cheers
Jonathan