Hi all I used to test for <tr tal:condition="python:'Anonymous' not in user.getRoles()"> before switching to LDAPUserFolder, and it used to work. When I switched, it stopped working, and I found this in LDAPUserFolder's 'Configure.stx': 'Default User Roles' -- All users authenticated from your ldap tree will be given the roles you put into this comma-delimited list. Zope expects all users - anonymous as well as authenticated - to have the role Anonymous. I wasn't aware of that. Why does an authenticated user need to have Anonymous as a role? (I'm trying to get to http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx but it's down now: While trying to retrieve the URL: http://12.155.117.33:8082/VirtualHostBase/http/zope.org:80/zopeorg/VirtualHo... The following error was encountered: * Connection Failed ) -- Jean Jordaan http://www.upfrontsystems.co.za