-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thomas Bennett wrote:
I have installed the following:
Zope Version (Zope 2.9.7-final, python 2.4.4, linux2) Python Version 2.4.4 (#1, Oct 23 2006, 13:58:00) [GCC 4.1.1 20061011 (Red Hat 4.1.1-30)] System Platform linux2 SOFTWARE_HOME /var/zope/lib/python ZOPE_HOME /var/zope INSTANCE_HOME /var/zope CLIENT_HOME /var/zope/var Network Services ZServer.HTTPServer.zhttp_server (Port: 8086) ZServer.HTTPServer.zwebdav_server (Port: 9800)
I'm using Zeo storage with this.
The main problem is my understanding roles with my new set up.
I am moving from a Zope 2.6.1 setup to the setup shown above. I've already added some Products to my INSTANCE_HOME/Products directory including Plone which includes the PluggableAuthService folder. I installed a Plone site for testing and deleted it.
It appears that PAS has taken over my root acl_users folder or is this now a default in 2.9.
The installer for a 'Plone Site' replaces the root acl_users with a PAS: I've argued that this is poor practice (inexcusably rude, actually), but they seem determined to continue it.
Now I can only add users from the ZODB User Manager under /acl_users/users, there is nowhere to add a user from an Add buttion as in the older version of Zope.
Correct. In PAS, there are actually potentially muttiple user sources (e.g,, SQL, LDAP, NTLM, etc.). Adding them to the 'ZODB users' plugin is the "cognate" of the od "Add" button.
I can add roles from ZODB Role Manager in /acl_users/roles but these roles don't show up under the Security tab on any page. I can add local roles under the Security tab and they don't show up in /acl_users/roles.
Correct. The roles in the PAS plugin are used to control "global" grants to the users; the roles you set on a folder (even the root), are about "local" grants.
I have searched and can find little to no documentation on use or difference in the two authentication methods. Where can I find more information on roles in 2.9.7 and use in this situation?
In general, I would avoid defining any new "global" roles in PAS, or even granting the existing ones as "global" roles. Rather, I advise treating *all* grants as "local", even if that means setting them on the root object.
Is this normal behavior and if so how can I synchronize roles between the Security tab and /acl_users/roles or is it not possible?
I would just avoid the role plugin altogether.
Am still searching the WEB and archives in the meantime.
The better list for this would be zope-pas@lists.zope.org (CC'ed), which deals with PAS specifics. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGEboh+gerLs4ltQ4RAomwAKCCN58a7DPkCDsM8v8Oh1a9b6uBPgCgr+m6 H30tKJ1u9k8lJqtBIPxQ11k= =uupR -----END PGP SIGNATURE-----