On Mon, 4 Oct 2004 17:22:12 +0100, Jens Vagelpohl <jens@dataflake.org> wrote: I went ahead and traced the whole process by adding my own logging statements to the source starting with ``allowed`` and following everything. (The proper versions of methods are indeed getting called, so that's not an issue.) I noticed though that it seems in LDAPUserSatellite.py, in ``getAdditionalRoles``, it only goes through the *roles* that the user object has, and adds more roles that those *roles* map to in ``self.groups_map`` (self is the LUS), but it does not go through LDAP *groups* that the user has. My LUF gives only groups to specific users. I have no Zope roles specifically for my groups; it is my intent that the groups map to existing roles like 'Manager' in certain contexts. Has this been my misunderstanding? Are you supposed to create a Zope role for every group in an LUF, and include the trivial mapping from the group to the role in the LUF, then just use LUS for adding roles based on roles only? Or is LUS supposed to be able to add roles based on groups and there is something else wrong? -- Chris Connett