jonathan,
it's trying to look up a user with account name "root"? is there such an account name in your zope instance
Yes - in the root folder is the default install acl folder with a 'root' user (an admin user for the whole zope instance). Then there is a zwiki folder and in there the ldapuserfolder. There are no other users in the instance apart from root and whatever is returned from ldap. the ldap server runs authentication for the intranet, some website functions etc and works. I can authenticate ok for our iplanet servers. I created a new user in the top level regular acl folder called admin. No such user exists in ldap. I gave the admin user a Manager role. I can administer the zope instance EXCEPT for the wiki containing ldapuserfolder. If I try to view this folder I get Error Type: INAPPROPRIATE_AUTH Error Value: {'desc': 'Inappropriate authentication'} This message also appears even if I try to /view/ the wiki when logged in as admin. Log back in as jonathan and all is fine. To test if this was because the admin uid might not be in ldap and that a partial lookup was occuring for all other id's I added a user "doodah" and yet this worked ok (in so far that it dod not produce that error). This means that only the admin user creates that prob. (Is there a protected user admin within zope as a whole maybe?) Maybe this comes down to your roles question which I am not completely following. I do a look up on a user (say me, jon) and do not get anything saying roles just cn, dn, uid plus a long list of check boxes for groups (hat we use for authentication things). Is this what you mean? In the configure screen there as the box saying default user role - I changed this to Authenticated but no diff. Do I need to map one of our groups to a zope role? Cheers Jonathan