all the guidance you need is in the help pages for the LDAPUserFolder in zope's help system. please make use of them. basically, if you give no manager DN then the current logged-in user DN is used to bind for any operation. should the currently logged-in user *not* be from the LDAPUserFolder you will bind anonymously to the directory. whether these bindings will allow you to manipulate records is completely up to your LDAP server configuration. jens On Wednesday, Feb 26, 2003, at 04:52 US/Eastern, Krishna wrote:
Thanks for your help !! ... With the information you gave me I could authenticate / add and delete users.
Below is the complete list of LDAP ACLs I have currently active.
************************************************** defaultaccess read access to dn="ou=People,dc=mysite,dc=com" by dn="uid=zeo,ou=People,dc=mysite,dc=com" write by * read access to dn="ou=zope-grps,dc=mysite,dc=com" by dn="uid=zeo,ou=People,dc=mysite,dc=com" write by * read access to filter="objectclass=cdObject" by dn="uid=zeo,ou=People,dc=mysite,dc=com" write by * read access to attr=userpassword by self write by * read access to * by * read *********************************************************
I also provided the Manager Dn in the LDAP user folder as... cn=Manager,dc=mysite,dc=com
Now with all these settings i can successfully add / modify / delete / authenticate the relevant users.
But what I need to know is .....do we need the Manager DN/passwd within the LDAP user folder??... In fact, the manager should only be used for server administrative tasks, we use it to get system account information into the LDAP directory.
I need to know if there is a way for me to achieve the same WITHOUT specifying the Manager DN within the LDAPUserFolder !!!! .... would be helpful if I get some guidance :-) ...!!!!
Thanks once again,
Kris :-)