I've broken my site, and can't figure it out. This is Zope 2.4.3 binary on Linux I have / (root) with acl_users /Strader public without an acl_users (all permissions are "acquire from above") /Strader/P not public, has an LDAPUserFolder for acl_users local roles are defined in the root /acl_users Security for /Strader/P has disabled acquisition of "access contents information" and "view", and enabled these permissions for the roles Manager, SFCustomer and SFManager Logging in as a Manager defined in root /acl_users works for management, but when I attempt to view a ZPT in /Strader/P using the Test tab, I get "you are not authorized to access title" My manager userid is also defined in the LDAP adapter as well, so I'm authenticated by the LDAPUserFolder in /Strader/P or /acl_users depending on what I'm accessing. So "view" in /Strader works okay for me -- But the real problem is -- Logging in as a user who is only defined in LDAP adapter, who has the roles SFCustomer and SFManager still gives the same error "not authorized to access title" on /Strader/P/Master (page template when viewing) I'm totally stumped, it's as if LDAPUserFolder is not returning the correct list of roles. However, if I temporarily enable acquisition of view and "access contents", I can get this output from viewing the ZPT roles are ('SFCustomer', 'SFManager', 'Anonymous', 'Authenticated') (the Master template has ) roles are <span tal:content="user/getRoles">roles</span> Anyone have any ideas how to diagnose this so I can see where to fix it? I've searched the archives, there are some grumblings about this in the past but no obvious silver bullet. Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax netmeeting: ils://ils.murkworks.com AOL-IM: BKClements