On Mon, Aug 12, 2002 at 07:28:56PM -0400, Jens Vagelpohl wrote:
the objectClass "organizationalRole" is not supported as a suitable group "holder". store your group memberships in objects that are supported, such as groupOfUniqueNames, groupOfNames, or group.
dn: dc=joelburton, dc=com objectClass: dcObject objectClass: organization o: Example Company dc: joelburton
dn: cn=Manager,dc=joelburton,dc=com objectClass: organizationalRole cn: Manager
dn: cn=bob,dc=joelburton,dc=com sn: bob givenName: bob cn: bob objectClass: top objectClass: person objectClass: inetorgperson userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289
Jens (& others) -- Thanks for the help. If I understand right, though, the "Manager" here is just the dn of the user who has full privileges to the LDAP server -- it shouldn't be related to the Zope roles (which I'm not storing in the LDAP server). If I were keeping the Zope roles in the LDAP server, I would use groupOfUmiqueNames to connect that group to the users. My plan was to get authentication to work w/o the additional complications of groups in LDAP, and then try to add the LDAP groups in. Is this not a workable strategy? Do you have any tips on how to get this authenticated with the groups being stored in the ZODB? Thanks! - J. -- Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant