As I know, LDAP it's a standard protocol to access a user database on a server. I also read that by using LDAP you can read and write on this database. In my case, I only have read permissions and I'm not allowed to see the database internal structure neither to change it. I've tried to get it work but it doesn't and don't know why.
if you don't know much about the internal structure of the LDAP database you are connecting to you have a real problem. there is a ton of configuration options that depend on knowing the database.
I Just create a schema as follows:
LDAP Server: ldap.myorganization.ch Login name attribute: uid RDN Attribute: Canonical name Users base DN: ou=student,o=myorganization,c=ch Scope: Subtree Group storage: Groups not stored on LDAP server Groups Base DN: same as Users base DN (I don't know what else can I put here and I don't have more info)
LDAPLogin and Pasword are empty
User object classes: top,person User password encryption: crypt Default User Roles: Anonymous Authentication: Basic HTTP Authentication
do you even know if these are the correct values for your LDAP server? you seem to be able to connect to it judging by your email, but are you sure that the UID attribute is indeed the attribute name for the login and that the relative distinguished name (RDN) attribute is really CN?
My question is how can I populate my user folder? I saw the feature add user, but I need to add 500 hundred users and I guess this is not the way of doing it and I don't see anythin on the Caches tab. My logic says my that this feature is only if you want to add users to your ldap database. But I rather than add want to authenticate them.
if the users you need are already in LDAP then there is no "population" to do. besides, the adding is not possible for you, anyway, since you don't have write access.
Because I don't have any result when I search by uid, I just made this:
<dtml-in "findUser('sn','lastname')"> <dtml-var "_['sequence-item']"> </dtml-in>
And then I saw a dictionary with lots of fields, but not uid. I'm just wondering why. I guess the authentication looks for this username and then gives the password.
are you sure that anonymous users (since you did not specify a LDAP bind UID and password, you are anonymous for the LDAP server) are allowed to read the UID attribute? (and is the UID attribute really available and what you want, see above)?
Whenever I observe the log contents, I see always somethin like:
(9) Apr 29 20:37:55: userx not found (getUser)
Does anybody know what I'm doing wrong?
what you're doing wrong seems to be trying to configure a product that requires a lot of knowledge about the server it connects to without actually having that knowledge... jens