Hi Jens,
Hi,
I'm looking for a zope product that enables me to use our Active Directory LDAP server for verification of login credentials only. I want users still stored in Zope, and access to directories should be also something I can handle in Zope, and I don't want to use LDAP groups because I don't control the LDAP server and there are no groups on the LDAP server I can use.
So really, all I want is that Zope checks the passwords with the LDAP server instead of with it's own userfolder. And perhaps, a possibility to check/search for the available loginnames on the LDAP server when adding a user to the userfolder.
I've checked out LDAPUserFolder but that's not what I'm looking for (I think...).
I'd say "start coding". There is nothing that fits your (somewhat strange) requirements. I would suggest you modify those requirements to come up with a saner plan. Could it be you're thinking too much in terms of specific implementation and too little in terms of what the underlying goals are?
First of all, what do you gain from "storing users in Zope"? Is your real goal to make sure only a subset of users from LDAP can access your site? That goal is easily fulfilled by configuring the LDAPUserFolder to store role information on the user folder and disregard the LDAP server. Then you just secure your site by requiring a certain role and only give that role to the subset of users you want to let in.
jens
Andreas warned me not to step on your toes ... ;-) I didn't mean to put LDAPUserFolder down but it felt like using a canonball to kill a mosquito (famous Dutch saying) Well I did say I *thought* LDAPUserFolder was not what I was looking for. But since you are the expert on LDAPUserFolder I think I should take that back. What you describe, is what I want to do .. but I thought it would be necessary to store the users in zope to be able to form groups in zope... Perhaps I would have figured it out myself if I was able to get LDAPUserFolder to work but I think I'm missing something... (well actually I'm missing a lot... I don't know much about LDAP so "start coding" is probably not a good idea...) Here is my situation at this moment: I have LDAPUserFolder working in a sense that I can search for users (and find the ldap entries) when I'm in the LDAPUserFolder - Users tab. So far so good. But when I limit access to a folder (in the Security tab on zope) to for example authenticated users and I try to logon to that folder, after authenticating (using the correct LDAP username and password) I get an error that doesn't make sense to me. Googling does not bring a solution. The error is: "TypeError len() of unsized object". (Using wrong (LDAP) credentials get's me a "You are not authorized to access this resource. Username and password are not correct." message.) On the same folder this problem does not occur when I use a native zope user to logon. I'm using on Windows XP Zope 2.7.2-0, python 2.3.5, win32 LDAPUserFolder 2.6 OpenLDAP 2.3.11 And I allso tested on Windows XP with Plone 2.1.1 (is with Zope 2.7.8-final, python 2.3.5, win32) LDAPUserFolder 2.6 OpenLDAP 2.3.11 Do you have any idea what I'm doing wrong? Thanks in advance, Ria