On Fri, 1 Oct 2004 23:06:24 +0100, Jens Vagelpohl <jens@dataflake.org> wrote:
When I map a group to a role in the LDAPUserFolder itself, the users in the group get that role for the whole site. My understanding from the docs I have found is that if I create a satellite in a subfolder, then I can map groups to roles there, and then those mappings will be in effect for that subfolder. This does not seem to be working.
Does anyone know what I might be doing wrong, or where my understanding might be flawed?
The LDAPUserSatellite augments roles. This is done either by mapping roles that already exist on the user to new roles, or by looking up additional group memberships (which are translated to roles) in an LDAP tree branch you specify in its configuration.
jens
OK, what I have are locally stored groups. If these are mapped to roles *in the LDAPUserFolder*, then the users in those groups indeed gain those roles, but then as I would expect, those mappings apply to the whole site, which is a security hole. But if I enter the mapping in an LDAPUserSatellite in a subfolder, the users do not gain the roles. The docs say the mappings augment roles in the context of the satellite. What exactly is that context? Is there a certain ``id`` that the satellite must have in order to be effective? Right now, with logging on 9, nothing shows up in the log besides the two lines at the end of this message, as if the satellite is being bypassed entirely when authentication happens. Or is there a certain structure that I am not following, i.e. the satellite is sitting inside the actual folders for which I want to give augmented roles. Is this the proper setup? ------Log------ (3) Oct 01 19:40:45: Re-initialized through __setstate__ (0) Oct 01 19:40:45: Log buffer cleared ------End Log------ -- Chris Connett