I was trying to assign local role to users in the securitytab in zope management with users from an ldapdatabase (Active directory) authenticating works very well, but the above raises exeptions
the traceback telles me this:
Traceback (innermost last): Module ZPublisher.Publish, line 100, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module App.special_dtml, line 175, in _exec Module DocumentTemplate.DT_Try, line 140, in render Module DocumentTemplate.DT_Try, line 149, in render_try_except Module DocumentTemplate.DT_In, line 623, in renderwob Module AccessControl.Role, line 317, in get_valid_userids Module AccessControl.User, line 965, in user_names Module Products.LDAPUserFolder.LDAPUserFolder, line 608, in getUserNames TypeError: list indices must be integers
From that traceback I am assuming that you are not using the latest LDAPUserFolder version (2.4) - I suggest you upgrade first and try again. jens
Jens Vagelpohl wrote:
I was trying to assign local role to users in the securitytab in zope management with users from an ldapdatabase (Active directory) authenticating works very well, but the above raises exeptions
From that traceback I am assuming that you are not using the latest LDAPUserFolder version (2.4) - I suggest you upgrade first and try again.
Installed new version, but i still get the exception: Traceback (innermost last): Module ZPublisher.Publish, line 100, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module App.special_dtml, line 175, in _exec Module DocumentTemplate.DT_Try, line 140, in render Module DocumentTemplate.DT_Try, line 149, in render_try_except Module DocumentTemplate.DT_In, line 623, in renderwob Module AccessControl.Role, line 317, in get_valid_userids Module AccessControl.User, line 965, in user_names Module Products.LDAPUserFolder.LDAPUserFolder, line 608, in getUserNames TypeError: list indices must be integers I'm running with zope 2.7.0 Best regards Einar Næss Jensen
A guess: your LDAP server may have too many user entries to be processed by this function. You may need to change the LDAP server to successfully return more than the default number of objects. This depends on your LDAP server, and the change probably needs to be made there (and not within LDAPUserFolder). For MS Active Directory, the answer is to set the the "MaxPageSize" setting to more than the default (which is 1000) as detailed via http://support.microsoft.com/?kbid=271088. For OpenLDAP, you set the "sizelimit" key to more than the default by editing slapd.conf (see http://www.ldapadministrator.com/forum/viewtopic.php?t=14 ) . HTH - C On Mon, 2004-08-09 at 03:55, Einar Næss Jensen wrote:
Jens Vagelpohl wrote:
I was trying to assign local role to users in the securitytab in zope management with users from an ldapdatabase (Active directory) authenticating works very well, but the above raises exeptions
From that traceback I am assuming that you are not using the latest LDAPUserFolder version (2.4) - I suggest you upgrade first and try again.
Installed new version, but i still get the exception:
Traceback (innermost last): Module ZPublisher.Publish, line 100, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module App.special_dtml, line 175, in _exec Module DocumentTemplate.DT_Try, line 140, in render Module DocumentTemplate.DT_Try, line 149, in render_try_except Module DocumentTemplate.DT_In, line 623, in renderwob Module AccessControl.Role, line 317, in get_valid_userids Module AccessControl.User, line 965, in user_names Module Products.LDAPUserFolder.LDAPUserFolder, line 608, in getUserNames
TypeError: list indices must be integers
I'm running with zope 2.7.0
Best regards Einar Næss Jensen
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
On Aug 9, 2004, at 15:26, Chris McDonough wrote:
A guess: your LDAP server may have too many user entries to be processed by this function. You may need to change the LDAP server to successfully return more than the default number of objects.
This depends on your LDAP server, and the change probably needs to be made there (and not within LDAPUserFolder). For MS Active Directory, the answer is to set the the "MaxPageSize" setting to more than the default (which is 1000) as detailed via http://support.microsoft.com/?kbid=271088. For OpenLDAP, you set the "sizelimit" key to more than the default by editing slapd.conf (see http://www.ldapadministrator.com/forum/viewtopic.php?t=14 ) .
I can't reproduce that with a small sizelimit using OpenLDAP. ldap.SIZELIMIT_EXCEEDED is explicitly caught in the delegate search method. The only thing I can think of is that AD spits out something malformed. The only way to find out (at least that's what I always do) is to step through it using pdb. jens
Jens Vagelpohl wrote:
On Aug 9, 2004, at 15:26, Chris McDonough wrote:
A guess: your LDAP server may have too many user entries to be processed by this function. You may need to change the LDAP server to successfully return more than the default number of objects.
This depends on your LDAP server, and the change probably needs to be made there (and not within LDAPUserFolder). For MS Active Directory, the answer is to set the the "MaxPageSize" setting to more than the default (which is 1000) as detailed via http://support.microsoft.com/?kbid=271088. For OpenLDAP, you set the "sizelimit" key to more than the default by editing slapd.conf (see http://www.ldapadministrator.com/forum/viewtopic.php?t=14 ) .
I can't reproduce that with a small sizelimit using OpenLDAP. ldap.SIZELIMIT_EXCEEDED is explicitly caught in the delegate search method.
The only thing I can think of is that AD spits out something malformed. The only way to find out (at least that's what I always do) is to step through it using pdb.
I have never used the debugger before, so I'm not sure if did the correct thing with it, but i found out that the function returns an almost empty dictionary with only two items also, in the "users" tab in ldapuserfolder in the ZMI, if I searc the active directory without giving a username, i get the ansvear : SN: Error DN: n/a Distinguished name : Too many results for this query <http://mime.hf.ntnu.no:10080/testing/acl_users/manage_userrecords?user_dn=Too%20many%20results%20for%20this%20query> i guess this is why it returns the error: *Error Type: TypeError* *Error Value: list indices must be integers maybe? *I will check out the active directory-server tomorrw as Chris McDonough suggested. We have just about 1030 users in our active directory. (some users less active than others) Thanks both! Best regards Eianr Næss Jensen
participants (3)
-
Chris McDonough -
Einar Næss Jensen -
Jens Vagelpohl