Hello, this might be trivial but I just can't find a way to do it. How does one replace the initial UserFolder at Zope root with a LDAPUSerFolder ? I tried the dummy way : delete the acl_users with an intent to instanciate a LDAPUSerFolder afterwards but that locked me out in a way I could do nothing but recreate a new Zope instance... skip-authentication-checking in etc/zope.conf didn't help... Zope 2.7 debian testing package. Oscar
Oscar Figueiredo wrote:
I tried the dummy way : delete the acl_users with an intent to instanciate a LDAPUSerFolder afterwards but that locked me out in a way I could do nothing
You need to log in as the emergency user, delete the old acl-users, instantiate the new LDAPUserFolder, and then logout and log in again as someone from the LDAPUserFolder who has Manager privileges (just make sure that such a user exists!). If any problems ever arise with the LDAPUserFolder, you'll need to log in as the emergency user in order to fix them. HTH, JZ
Oscar Figueiredo wrote:
this might be trivial but I just can't find a way to do it. How does one replace the initial UserFolder at Zope root with a LDAPUSerFolder ?
I tried the dummy way : delete the acl_users with an intent to instanciate a LDAPUSerFolder afterwards but that locked me out in a way I could do nothing but recreate a new Zope instance... skip-authentication-checking in etc/zope.conf didn't help...
Do not do that. You don't want to get locked out of your Zope because of LDAP problems. If you must have several other folders share a user folder other than the default, create a folder that contains everything. / /acl_users (ZODB) /root /root/acl_users (LDAP) /root/app1 /root/app2 --jcc -- "Building Websites with Plone" http://plonebook.packtpub.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 J Cameron Cooper wrote:
Oscar Figueiredo wrote:
this might be trivial but I just can't find a way to do it. How does one replace the initial UserFolder at Zope root with a LDAPUSerFolder ? I tried the dummy way : delete the acl_users with an intent to instanciate a LDAPUSerFolder afterwards but that locked me out in a way I could do nothing but recreate a new Zope instance... skip-authentication-checking in etc/zope.conf didn't help...
Do not do that. You don't want to get locked out of your Zope because of LDAP problems.
If you must have several other folders share a user folder other than the default, create a folder that contains everything.
Unless you are actively developing a new user folder implementation, the risk of being locked out is not too bad: "stable" user folders always emulate the "stock" version's handling of the EmergencyUser, which gives you a way to log in and fix / delete a broken '/acl_users'. If you *are* working on a new user folder implementation, then 'bin/zopectl debug' is your friend: $ bin/zopectl debug ...
app._delObject('acl_users') del app.__ac_groups get_transaction().commit() # Z27, deprecated in Z28
Tres. - -- =================================================================== Tres Seaver tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFClnju+gerLs4ltQ4RAoc0AJ0b10k04CEkonsKr4tEtOj0jcDJ1wCgqSn2 Ynw8lGPwGawmTZlWTxoB6Rs= =Fvbi -----END PGP SIGNATURE-----
On May 26, 2005, at 22:34, J Cameron Cooper wrote:
Oscar Figueiredo wrote:
this might be trivial but I just can't find a way to do it. How does one replace the initial UserFolder at Zope root with a LDAPUSerFolder ? I tried the dummy way : delete the acl_users with an intent to instanciate a LDAPUSerFolder afterwards but that locked me out in a way I could do nothing but recreate a new Zope instance... skip-authentication-checking in etc/zope.conf didn't help...
Do not do that. You don't want to get locked out of your Zope because of LDAP problems.
The emergency user always works. You can't lock yourself out due to LDAP problems. If anyone sees a symptom like that on the current LDAPUserFolder version it will be fixed right away because it is a bug. jens
Jens Vagelpohl wrote:
On May 26, 2005, at 22:34, J Cameron Cooper wrote:
Oscar Figueiredo wrote:
this might be trivial but I just can't find a way to do it. How does one replace the initial UserFolder at Zope root with a LDAPUSerFolder ? I tried the dummy way : delete the acl_users with an intent to instanciate a LDAPUSerFolder afterwards but that locked me out in a way I could do nothing but recreate a new Zope instance... skip-authentication-checking in etc/zope.conf didn't help...
Do not do that. You don't want to get locked out of your Zope because of LDAP problems.
The emergency user always works. You can't lock yourself out due to LDAP problems. If anyone sees a symptom like that on the current LDAPUserFolder version it will be fixed right away because it is a bug.
Yes, you can always break into Zope that way. But that's not something I would want to plan to do, especially when the alternative is so easy. --jcc -- "Building Websites with Plone" http://plonebook.packtpub.com/
On May 27, 2005, at 19:29, J Cameron Cooper wrote:
Do not do that. You don't want to get locked out of your Zope because of LDAP problems.
The emergency user always works. You can't lock yourself out due to LDAP problems. If anyone sees a symptom like that on the current LDAPUserFolder version it will be fixed right away because it is a bug.
Yes, you can always break into Zope that way. But that's not something I would want to plan to do, especially when the alternative is so easy.
My point is simply that asserting "never do that, you will lock yourself out" is just spreading FUD unless you work with badly written user folders. jens
participants (5)
-
J Cameron Cooper -
Jens Vagelpohl -
John Ziniti -
Oscar Figueiredo -
Tres Seaver