LDAPUserFolder and Zope 2.5.1
As I know, LDAP it's a standard protocol to access a user database on a server. I also read that by using LDAP you can read and write on this database. In my case, I only have read permissions and I'm not allowed to see the database internal structure neither to change it. I've tried to get it work but it doesn't and don't know why. I Just create a schema as follows: LDAP Server: ldap.myorganization.ch Login name attribute: uid RDN Attribute: Canonical name Users base DN: ou=student,o=myorganization,c=ch Scope: Subtree Group storage: Groups not stored on LDAP server Groups Base DN: same as Users base DN (I don't know what else can I put here and I don't have more info) LDAPLogin and Pasword are empty User object classes: top,person User password encryption: crypt Default User Roles: Anonymous Authentication: Basic HTTP Authentication Next I added the group student and assigned it my local Zope role Student. My question is how can I populate my user folder? I saw the feature add user, but I need to add 500 hundred users and I guess this is not the way of doing it and I don't see anythin on the Caches tab. My logic says my that this feature is only if you want to add users to your ldap database. But I rather than add want to authenticate them. Because I don't have any result when I search by uid, I just made this: <dtml-in "findUser('sn','lastname')"> <dtml-var "_['sequence-item']"> </dtml-in> And then I saw a dictionary with lots of fields, but not uid. I'm just wondering why. I guess the authentication looks for this username and then gives the password. Whenever I observe the log contents, I see always somethin like: (9) Apr 29 20:37:55: userx not found (getUser) Does anybody know what I'm doing wrong? Thanks in advanced, Josef.
As I know, LDAP it's a standard protocol to access a user database on a server. I also read that by using LDAP you can read and write on this database. In my case, I only have read permissions and I'm not allowed to see the database internal structure neither to change it. I've tried to get it work but it doesn't and don't know why.
if you don't know much about the internal structure of the LDAP database you are connecting to you have a real problem. there is a ton of configuration options that depend on knowing the database.
I Just create a schema as follows:
LDAP Server: ldap.myorganization.ch Login name attribute: uid RDN Attribute: Canonical name Users base DN: ou=student,o=myorganization,c=ch Scope: Subtree Group storage: Groups not stored on LDAP server Groups Base DN: same as Users base DN (I don't know what else can I put here and I don't have more info)
LDAPLogin and Pasword are empty
User object classes: top,person User password encryption: crypt Default User Roles: Anonymous Authentication: Basic HTTP Authentication
do you even know if these are the correct values for your LDAP server? you seem to be able to connect to it judging by your email, but are you sure that the UID attribute is indeed the attribute name for the login and that the relative distinguished name (RDN) attribute is really CN?
My question is how can I populate my user folder? I saw the feature add user, but I need to add 500 hundred users and I guess this is not the way of doing it and I don't see anythin on the Caches tab. My logic says my that this feature is only if you want to add users to your ldap database. But I rather than add want to authenticate them.
if the users you need are already in LDAP then there is no "population" to do. besides, the adding is not possible for you, anyway, since you don't have write access.
Because I don't have any result when I search by uid, I just made this:
<dtml-in "findUser('sn','lastname')"> <dtml-var "_['sequence-item']"> </dtml-in>
And then I saw a dictionary with lots of fields, but not uid. I'm just wondering why. I guess the authentication looks for this username and then gives the password.
are you sure that anonymous users (since you did not specify a LDAP bind UID and password, you are anonymous for the LDAP server) are allowed to read the UID attribute? (and is the UID attribute really available and what you want, see above)?
Whenever I observe the log contents, I see always somethin like:
(9) Apr 29 20:37:55: userx not found (getUser)
Does anybody know what I'm doing wrong?
what you're doing wrong seems to be trying to configure a product that requires a lot of knowledge about the server it connects to without actually having that knowledge... jens
do you even know if these are the correct values for your LDAP server? you seem to be able to connect to it judging by your email, but are you sure that the UID attribute is indeed the attribute name for the login and that the relative distinguished name (RDN) attribute is really CN? Actually, all this values were given to my by the guy who is responsible from the LDAP server.
if the users you need are already in LDAP then there is no "population" to do. besides, the adding is not possible for you, anyway, since you don't have write access. Ok, I understand it, but if everything is correct, should I see them on the caches tab, shouldn't I? Or how do I know that everything is working?
what you're doing wrong seems to be trying to configure a product that requires a lot of knowledge about the server it connects to without actually having that knowledge... Ok, I'll talk to the guy who gives me all the info again.
Thanks for your reply. Josef.
if the users you need are already in LDAP then there is no "population" to do. besides, the adding is not possible for you, anyway, since you don't have write access. Ok, I understand it, but if everything is correct, should I see them on the caches tab, shouldn't I? Or how do I know that everything is working?
the Cache tab shows people who are *currently logged in*, not every user that is in LDAP. this is explained on the page itself as well as in the help system page for this tab. jens
On Mon, 29 Apr 2002, Jens Vagelpohl wrote:
if you don't know much about the internal structure of the LDAP database you are connecting to you have a real problem. there is a ton of configuration options that depend on knowing the database. Did anybody had success in using a Novell NDS directory which claims to be LDAP compatible?
Any hints? Kind regards Andreas.
Yes, I have a exUserFolder adaptor that connects to NDS via LDAP. I can mail it if you're interested. Phil ----- Original Message ----- From: "Tille, Andreas" <TilleA@rki.de> To: "Jens Vagelpohl" <jens@zope.com> Cc: "Zope user list" <zope@zope.org> Sent: Tuesday, May 07, 2002 10:14 AM Subject: [Zope] Novell NDS (Was: LDAPUserFolder and Zope 2.5.1)
On Mon, 29 Apr 2002, Jens Vagelpohl wrote:
if you don't know much about the internal structure of the LDAP database you are connecting to you have a real problem. there is a ton of configuration options that depend on knowing the database. Did anybody had success in using a Novell NDS directory which claims to be LDAP compatible?
Any hints?
Kind regards
Andreas.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Tue, 7 May 2002, Phil Harris wrote:
Yes, I have a exUserFolder adaptor that connects to NDS via LDAP.
I can mail it if you're interested. Yes, I would be interested. In how far is it different from LDAPUserFolder?
Kind regards Andreas.
NDS is a fully standards-compliant LDAP server AFAIK. it should work without a problem. jens On Tuesday, May 7, 2002, at 05:14 , Tille, Andreas wrote:
On Mon, 29 Apr 2002, Jens Vagelpohl wrote:
if you don't know much about the internal structure of the LDAP database you are connecting to you have a real problem. there is a ton of configuration options that depend on knowing the database. Did anybody had success in using a Novell NDS directory which claims to be LDAP compatible?
Any hints?
Kind regards
Andreas.
apart from the fact that the passwords are not held in the ldap in anyway, the only way you know you've auth'ed correctly or not is wheteher an exception is raised or not. ----- Original Message ----- From: "Jens Vagelpohl" <jens@zope.com> To: "Tille, Andreas" <TilleA@rki.de> Cc: "Zope user list" <zope@zope.org> Sent: Tuesday, May 07, 2002 1:03 PM Subject: [Zope] Re: Novell NDS (Was: LDAPUserFolder and Zope 2.5.1)
NDS is a fully standards-compliant LDAP server AFAIK. it should work without a problem.
jens
On Tuesday, May 7, 2002, at 05:14 , Tille, Andreas wrote:
On Mon, 29 Apr 2002, Jens Vagelpohl wrote:
if you don't know much about the internal structure of the LDAP database you are connecting to you have a real problem. there is a ton of configuration options that depend on knowing the database. Did anybody had success in using a Novell NDS directory which claims to be LDAP compatible?
Any hints?
Kind regards
Andreas.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On 7 May 2002 at 11:14, Tille, Andreas wrote:
On Mon, 29 Apr 2002, Jens Vagelpohl wrote:
if you don't know much about the internal structure of the LDAP database you are connecting to you have a real problem. there is a ton of configuration options that depend on knowing the database. Did anybody had success in using a Novell NDS directory which claims to be LDAP compatible?
Any hints?
Kind regards
Andreas.
I'm using LDAPUserFolder to talk to eDirectory running on Linux.. Works fine. Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax AOL-IM: BKClements
On Tue, 7 May 2002, Brad Clements wrote:
I'm using LDAPUserFolder to talk to eDirectory running on Linux.. Works fine. Sorry, I'm talking about the NDS which is (IMHO) bundled with Novell 5.
Kind regards Andreas.
On 8 May 2002 at 11:44, Tille, Andreas wrote:
On Tue, 7 May 2002, Brad Clements wrote:
I'm using LDAPUserFolder to talk to eDirectory running on Linux.. Works fine. Sorry, I'm talking about the NDS which is (IMHO) bundled with Novell 5.
It's the same thing. NDS == eDirectory. Wether or not it's running on NetWare or Linux doesn't matter. Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax AOL-IM: BKClements
participants (5)
-
Brad Clements -
Jens Vagelpohl -
Josef Meile -
Phil Harris -
Tille, Andreas