[Zope-CMF] Problems with and questions about LDAPUserFolder

Jens Vagelpohl jens@zope.com
Thu, 28 Feb 2002 08:12:12 -0500


i think there are several problems here:

- the exception occurring when you add a new role to a user is a bug. i 
have fixed this in CVS and if you go to 
http://cvs.dataflake.org/LDAPUserFolder/ you can use the "Download tarball"
  link at the bottom of the screen to download a tarball containing a fix.

- there are known problems with using cookie mode and M$ internet exploiter 
on windoze. when it comes to a CMF site i would keep the cookie crumbler in 
place and use the LDAPUserFolder in basic HTTP authentication mode.

- as far as recognizing groups other than groupOfUniqueNames, i cannot 
reproduce your problem. i tested it by going to the Groups tab and adding 
groups through the user folder itself, groups of types other than 
groupOfUniqueNames. the new groups showed up correctly and were available 
in the user record detail view.

- the LDAPUserFolder can only work with the CMF in conjunction with the 
CMFLDAP product, which you can find at 
http://www.dataflake.org/software/cmfldap . and again, do not delete the 
cookie crumbler, keep it and use the LDAPUserFolder in non-cookie mode. 
CMFLDAP contains custom forms for joining the CMF site and for changing 
personal info. they might need customizing to fit your particular needs.

jens


On Thursday, February 28, 2002, at 03:54 , Bert Vanderbauwhede wrote:

> Hi,
>
> I got a couple of problems with the LDAPUserFolder.
>
> This is my configuration:
> - Python 2.1.2
> - Zope 2.5
> - LDAPUserFolder 1.2
> - CMF 1.2
>
> I have a CMF Site where I replace the default UserFolder with a 
> LDAPUserFolder. I configure this as follows:
> - LDAP Server
> - Login Name Attribute
> - RDN Attribute
> - Users Base DN
> - Scope: Subtree
> - Group Storage: Groups not stored on LDAP Server
> - User object classes: top,person
> - User password encryption: crypt
> - Default User Roles: Anonymous
> - Authentication: Cookie Authentication
>
> The LDAPUserFolder connects to the LDAP server. I can go to
> the Users screen and search for a user, and get the results
> back, but when I try to add a group/role to the user I get a
> AttributeError in LDAPUserFolder.py, line 1611:
>
>  AttributeError: 'None' object has no attribute '_expire'
>
>
> As a result, no group/role is assigned to that user.
>
> Another problem is that I can't login on the site with a
> user that is stored in LDAP. This could be the result from
> the previous problem, but I can't tell.
>
> (All this happens in a CMF Site, but I have also tried it
> in an ordinary folder, with the same results.)
>
> I also got a couple of questions:
>
> Eventually, the groups/roles will be defined in LDAP. In
> the help files, you say that the groups have to be of the
> LDAP class groupOfUniqueNames. Yet, in the groups screen
> you can define groups of other classes: groupOfNames and
> group. Our LDAP server already contains entries of class
> groupOfNames, but the LDAPUserFolder doesn't find them.
> Do you have an idea what's going on?
>
> Can the LDAPUserFolder work with CMF? is it sufficient to
> install the LDAPUserFolder and delete the CookieCrumbler?
> Do I have to define any custom forms, or can I use the CMF
> login screens as is?
>
>
> Bert Vanderbauwhede...
> ---
> "All PCs are compatible.
> But some of them are more
> compatible than others."
>
>
>
>
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
>
> See http://www.zope.org/Products/PTK/Tracker for bug reports and feature 
> requests