[Zope] Re: AW: Problems with jcNTUserFolder-0.0.4

Jephte CLAIN minf7@educ.univ-reunion.fr
Fri, 31 Mar 2000 15:39:05 +0400


a.wacknitz@francotyp.com wrote:
> > a.wacknitz@francotyp.com wrote:
> > > Hello Jephte,
> > > I have some problems with jcNTUserFolder in conjunction
> > > with Zope-2.1.6 running under Windows 2000:
> > I have not tested jcNTUserFolder under Windows 2000, but it
> > should work
> > except, I guess, if you run Windows 2000 in 'native' mode.
> What do you mean with 'native' mode? I have a Windows 2000 Professional
> running...
Windows 2000 professional is the equivalent of NT Workstation.
on Windows 2000 server, there is two way of managing the domain: the old
way (with pdc/bdc,etc.), and the new way, with active directory. in
native mode, pdc/bdc support is disabled and my code rely on it. you may
not be concerned by this 'problem' because nt 2000 pro (aka workstation)
can't manage a domain.

> > > If a subfolder has its own NT user folder, a user,
> > > given another role within this subfolder, is forced
> > > to authenticate again and this authentication always
> > > fails.
> > the roles given to the user in the sub-folder *replace* the roles
> > defined in higher folders, due to the way user folders work.
> > the user in
> > the subfolder must have the same role as in higher folders (so he can
> > traverse the higher folders), plus any new roles in the subfolder.
> This ist what I have done. But it does'nt work at all.
> What I want to have is the following:
> I have serveral users that should only see the root folder (/). All users
> have the role
> 'Benutzer' (german for user). Some users should be able to change the
> contents of subfolders. Therefore I have added an additional NT user folder
> in such subfolders. The users that should be able to change the contents are
> added within these NT user folders and have additional roles, such as
> 'administrator'. At the moment the roles of all other users are acquainted
> from the parent folders.
> But this doesn't work at all. Every user that has a new role in a subfolder
> is prompted for his name and password again. And whatever is entered, the
> authentifation fails. Only users with acquainted roles can see these
> subfolders.
> 
> I should mention that I have removed the standard user folder at Zope's root
> folder and replaced it with an NT user folder. I also revoked all rights for
> anonymous users. So everybody must log in to use the site.
bizarre, it should work. are you sure that Benutzers can *view* sub
folders? where did you create the administrator role? in the top level
folder or in the sub folders?
by the way, where do your users authenticate from? from the nt 2k pro
box (that is, the users are created *on* this box)? from a different
domain (and the domain controller is another machine)? until I can write
a better doc, also read in the zope archives the messages from 'Ava' and
'minf7'

I'm not at the office right now, so I can't do further tests. but I
should be able to reply on monday, at least.

by the way, if you want to force all users to log in, you may consider
using zope with iis, and let iis do the authentication. this may not be
possible with nt 2k *pro* (it doesn't work with nt workstation because
IIS requires nt server).
see http://www.zope.org/Members/jephte

hope this help
jephte clain
minf@educ.univ-reunion.fr

note: I'm leaving in 10 mn. if you want to reply, reply right now. if
not, see you on monday