[Zope] ldap user folder authentication prob

Jonathan Cheyne jon@foe.co.uk
Thu, 22 Nov 2001 13:34:29 +0000


>jonathan,

>it's trying to look up a user with account name "root"? is there such an
>account name in your zope instance

Yes - in the root folder is the default install acl folder with a 'root'
user (an admin user for the whole zope instance). Then there is a zwiki
folder and in there the ldapuserfolder. There are no other users in the
instance apart from root and whatever is returned from ldap. the ldap server
runs authentication for the intranet, some website functions etc and works.
I can authenticate ok for our iplanet servers.

I created a new user in the top level regular acl folder called admin. No
such user exists in ldap. I gave the admin user a Manager role. I can
administer the zope instance EXCEPT for the wiki containing ldapuserfolder.
If I try to view this folder I get

Error Type: INAPPROPRIATE_AUTH
Error Value: {'desc': 'Inappropriate authentication'}

This message also appears even if I try to /view/ the wiki when logged in as
admin. Log back in as jonathan and all is fine. To test if this was because
the admin uid might not be in ldap and that a partial lookup was occuring
for all other id's I added a user "doodah" and yet this worked ok (in so far
that it dod not produce that error). This means that only the admin user
creates that prob.

(Is there a protected user admin within zope as a whole maybe?)

Maybe this comes down to your roles question which I am not completely
following. I do a look up on a user (say me, jon) and do not get anything
saying roles just cn, dn, uid plus a long list of check boxes for groups
(hat we use for authentication things). Is this what you mean? In the
configure screen there as the box saying default user role - I changed this
to Authenticated but no diff.

Do I need to map one of our groups to a zope role?

Cheers

Jonathan