[Zope] LDAPUserFolder and Zope 2.5.1

Jens Vagelpohl jens@zope.com
Mon, 29 Apr 2002 15:37:14 -0400


> As I know, LDAP it's a standard protocol to access a user database on a
> server. I also read that by using LDAP you can read and write on this
> database. In my case, I only have read permissions and I'm not allowed to
> see the database internal structure neither to change it. I've tried to 
> get
> it work but it doesn't and don't know why.

if you don't know much about the internal structure of the LDAP database 
you are connecting to you have a real problem. there is a ton of 
configuration options that depend on knowing the database.

> I Just create a schema as follows:
>
> LDAP Server:            ldap.myorganization.ch
> Login name attribute: uid
> RDN Attribute:          Canonical name
> Users base DN:        ou=student,o=myorganization,c=ch
> Scope:                     Subtree
> Group storage:          Groups not stored on LDAP server
> Groups Base DN:      same as Users base DN
>                                (I don't know what else can I put here and 
> I
> don't have more info)
>
> LDAPLogin and
> Pasword are empty
>
> User object classes: top,person
> User password encryption: crypt
> Default User Roles:   Anonymous
> Authentication:         Basic HTTP Authentication

do you even know if these are the correct values for your LDAP server? you 
seem to be able to connect to it judging by your email, but are you sure 
that the UID attribute is indeed the attribute name for the login and that 
the relative distinguished name (RDN) attribute is really CN?


> My question is how can I populate my user folder? I saw the feature add
> user, but I need to add 500 hundred users and I guess this is not the way 
> of doing it and I don't see anythin on the Caches tab. My logic says my 
> that this
> feature is only if you want to add users to your ldap database. But I 
> rather than add want to authenticate them.

if the users you need are already in LDAP then there is no "population" to 
do. besides, the adding is not possible for you, anyway, since you don't 
have write access.


> Because I don't have any result when I search by uid, I just made this:
>
> <dtml-in "findUser('sn','lastname')">
>   <dtml-var "_['sequence-item']">
> </dtml-in>
>
> And then I saw a dictionary with lots of fields, but not uid. I'm just
> wondering why. I guess the authentication looks for this username and
> then gives the password.

are you sure that anonymous users (since you did not specify a LDAP bind 
UID and password, you are anonymous for the LDAP server) are allowed to 
read the UID attribute? (and is the UID attribute really available and 
what you want, see above)?


> Whenever I observe the log contents, I see always somethin like:
>
> (9) Apr 29 20:37:55: userx not found (getUser)
>
> Does anybody know what I'm doing wrong?

what you're doing wrong seems to be trying to configure a product that 
requires a lot of knowledge about the server it connects to without 
actually having that knowledge...

jens