[Zope] LDAPUserFolder never authorizes

Joel Burton joel@joelburton.com
Mon, 12 Aug 2002 12:32:09 -0400 

I've installed LDAPUserFolder to test its suitability for an upcoming
project. It seems to install fine, and I can add/update users through
its web interface, but I can never get it to authorize a user from the
LDAP database.


1. The LDAP installation:

OpenLDAP 2.0.25 installed from source onto a Linux box.
slapd configuration is:


    include     /usr/local/etc/openldap/schema/core.schema
    include     /usr/local/etc/openldap/schema/cosine.schema
    include     /usr/local/etc/openldap/schema/inetorgperson.schema

    defaultsearchbase "dc=joelburton,dc=com"
    pidfile     /usr/local/var/slapd.pid
    argsfile    /usr/local/var/slapd.args

    access to * by anonymous write

    database    ldbm
    suffix      "dc=joelburton,dc=com"
    rootdn      "cn=Manager,dc=joelburton,dc=com"
    rootpw      MY_PASSWORD_IS_HERE
    directory   /usr/local/var/openldap-ldbm
    index       objectClass eq

I can succesfully perform searches from the command line.


2. python-ldap & Zope

Installed properly, can import it. Python 2.1.3, Zope 2.6.0a1.


3. LDAPUserFolder

Installed in Products directory. Not broken, no warnings.

In folder /ldap, have an LDAPUserFolder with following config:

  Server: joelburton.com                   Not SSL
  Login Name Attribute: cn
  RDN Attribute: cn
  User Base DN: dc=joelburton,dc=com       Scope=SUBTREE
  Group Storage: not in LDAP server
  LDAP Login DN: cn=Manager,dc=joelburton,dc=com
  User object classes: top,person
  Encryption: SHA
  Default user roles: Anonymous
  Authentication: Cookie

I can view my users, add a user (& check with ldap commandline tools
that they were actually added)


4. LDAP data:

    dn: dc=joelburton, dc=com
    objectClass: dcObject
    objectClass: organization
    o: Example Company
    dc: joelburton

    dn: cn=Manager,dc=joelburton,dc=com
    objectClass: organizationalRole
    cn: Manager

    dn: cn=bob,dc=joelburton,dc=com
    sn: bob
    givenName: bob
    cn: bob
    objectClass: top
    objectClass: person
    objectClass: inetorgperson
    userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289

'bob' has been given the Manager role & it appears on the Users tab of
the LDAPUserFolder.


5. The problem:

When I go to http://server/ldap/manage, and try logging in with
user=bob, and his password, it never authenticates. I can log in with my
user (located in site's root acl_users, not in LDAPUserFolder).

The log (turned onto 9, Debugging) reads:

    (9) Aug 12 12:30:21: joel not found (getUser)
    (9) Aug 12 12:30:18: bob not found (getUser)
    (9) Aug 12 12:30:18: No data in _lookupuser for uid bob



Any pointers on where to start would be helpful, as would a LDIF file
that I could import w/data that I could use demonstrat that this will
work.

I'm not very knowledgable about LDAP, so it's possible that I've done
something wrong with my LDAP setting -- but LDAP's commandline tools
seem to be working fine.

Thanks!

- J.
  

-- 

Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim: wjoelburton
Independent Knowledge Management Consultant