[Zope] LDAPUserFolder never authorizes

Jens Vagelpohl jens@zope.com
Mon, 12 Aug 2002 19:28:56 -0400


the objectClass "organizationalRole" is not supported as a suitable group 
"holder". store your group memberships in objects that are supported, such 
as groupOfUniqueNames, groupOfNames, or group.

jens


On Monday, August 12, 2002, at 12:32 , Joel Burton wrote:

> I've installed LDAPUserFolder to test its suitability for an upcoming
> project. It seems to install fine, and I can add/update users through
> its web interface, but I can never get it to authorize a user from the
> LDAP database.
>
>
> 1. The LDAP installation:
>
> OpenLDAP 2.0.25 installed from source onto a Linux box.
> slapd configuration is:
>
>
>     include     /usr/local/etc/openldap/schema/core.schema
>     include     /usr/local/etc/openldap/schema/cosine.schema
>     include     /usr/local/etc/openldap/schema/inetorgperson.schema
>
>     defaultsearchbase "dc=joelburton,dc=com"
>     pidfile     /usr/local/var/slapd.pid
>     argsfile    /usr/local/var/slapd.args
>
>     access to * by anonymous write
>
>     database    ldbm
>     suffix      "dc=joelburton,dc=com"
>     rootdn      "cn=Manager,dc=joelburton,dc=com"
>     rootpw      MY_PASSWORD_IS_HERE
>     directory   /usr/local/var/openldap-ldbm
>     index       objectClass eq
>
> I can succesfully perform searches from the command line.
>
>
> 2. python-ldap & Zope
>
> Installed properly, can import it. Python 2.1.3, Zope 2.6.0a1.
>
>
> 3. LDAPUserFolder
>
> Installed in Products directory. Not broken, no warnings.
>
> In folder /ldap, have an LDAPUserFolder with following config:
>
>   Server: joelburton.com                   Not SSL
>   Login Name Attribute: cn
>   RDN Attribute: cn
>   User Base DN: dc=joelburton,dc=com       Scope=SUBTREE
>   Group Storage: not in LDAP server
>   LDAP Login DN: cn=Manager,dc=joelburton,dc=com
>   User object classes: top,person
>   Encryption: SHA
>   Default user roles: Anonymous
>   Authentication: Cookie
>
> I can view my users, add a user (& check with ldap commandline tools
> that they were actually added)
>
>
> 4. LDAP data:
>
>     dn: dc=joelburton, dc=com
>     objectClass: dcObject
>     objectClass: organization
>     o: Example Company
>     dc: joelburton
>
>     dn: cn=Manager,dc=joelburton,dc=com
>     objectClass: organizationalRole
>     cn: Manager
>
>     dn: cn=bob,dc=joelburton,dc=com
>     sn: bob
>     givenName: bob
>     cn: bob
>     objectClass: top
>     objectClass: person
>     objectClass: inetorgperson
>     userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289
>
> 'bob' has been given the Manager role & it appears on the Users tab of
> the LDAPUserFolder.
>
>
> 5. The problem:
>
> When I go to http://server/ldap/manage, and try logging in with
> user=bob, and his password, it never authenticates. I can log in with my
> user (located in site's root acl_users, not in LDAPUserFolder).
>
> The log (turned onto 9, Debugging) reads:
>
>     (9) Aug 12 12:30:21: joel not found (getUser)
>     (9) Aug 12 12:30:18: bob not found (getUser)
>     (9) Aug 12 12:30:18: No data in _lookupuser for uid bob
>
>
>
> Any pointers on where to start would be helpful, as would a LDIF file
> that I could import w/data that I could use demonstrat that this will
> work.
>
> I'm not very knowledgable about LDAP, so it's possible that I've done
> something wrong with my LDAP setting -- but LDAP's commandline tools
> seem to be working fine.
>
> Thanks!
>
> - J.
>
>
> --
>
> Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim: wjoelburton
> Independent Knowledge Management Consultant
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )