[Zope] LDAPUserFolder never authorizes
Jens Vagelpohl
jens@zope.com
Mon, 12 Aug 2002 19:28:56 -0400
the objectClass "organizationalRole" is not supported as a suitable group
"holder". store your group memberships in objects that are supported, such
as groupOfUniqueNames, groupOfNames, or group.
jens
On Monday, August 12, 2002, at 12:32 , Joel Burton wrote:
> I've installed LDAPUserFolder to test its suitability for an upcoming
> project. It seems to install fine, and I can add/update users through
> its web interface, but I can never get it to authorize a user from the
> LDAP database.
>
>
> 1. The LDAP installation:
>
> OpenLDAP 2.0.25 installed from source onto a Linux box.
> slapd configuration is:
>
>
> include /usr/local/etc/openldap/schema/core.schema
> include /usr/local/etc/openldap/schema/cosine.schema
> include /usr/local/etc/openldap/schema/inetorgperson.schema
>
> defaultsearchbase "dc=joelburton,dc=com"
> pidfile /usr/local/var/slapd.pid
> argsfile /usr/local/var/slapd.args
>
> access to * by anonymous write
>
> database ldbm
> suffix "dc=joelburton,dc=com"
> rootdn "cn=Manager,dc=joelburton,dc=com"
> rootpw MY_PASSWORD_IS_HERE
> directory /usr/local/var/openldap-ldbm
> index objectClass eq
>
> I can succesfully perform searches from the command line.
>
>
> 2. python-ldap & Zope
>
> Installed properly, can import it. Python 2.1.3, Zope 2.6.0a1.
>
>
> 3. LDAPUserFolder
>
> Installed in Products directory. Not broken, no warnings.
>
> In folder /ldap, have an LDAPUserFolder with following config:
>
> Server: joelburton.com Not SSL
> Login Name Attribute: cn
> RDN Attribute: cn
> User Base DN: dc=joelburton,dc=com Scope=SUBTREE
> Group Storage: not in LDAP server
> LDAP Login DN: cn=Manager,dc=joelburton,dc=com
> User object classes: top,person
> Encryption: SHA
> Default user roles: Anonymous
> Authentication: Cookie
>
> I can view my users, add a user (& check with ldap commandline tools
> that they were actually added)
>
>
> 4. LDAP data:
>
> dn: dc=joelburton, dc=com
> objectClass: dcObject
> objectClass: organization
> o: Example Company
> dc: joelburton
>
> dn: cn=Manager,dc=joelburton,dc=com
> objectClass: organizationalRole
> cn: Manager
>
> dn: cn=bob,dc=joelburton,dc=com
> sn: bob
> givenName: bob
> cn: bob
> objectClass: top
> objectClass: person
> objectClass: inetorgperson
> userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289
>
> 'bob' has been given the Manager role & it appears on the Users tab of
> the LDAPUserFolder.
>
>
> 5. The problem:
>
> When I go to http://server/ldap/manage, and try logging in with
> user=bob, and his password, it never authenticates. I can log in with my
> user (located in site's root acl_users, not in LDAPUserFolder).
>
> The log (turned onto 9, Debugging) reads:
>
> (9) Aug 12 12:30:21: joel not found (getUser)
> (9) Aug 12 12:30:18: bob not found (getUser)
> (9) Aug 12 12:30:18: No data in _lookupuser for uid bob
>
>
>
> Any pointers on where to start would be helpful, as would a LDIF file
> that I could import w/data that I could use demonstrat that this will
> work.
>
> I'm not very knowledgable about LDAP, so it's possible that I've done
> something wrong with my LDAP setting -- but LDAP's commandline tools
> seem to be working fine.
>
> Thanks!
>
> - J.
>
>
> --
>
> Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton
> Independent Knowledge Management Consultant
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )