[Zope] LDAPUserFolder never authorizes
Joel Burton
joel@joelburton.com
Mon, 12 Aug 2002 19:39:17 -0400
On Mon, Aug 12, 2002 at 07:28:56PM -0400, Jens Vagelpohl wrote:
> the objectClass "organizationalRole" is not supported as a suitable group
> "holder". store your group memberships in objects that are supported, such
> as groupOfUniqueNames, groupOfNames, or group.
> > dn: dc=joelburton, dc=com
> > objectClass: dcObject
> > objectClass: organization
> > o: Example Company
> > dc: joelburton
> >
> > dn: cn=Manager,dc=joelburton,dc=com
> > objectClass: organizationalRole
> > cn: Manager
> >
> > dn: cn=bob,dc=joelburton,dc=com
> > sn: bob
> > givenName: bob
> > cn: bob
> > objectClass: top
> > objectClass: person
> > objectClass: inetorgperson
> > userPassword:: e1NIQX1TQmdhelNLejdhNjhpa1I0YUtmZmZPWXBrZ289
Jens (& others) --
Thanks for the help. If I understand right, though, the "Manager" here
is just the dn of the user who has full privileges to the LDAP server --
it shouldn't be related to the Zope roles (which I'm not storing in the
LDAP server). If I were keeping the Zope roles in the LDAP server, I
would use groupOfUmiqueNames to connect that group to the users.
My plan was to get authentication to work w/o the additional
complications of groups in LDAP, and then try to add the LDAP groups in.
Is this not a workable strategy?
Do you have any tips on how to get this authenticated with the groups
being stored in the ZODB?
Thanks!
- J.
--
Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton
Independent Knowledge Management Consultant