[Zope] LDAPUserFolder never authorizes

Joel Burton joel@joelburton.com
Tue, 13 Aug 2002 09:00:39 -0400 

On Mon, Aug 12, 2002 at 07:53:41PM -0400, Jens Vagelpohl wrote:
> ok, my fault, i overlooked that in your configuration settings description.
> 
> first of all, since you are using cookie auth, make sure to delete all and 
> any cookies with the name "__ac" from that particulat server. sometimes the 
> wrong cookies hang around and you'll never be able to log in. better yet, 
> test this without cookies first. set the user folder to use basic auth.

Done that, too. I switched it to cookies only so I could see that cookie
form to verify that it was LDAPUserFolder that was trying to
authenticate me, and not just the root user folder. Switching it back to
HTTP_Basic still doesn't authenticate.
 
> from your description it looks like the LDAPUserFolder is further down in 
> the tree, with at least one other user folder above. it is possible in 
> extreme cases that you will run into problems if both user folders have a 
> user with the same login defined.

Nope -- my acl_users in the root contains only joel, my LDAP folder
contains only bob.

>  1.5 beta3, has a lot of improvements specifically for running it with role 
> information stored in the ZODB like you are trying to do. that includes a 
> "convenience" user listing on the Users tab for all those user records that 
> have a role associated with them which is only visible if you store roles 
> in the ZODB.

Am running 1.5b3. The "Users with locally stored roles" shows

"cn=bob,dc=joelburton,dc=com            Manager"

> if you can find users by searching via the Users tab and if they do have 
> roles associated with them (as would be apparent on the user detail view 
> for specific records) then this should work. are you sure your passwords 
> are set correctly? use the "change password" form on the record detail view 
> from the Users tab to reset the password if you are unsure.

bob shows up when I search the user list. He has the Manager privilege.
I've changed his password (again, to "bob") but still no luck.

Not sure if this is helpful, but:

* under "Caches", there was no Cached users

* The log (set to "Debugging") is full of "joel not found (getUser)" and
a few "bob not found (getUser)" and "No data is _lookupuser for uid
bob" -- joel is the manager account that owns the ldap folder.

-- 
Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim: wjoelburton
Independent Knowledge Management Consultant