[Zope] LDAPUserFolder never authorizes
Joel Burton
joel@joelburton.com
Tue, 13 Aug 2002 09:00:39 -0400
On Mon, Aug 12, 2002 at 07:53:41PM -0400, Jens Vagelpohl wrote:
> ok, my fault, i overlooked that in your configuration settings description.
>
> first of all, since you are using cookie auth, make sure to delete all and
> any cookies with the name "__ac" from that particulat server. sometimes the
> wrong cookies hang around and you'll never be able to log in. better yet,
> test this without cookies first. set the user folder to use basic auth.
Done that, too. I switched it to cookies only so I could see that cookie
form to verify that it was LDAPUserFolder that was trying to
authenticate me, and not just the root user folder. Switching it back to
HTTP_Basic still doesn't authenticate.
> from your description it looks like the LDAPUserFolder is further down in
> the tree, with at least one other user folder above. it is possible in
> extreme cases that you will run into problems if both user folders have a
> user with the same login defined.
Nope -- my acl_users in the root contains only joel, my LDAP folder
contains only bob.
> 1.5 beta3, has a lot of improvements specifically for running it with role
> information stored in the ZODB like you are trying to do. that includes a
> "convenience" user listing on the Users tab for all those user records that
> have a role associated with them which is only visible if you store roles
> in the ZODB.
Am running 1.5b3. The "Users with locally stored roles" shows
"cn=bob,dc=joelburton,dc=com Manager"
> if you can find users by searching via the Users tab and if they do have
> roles associated with them (as would be apparent on the user detail view
> for specific records) then this should work. are you sure your passwords
> are set correctly? use the "change password" form on the record detail view
> from the Users tab to reset the password if you are unsure.
bob shows up when I search the user list. He has the Manager privilege.
I've changed his password (again, to "bob") but still no luck.
Not sure if this is helpful, but:
* under "Caches", there was no Cached users
* The log (set to "Debugging") is full of "joel not found (getUser)" and
a few "bob not found (getUser)" and "No data is _lookupuser for uid
bob" -- joel is the manager account that owns the ldap folder.
--
Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton
Independent Knowledge Management Consultant