[Zope] Zope Security

Matthew T. Kromer matt@zope.com
Wed, 20 Feb 2002 11:57:54 -0500


Tim Hawes wrote:

> OK, ZopeLDAP is not doing what I want, so I am going to use 
> python-ldap directly in a script.
>
> I make ldap module legal to use in a __init__.py file, I can now use 
> the ldap module on my own... that is, I can so long as I do not 
> attempt to bind to an ldap server.
>
> Site Error
>
>  An error was encountered while publishing this resource.
>
>  Unauthorized
>
>  Sorry, a site error occurred.
>
>  Traceback (innermost last):
> ...
>  Unauthorized: simple_bind_s
>
>
> I get this after it tries to reauthenticate me. What the heck is this, 
> and how do I tell Zope security to shut up and leave me alone? 
> Anonymous binds are not permitted by the LDAP server I am trying to 
> connect to, so I have to bind as the directory manager. I will also be 
> adding routines to add, delete, and modify entries in LDAP through 
> Zope, so I need to make sure all my bases are covered here.


OK, the short answer is that simple_bind_s is trying to be called from a 
python script, and the security mechanism is saying "woah! I dont know 
anything about that!".  

One cheesy way around this is to create an external method to return you 
a "wrapped" LDAP object that has the special attribute 
_allow_access_to_unprotected_subobjects_ = 1 set.  Alternatively, you 
can move all of the LDAP-using routines into external methods.

Basically, once the LDAP routines pass an object into the Zope 
environment, Zope will try to see if it has any information about the 
security on the object.  If it cant see any security declarations, it 
will presume the object's methods are protected by default.

-- 
Matt Kromer
Zope Corporation  http://www.zope.com/