[Zope] Local Roles via LDAP? NuxUserGroups?
Florent Guillaume
fg@nuxeo.com
Sun, 21 Jul 2002 18:40:02 +0200
In article <3D33B35D.18DBD26D@nipltd.com> you write:
> If I replace the root userfolder of a ZODB with an LDAP User Folder,
> will I still be able to grant local roles to users defined in that
> user folder in certain parts of the tree?
Sure, why not? It's just a User Folder.
> The idea here is that in a CMS, you want some people to only be able
> to maintain content in certain areas of the site. Am I correct in
> assuming that the 'official' way of doing this in Zope is to give
> those users an anonymous role at the root of the ZODB and then give
> them local roles appropriate to a content maintainer in the folders
> where they're allowed to maintain content?
>
> If so, how would one go about giving a group of people that content
> maintaining role in an area of a site?
> Hmmm, I guess if I could grant a 'role' the local role in those
> areas then I could get what I'm after.
Yes. Have a "ContentMaintainer" role which you give to your users only
locally.
> Would NuxUSerGroups help in this area at all?
It depends, see the use cases on its page. If you have a simple setup
like described above they're probably not needed.
> Do they work with LDAPUserFolder?
No, LDAPUserFolder is not aware of groups. Makina-Corpus however did a
patch for an older version of LDAPUserFolder, which I still haven't
gotten around to updating and integrating in the NuxUserGroups
distribution.
see http://www.makinacorpus.org/index.php/zope/ldapusergroups
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com