[Zope] Local Roles via LDAP? NuxUserGroups?

Florent Guillaume fg@nuxeo.com
Sun, 21 Jul 2002 18:40:02 +0200


In article <3D33B35D.18DBD26D@nipltd.com> you write:
> If I replace the root userfolder of a ZODB with an LDAP User Folder,
> will I still be able to grant local roles to users defined in that
> user folder in certain parts of the tree?

Sure, why not? It's just a User Folder.

> The idea here is that in a CMS, you want some people to only be able
> to maintain content in certain areas of the site. Am I correct in
> assuming that the 'official' way of doing this in Zope is to give
> those users an anonymous role at the root of the ZODB and then give
> them local roles appropriate to a content maintainer in the folders
> where they're allowed to maintain content?
> 
> If so, how would one go about giving a group of people that content
> maintaining role in an area of a site?
> Hmmm, I guess if I could grant a 'role' the local role in those
> areas then I could get what I'm after.

Yes. Have a "ContentMaintainer" role which you give to your users only
locally.

> Would NuxUSerGroups help in this area at all?

It depends, see the use cases on its page. If you have a simple setup
like described above they're probably not needed.

> Do they work with LDAPUserFolder?

No, LDAPUserFolder is not aware of groups. Makina-Corpus however did a
patch for an older version of LDAPUserFolder, which I still haven't
gotten around to updating and integrating in the NuxUserGroups
distribution.

see http://www.makinacorpus.org/index.php/zope/ldapusergroups


Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg@nuxeo.com