[Zope] Re: Manager DN Specification
Jens Vagelpohl
jens@ZOPE.COM
Wed, 26 Feb 2003 07:58:22 -0500
all the guidance you need is in the help pages for the LDAPUserFolder
in zope's help system. please make use of them.
basically, if you give no manager DN then the current logged-in user DN
is used to bind for any operation. should the currently logged-in user
*not* be from the LDAPUserFolder you will bind anonymously to the
directory.
whether these bindings will allow you to manipulate records is
completely up to your LDAP server configuration.
jens
On Wednesday, Feb 26, 2003, at 04:52 US/Eastern, Krishna wrote:
> Thanks for your help !! ... With the information you gave me I could
> authenticate / add and delete users.
>
> Below is the complete list of LDAP ACLs I have currently active.
>
>
> **************************************************
> defaultaccess read
> access to dn="ou=People,dc=mysite,dc=com"
> by dn="uid=zeo,ou=People,dc=mysite,dc=com" write
> by * read
> access to dn="ou=zope-grps,dc=mysite,dc=com"
> by dn="uid=zeo,ou=People,dc=mysite,dc=com" write
> by * read
> access to filter="objectclass=cdObject"
> by dn="uid=zeo,ou=People,dc=mysite,dc=com" write
> by * read
> access to attr=userpassword
> by self write
> by * read
> access to *
> by * read
> *********************************************************
>
> I also provided the Manager Dn in the LDAP user folder as...
> cn=Manager,dc=mysite,dc=com
>
>
> Now with all these settings i can successfully add / modify / delete /
> authenticate the relevant users.
>
> But what I need to know is .....do we need the Manager DN/passwd
> within the LDAP user folder??... In fact, the manager should only be
> used for server administrative tasks, we use it to get system
> account information into the LDAP directory.
>
> I need to know if there is a way for me to achieve the same WITHOUT
> specifying the Manager DN within the LDAPUserFolder !!!! .... would be
> helpful if I get some guidance :-) ...!!!!
>
> Thanks once again,
>
> Kris :-)
>