[Zope] LDAP - Zope - ACLUsers &- Manage Local Roles

Julian Clark Julian.Clarke at b-online.com.au
Tue Jan 13 20:09:57 EST 2004 

Hi Dieter (and List)
Thanks for your response.

I had tried this, and surprisingly, an overflow error occurred.
This seems a little bizarre, as in the listLocalRoles on the zope 2-3-3
instance, there is no try/except, and this error does not occur.
Is there a way of determining how many results will cause overflow? Or
are there other reasons that overflow occurs?

When I limited LDAP adapter properties to search in the root only, such
that it didn't return any results, no overflow error occurred. Though
obviously this is not the desired situation.

I am of the opinion in the listLocalRoles interface, that a list should
appear of all user-names that should be able to authenticate. This is as
it currently works under the zope 2-3-3 instance. Is there a product
that I should install to trigger this? I've looked against the products
installed on 2-3-3, and there's a pretty minimal set within the products
directory, though I have a feeling that there's products installed
elsewhere. Control Panel >> Products shows more products than are in the
products directory.

According to the LDAP logs, I'm successfully authenticating against the
LDAP server, but I'm still raising unauthorised errors. Unless I set the
security to anonymous (but then - that's not authenticating anything).
Is there something special that I need to do to pass LDAP info back to
zope's security? It has created an acl_users folder where I want it.

Thanks again

Julian Clark




Dieter Maurer wrote:

>Julian Clark wrote at 2004-1-12 12:10 +0800:
>  
>
>>I've recently recreated a zope installation that someone else built, in 
>>the process
>>updating to zope 2.6 from 2.3.3
>>
>>I'm not having much joy with LDAP + local roles upon the manage local 
>>role interface.
>>
>>I've discovered in the dtml source for listLocalRoles there is a 
>>try/except for overflow, which is being caught and therefore not 
>>bringing the list of users up.
>>Does this mean that my ldap server is returning too many results?
>>    
>>
>
>At least this is possible...
>
>You can easily find out: temporarily remove the "try/except"
>and see what happens...
>
>  
>

More information about the Zope mailing list