[Zope] LDAPUserSatellite - Misunderstood usage?

Jens Vagelpohl jens at dataflake.org
Tue Oct 5 17:12:49 EDT 2004


> called, so that's not an issue.)  I noticed though that it seems in
> LDAPUserSatellite.py, in ``getAdditionalRoles``, it only goes through
> the *roles* that the user object has, and adds more roles that those
> *roles* map to in ``self.groups_map`` (self is the LUS), but it does
> not go through LDAP *groups* that the user has.  My LUF gives only
> groups to specific users.  I have no Zope roles specifically for my
> groups; it is my intent that the groups map to existing roles like
> 'Manager' in certain contexts.

There's the misunderstanding. The LDAPUserSatellite object has *no idea 
whatsoever* which LDAP groups a user happens to be in (meaning the 
groups seen from the LDAPUserFolder perspective). It looks at...

- the *Zope Roles* on the user
- LDAP groups the user is a member of underneath the groups search base 
defined in the LDAPUserSatellite itself


> Has this been my misunderstanding?  Are you supposed to create a Zope
> role for every group in an LUF, and include the trivial mapping from
> the group to the role in the LUF, then just use LUS for adding roles
> based on roles only?

You are not forced to create Zope roles for *every* group found 
underneath the group search base in the LDAPUserFolder, but you may. 
You use the group mappings to define translations between LDAP groups 
and Zope roles. And yes, the LDAPUserSatellite acts on those roles put 
on the user by the LDAPUserFolder with the help of those mappings (and 
if you define a groups search base in the LDAPUserSatellite it will 
pull in those as well in a simplistic "the group names become role 
names" fashion).

jens


---------------

Jens Vagelpohl			jens at zetwork.com
Software Engineer			Zope - done medium rare
Zetwork GmbH				http://www.zetwork.com/



More information about the Zope mailing list