[Zope] LDAPUserSatellite - Misunderstood usage?
Jens Vagelpohl
jens at dataflake.org
Tue Oct 5 17:12:49 EDT 2004
> called, so that's not an issue.) I noticed though that it seems in
> LDAPUserSatellite.py, in ``getAdditionalRoles``, it only goes through
> the *roles* that the user object has, and adds more roles that those
> *roles* map to in ``self.groups_map`` (self is the LUS), but it does
> not go through LDAP *groups* that the user has. My LUF gives only
> groups to specific users. I have no Zope roles specifically for my
> groups; it is my intent that the groups map to existing roles like
> 'Manager' in certain contexts.
There's the misunderstanding. The LDAPUserSatellite object has *no idea
whatsoever* which LDAP groups a user happens to be in (meaning the
groups seen from the LDAPUserFolder perspective). It looks at...
- the *Zope Roles* on the user
- LDAP groups the user is a member of underneath the groups search base
defined in the LDAPUserSatellite itself
> Has this been my misunderstanding? Are you supposed to create a Zope
> role for every group in an LUF, and include the trivial mapping from
> the group to the role in the LUF, then just use LUS for adding roles
> based on roles only?
You are not forced to create Zope roles for *every* group found
underneath the group search base in the LDAPUserFolder, but you may.
You use the group mappings to define translations between LDAP groups
and Zope roles. And yes, the LDAPUserSatellite acts on those roles put
on the user by the LDAPUserFolder with the help of those mappings (and
if you define a groups search base in the LDAPUserSatellite it will
pull in those as well in a simplistic "the group names become role
names" fashion).
jens
---------------
Jens Vagelpohl jens at zetwork.com
Software Engineer Zope - done medium rare
Zetwork GmbH http://www.zetwork.com/
More information about the Zope
mailing list