[Zope] ldap authentication with apache or LDAPUserFolder?
Marco Bizzarri
m.bizzarri at icube.it
Mon Jul 11 12:56:23 EDT 2005
What I suspect is that you are working with Zope in Remote User Mode.
You can verify this in a very quick way, by looking at your instance
home directory and checking if the access file contains a line like
'admin:' or 'super:' or whatever, but with no password.
Regards
Marco
Tim Suter wrote:
> As some of you know, I am working on an installation of Zope/Zwiki.
> What I have inherited is a 2.5.1 Zope/Zwiki on a Debian box. I am
> wanting to move the data from the 2.5.1 to a 2.8. But here's the
> situation.
>
> At the root of the 2.5.1 install there is an acl_users folder that
> appears to be the LDAPUserFolder authentication mechanism. However,
> upon looking at the apache config on my Debian box you see this:
>
> <VirtualHost X.X.org:80>
> <location /Zope>
> AuthName "Knowledge Access"
> AuthType Basic
> AuthLDAPURL ldap://X.X.org:389/o=X.org?uid?sub?(objectClass=person)
> require group cn=caitstaff,ou=Groups,o=X.org
> </location>
> DocumentRoot /var/www
> ServerName X.X.org
>
> RedirectMatch ^/$ /Zope/
> RewriteEngine on
> RewriteCond %{HTTP:Authorization} ^(.*)
> RewriteRule ^/Zope/(.*) /usr/lib/cgi-bin/Zope/$1 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
>
> </VirtualHost>
>
> I am trying to figure out what is authenticating the user, LDAPUserFolder or the AuthLDAP in Apache?
>
> In the root folder of the 2.5.1 install, there is our knowledge folder, argyle, inventory, a public folder. Those are the custom folders
> we created.
> The Zope install folders are the control panel, temp_folder, Tutorial, test. There is an acl_users folder, but
> it is not the original and has the LDAPUserFolder configuration in it.
>
> After authentication, the user is directed to the index_html which is in the root folder. The links present on this
> page point to our available knowledge bases (the custom folders we created). As well, it has a manage Zope link. Only certain users can access this link.
> Anyone authenticated to the knowledge bases though, can add, edit or delete content.
> This is the preferred method of this application as we want all users here to be able to openly collaborate.
>
> I need to authenticate the same way on the new install as the old one. Here is the dilemma though.
> On the new install of 2.8, it rests on an RHEL4 server. On this apache, I have to use authZLDAP
> as there is a documented bug with RedHat for the AuthLDAP.
>
> There are years of data collected in this knowledge base that I don't want to lose. So I am being
> about as careful as I can be...maybe too careful.
>
> So, question wise...I am wondering what authentication to use. I know that LDAPUserFolder appears
> to be the way to go, but I don't know if that is what is actually happening. By the looks of the above
> apache configuration, could there be some sort of redirection happening?
>
> Tim
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
-------------- next part --------------
A non-text attachment was scrubbed...
Name: m.bizzarri.vcf
Type: text/x-vcard
Size: 328 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20050711/ec1b759a/m.bizzarri.vcf
More information about the Zope
mailing list