[Zope] Map LDAP schema attributes to group

Vecchio, Peppi PVecchio at orangelake.com
Fri Sep 9 14:39:23 EDT 2005


I'd like the best of both worlds.  I'm currently running Python 2.3.5, Zope 2.7.7, and Plone 2.1 (final).  Using LDAPUserFolder (2.5beta2) as the authentication method and it works perfectly.  I'm using LDAPUF as the User Source and User Folder as the Groups Source. It's better for us to manage groups in Plone.  But I'd like a little of the information in Active Directory to help with some "blanket" permissions.

What I have is a folder that contains folders and files that need to be viewed by some personnel of the organization, but not others.  For this, I've created a role called 'Reader' (Reader gets viewing permissions only).  I create a group that I want to view folder A.  At the local level, I assign this group the role 'Reader'.  This will work fine, but I have to manually manage each group.  What I'd like to do is use some of the LDAP schema attributes to act as a condition of permissionship.

I can use this to create a portal tab:

Title		MOD Report 5
Id		folderContent
URL		string:${portal_url}/corporate-reports/operations-reports/
Condition	python: 'CN=MOD Report,CN=Users' in portal.portal_membership.getAuthenticatedMember().getProperty("memberOf")
Permission	View
Category	portal_tabs
Visible? 	checked

This correctly creates the portal tab because the condition in this case is true. But because this member isn't a member of the group that is allowed to view the URL, when I click on the tab I get Insufficient Privileges.  I was hoping there was a way that I could use this Property to map this member to a particular group.  That way everyone that has memberOf - MOD Report in Active Directory would automagically be a member of said group.

I've tried creating an action like this in portal_memberships and portal_groups, trying things like Category - global,folder and user but to no avail.  Does anyone know how I can bind this Member Property to a Group without using LDAPUF as the Group Source?

BTW, I don't want to create a portal tab for each permissioned folder.  I just want to map to the group.


Peppi Vecchio | Web Developer 
TECHNOLOGY SERVICES GROUP 




_________________________________________________________

The information contained in this message is privileged, confidential and 
intended only for use of the individual or entity addressed above.  If you 
have received this communication in error, please immediately notify us
by reply and delete the same.  Thank you. 



More information about the Zope mailing list