[Zope] Aquisition, UserFolder and security
Jens Vagelpohl
jens at dataflake.org
Tue Sep 27 06:28:36 EDT 2005
On 27 Sep 2005, at 11:17, bruno modulix wrote:
>> A normal pattern to use here would be to have one central user folder
>> (e.g. at the root) and work with local roles in the sub-portals
>> instead
>> of having several user folders.
>>
>
> I know, but I don't think it will possible here (this is an
> euphemism).
> The UserFolder is a LDAPUserGroupsFolder, users data are stored in a
> LDAP directory, with one branch for each CPS instance, and some user
> data and schema varying from one branch to another. We don't have the
> possibility to change this (it's part of a bigger system), and we
> don't
> have the time to rewrite a custom LDAPUserFolder that could accomodate
> this LDAP schema (this project was already very late when we took
> on it
> and we have a *very* tight deadline - I hate this situation, but I
> have
> to deal with it...). Any robust solution, as hackish as it may be,
> will
> be just fine, as long as we deliver on time.
No idea what "LDAPUserGroupsFolder" is or what it does, but for the
standard LDAPUserFolder product you would instantiate a
LDAPUserSatellite object in the subportals that would be configured
to look up LDAP groups in specific DIT branches and convert them to
user roles. The "central" user folder would not hand out any roles
itself, it's only for authentication purposes in this setup.
And no, this has nothing to do with group memberships as defined by
whatever group-supporting user folders you use.
jens
More information about the Zope
mailing list