I've configured mine to include these settings: LDAPUserFolder at /zport/acl_users/ActiveDirectory/acl_users
Configure Tab: Login Name Attribute: Windows Login Name (sAMAccountName) User ID Atribute: Windows Login Name (sAMAccountName) RDN Attribute: Windows Login Name (sAMAccountName) Default User Roles: ZenUser Check Manager DN to Read-only (so you don't write anything to your AD) LDAP Schema Tab: Add a new item. LDAP Attribute Name: mail Friendly Name: email Map to Name: email This will fill in the email field, with the users email, when their account is created on their first successful login. Groups Tab If you've configured Groups to be managed through AD, create the appropriate group mapping here. LDAP Group (sysadmins or whatever group you use) and map the zope role to whatever Zope Role you want them to have. ActiveDirectory Multi Plugin at /zport/acl_users/ActiveDirectory Activate Tab Check: Authentication Properties Groups (if you want groups managed through LDAP) Roles User_Enumeration Properties Tab These settings may vary for your AD setup, but these worked for me. Also, you won't need to configure this if you're not managing groups through AD. group_attr: cn grouptitle_attr: name group_class: group group_recurse: 1 group_recurse_depth: 1 These are settings that have worked for me. They may not be accurate for your setup, so use at your own risk. Good luck! -------------------- m2f -------------------- Read this topic online here: http://community.zenoss.com/forums/viewtopic.php?p=23450#23450 -------------------- m2f -------------------- _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
