Hi Shane,

thanks for answering.

> >>
> >> Maybe I'm think too complicated, Your opinion ?
> 
> The idea behind LDAPRoleExtender is to give the user global roles if the
> 
> I don't know anything about LDAPRoleTwiddler.  But I would recommend you
> install the VerboseSecurity product, which will tell you a lot more
> about the Unauthorized error.

The LDAPRoleTwiddler (LRT) should act as a LDAPUserFolder (LUF). He uses
a LUF
or a LRT in upper directory to retrieve the user data and changes the
roles
he got there depending on group-to-role mapping.

example:

user has following LDAP groups dir1_VISITOR, dir2_AUTHOR

/acl_users (LUF)
/dir1/acl_users (LRT) map dir1_VISITOR to role Visitor
/dir2/acl_users (LRT) map dir2_AUTHOR to role Author

the user has the roles Anonymous,Authenticated and Visitor in dir1.
the user has the roles Anonymous,Authenticated and Author in dir2.
the user has the roles Anonymous,Authenticated in alle other dirs.

> 
> And if you're interested, I know how we can make LDAPRoleExtender much
> safer, based on conversations with Jens.
> 
Sure I'm interessted.

Regards,
Dirk

_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to