Hi Jens, > > Hi, > > > > I'm looking for a zope product that enables me to use our Active > > Directory LDAP server for verification of login credentials only. > > I want users still stored in Zope, and access to > directories should be > > also something I can handle in Zope, and I don't want to use LDAP > > groups > > because I don't control the LDAP server and there are no > groups on the > > LDAP server I can use. > > > > So really, all I want is that Zope checks the passwords > with the LDAP > > server instead of with it's own userfolder. > > And perhaps, a possibility to check/search for the available > > loginnames > > on the LDAP server when adding a user to the userfolder. > > > > I've checked out LDAPUserFolder but that's not what I'm > looking for (I > > think...). > > I'd say "start coding". There is nothing that fits your (somewhat > strange) requirements. I would suggest you modify those requirements > to come up with a saner plan. Could it be you're thinking too > much in > terms of specific implementation and too little in terms of what the > underlying goals are? > > First of all, what do you gain from "storing users in Zope"? Is your > real goal to make sure only a subset of users from LDAP can access > your site? That goal is easily fulfilled by configuring the > LDAPUserFolder to store role information on the user folder and > disregard the LDAP server. Then you just secure your site by > requiring a certain role and only give that role to the subset of > users you want to let in. > > jens
Andreas warned me not to step on your toes ... ;-) I didn't mean to put LDAPUserFolder down but it felt like using a canonball to kill a mosquito (famous Dutch saying) Well I did say I *thought* LDAPUserFolder was not what I was looking for. But since you are the expert on LDAPUserFolder I think I should take that back. What you describe, is what I want to do .. but I thought it would be necessary to store the users in zope to be able to form groups in zope... Perhaps I would have figured it out myself if I was able to get LDAPUserFolder to work but I think I'm missing something... (well actually I'm missing a lot... I don't know much about LDAP so "start coding" is probably not a good idea...) Here is my situation at this moment: I have LDAPUserFolder working in a sense that I can search for users (and find the ldap entries) when I'm in the LDAPUserFolder - Users tab. So far so good. But when I limit access to a folder (in the Security tab on zope) to for example authenticated users and I try to logon to that folder, after authenticating (using the correct LDAP username and password) I get an error that doesn't make sense to me. Googling does not bring a solution. The error is: "TypeError len() of unsized object". (Using wrong (LDAP) credentials get's me a "You are not authorized to access this resource. Username and password are not correct." message.) On the same folder this problem does not occur when I use a native zope user to logon. I'm using on Windows XP Zope 2.7.2-0, python 2.3.5, win32 LDAPUserFolder 2.6 OpenLDAP 2.3.11 And I allso tested on Windows XP with Plone 2.1.1 (is with Zope 2.7.8-final, python 2.3.5, win32) LDAPUserFolder 2.6 OpenLDAP 2.3.11 Do you have any idea what I'm doing wrong? Thanks in advance, Ria _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
