<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7233.28">
<TITLE>RE: [Zope-PAS] groups/roles and PAS</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText55043 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2><FONT
face="Times New Roman">PERFECT!<BR>Ben, you are awesome - I really struggled
with this!<BR>Thanks!<BR><BR>One thing to note, after following your directions
I got an error after<BR>the new role-type tried to add content, even though
permissions seemed<BR>high enough in the folderish object, I had to adjust the
privies up on<BR>the portal_workflows (workflows>plone_workflow>published
(and<BR>visible)>Permissions).<BR>It seems because we adjusted out workflow
so docs go straight to<BR>"published", the default permissions in the workflows
had to be adjusted<BR>as well.<BR>All so simple, why couldn't I figure this one
out?<BR>Andy Mrozkowski</FONT><BR></FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Ben Mason
[mailto:ben@sharkbyte.co.uk]<BR><B>Sent:</B> Wed 7/19/2006 5:38 PM<BR><B>To:</B>
Mrozkowski, Andy; zope-pas@zope.org<BR><B>Subject:</B> RE: [Zope-PAS]
groups/roles and PAS<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Andy,<BR><BR>Add the role using the role manager plugin within
PAS as well as the<BR>security tab on the plone root.<BR><BR>You should then be
able to map these roles within the LDAP Multi
Plugin.<BR><BR>Ben<BR><BR>-----Original Message-----<BR>From:
zope-pas-bounces@zope.org [<A
href="mailto:zope-pas-bounces@zope.org">mailto:zope-pas-bounces@zope.org</A>]
On<BR>Behalf Of Mrozkowski, Andy<BR>Sent: 19 July 2006 18:22<BR>To:
zope-pas@zope.org<BR>Subject: [Zope-PAS] groups/roles and PAS<BR><BR>I have
searched and posted in plone-users and I can't find an answer to<BR>this
question on using PAS and ldap:<BR>How do you add custom zope roles, and then
map them to ldap groups?<BR><BR>I work in a university setting and have the need
for finer grained<BR>role-control..<BR><BR>Thanks!<BR>Andy<BR><BR>Plone
2.5<BR>Zope 2.8.7<BR>python 2.3.5<BR>python-ldap<BR>ldapUserfolder 2.7
beta<BR>ldapMultiPlugins 1.2<BR>Fedora Core 4 server @ <A
href="http://thewell.mhc.edu">http://thewell.mhc.edu</A><BR><BR>background:<BR>I
have an acl_users folder (PAS) in my Plone site and inside that, I<BR>have an
LDAPMultiPlugin. Inside the plug-in is an LDAPUserFolder. I feel<BR>that it is
configured correctly because all my domain un/pw's work, and<BR>I can search for
users and list all my groups.<BR><BR>I figured out that it is preferable to map
my LDAP groups to Zope roles<BR>by using the portal_role_manager, and it is
working - as long as I use<BR>the built-in Zope roles.<BR><BR>My requirement is
to add custom roles within Zope and map my LDAP roles<BR>to those.<BR><BR>In the
past I added custom roles from the security tab at the root of my<BR>Plone site.
This method does not seem to work anymore. What is the<BR>preferred method of
adding custom Zope roles and mapping them to
LDAP<BR>groups?<BR></FONT></P></DIV>
</BODY>
</HTML>