[Zope] Local Roles via LDAP? NuxUserGroups?

Jens Vagelpohl jens@zope.com
Tue, 16 Jul 2002 07:38:42 -0400


> If I replace the root userfolder of a ZODB with an LDAP User Folder, 
> will I
> still be able to grant local roles to users defined in that user 
> folder in
> certain parts of the tree?

the LDAPUserFolder (and all others AFAIK) have no relation whatsoever 
to the local role mechanism, other than being a source of possible 
user IDs.


> The idea here is that in a CMS, you want some people to only be able 
> to maintain
> content in certain areas of the site. Am I correct in assuming that the
> 'official' way of doing this in Zope is to give those users an 
> anonymous role at
> the root of the ZODB and then give them local roles appropriate to a 
> content
> maintainer in the folders where they're allowed to maintain content?

i don't think there is an "official" way but the pattern you describe 
is very common, yes.


> If so, how would one go about giving a group of people that content 
> maintaining
> role in an area of a site?
> Hmmm, I guess if I could grant a 'role' the local role in those 
> areas then I
> could get what I'm after.

the LDAUserFolder has no built-in idea of "grouping" people, just 
like most other user folders out there. AFAIK at this point the only 
solution is to grant the local roles to individual users.


> Would NuxUSerGroups help in this area at all? Do they work with 
> LDAPUserFolder?

no idea. i have never looked at NuxUserGroups.

jens