[Zope3-Users] ldappas "group search base" does nothing

[Chris Stoyles]

Hi guys,

I'm working on a zope3 application at present, and have configured the
default site via the ZMI with a pluggable authentication utility which is
using ldappas and ldapadapter to authenticate against my OpenLDAP server. I
can successfully search for, and grant users within my LDAP directory roles,
however the "group search base" in the ldappas authentication plugin appears
to do nothing. For example, my configuration is as follows:

----------
Search base: ou=users,dc=openldap,dc=example,dc=com
Search scope: sub

Group search base: ou=groups,dc=openldap,dc=example,dc=com
Group search scope: sub
----------

I have two groups which exist, and their objectClass type is groupOfNames
(or groupOfUniqueNames) - I have tried both...

None of the my groups show up in the grant search screen...only users.

I've looked inside ldappas\authentication.py at the search method, which has
the following two lines which worry me a bit:

----------
res = conn.search(self.searchBase, self.searchScope, filter=filter,
                              attrs=[self.idAttribute])
----------

It looks like it will only ever search for users as principals, and never
groups. This doesn't seem right to me, but then again I might just be doing
something wrong. Is anyone able to help me get users and groups working
properly so that I can assign roles to both...and if I assign a role to a
group, have all members of that group "inherit" the role.

I am a bit new to all of this, so I may not have explained myself too
well...

Thank you!
Chris Stoyles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope3-users/attachments/20081203/ebe07424/attachment.html