[Zope-dev] LDAPRoleTwiddler / BasicUserFolder

Dirk Datzert dirk.datzert@tks-rasselstein.thyssenkrupp.com
Thu, 17 Oct 2002 18:06:09 +0200


Hi Shane,

thanks for answering.

> >>
> >> Maybe I'm think too complicated, Your opinion ?
> 
> The idea behind LDAPRoleExtender is to give the user global roles if the
> 
> I don't know anything about LDAPRoleTwiddler.  But I would recommend you
> install the VerboseSecurity product, which will tell you a lot more
> about the Unauthorized error.

The LDAPRoleTwiddler (LRT) should act as a LDAPUserFolder (LUF). He uses
a LUF
or a LRT in upper directory to retrieve the user data and changes the
roles
he got there depending on group-to-role mapping.

example:

user has following LDAP groups dir1_VISITOR, dir2_AUTHOR

/acl_users (LUF)
/dir1/acl_users (LRT) map dir1_VISITOR to role Visitor
/dir2/acl_users (LRT) map dir2_AUTHOR to role Author

the user has the roles Anonymous,Authenticated and Visitor in dir1.
the user has the roles Anonymous,Authenticated and Author in dir2.
the user has the roles Anonymous,Authenticated in alle other dirs.

> 
> And if you're interested, I know how we can make LDAPRoleExtender much
> safer, based on conversations with Jens.
> 
Sure I'm interessted.

Regards,
Dirk