[Zope] [HELP] Zope local roles and LDAP Groups

[Mitch Pirtle]

On Tue, 2002-04-02 at 15:37, Jens Vagelpohl wrote:
> you need to follow your steps 1, 2, 3 and 4, but not 5.
>=20
> steps 1-3 are self-explanatory. step 4 is needed because zope has no idea=
=20
> what all these role names mean that might be assigned to a user object=20
> coming from LDAP. zope has no clue what permissions these roles might hav=
e,
>   that's why you need to manually create the role and give it the desired=
=20
> permissions.
>=20
> you do not need to assign any user to any LDAP group because the user wil=
l=20
> have roles corresponding to LDAP group names when the user object gets=20
> instantiated. so the "connection" between user and role is handled by LDA=
P=20
> itself, provided you configured your LDAPUserFolder correctly.

Whoah there, now you're asking for too much -;^>=3D

So basically I recreate (within Zope) any LDAP groups that I want to
use, but the assignment of users to those groups will still be driven
through LDAP.  I feel much better now...

Thanks for the quick answer, I was just working on an LDIF export.  Talk
about timeliness!

--=20

Mitch Pirtle
Corporate Security Officer
K=FChne & Nagel Management AG
Tel: +41 1 786 96 45
Fax: +41 1 786 95 95