[Zope] LDAPUserFolder Question

Jens Vagelpohl jens@zope.com
Thu, 22 Aug 2002 13:06:17 -0400 

scott,

all groups should show up. the problem is that none of them is checked,=20=

meaning the user folder could not determine membership in any of them. =
that=20
means the user has no roles and is no good as far as authentication =
goes..
.

anonymous access to LDAP will affect you if there are any special access=20=

controls in place on your directory server. it might be that you have no=20=

permission to look up the group membership information.

jens


On Thursday, August 22, 2002, at 12:19 , Meilicke, Scott wrote:

> There are 8 groups associated.=A0 =46rom the web page after clicking =
on the=20
> user entry:
>
> LDAP Groups for cn=3DScott.Meilicke,cn=3DRecipients,ou=3DNorth America =
3,o=3DCrane
>
> Then a list of eight groups.
>
> However, on the exchange server, there are only 8 non-hidden =
distributions=20
> lists (groups), and this user only belongs to a few of them, but not =
all.
> =A0 Yet the web page shows all the groups listed.=A0 Also, none of the =
check=20
> boxes next to any of the groups are checked - should the groups the =
user=20
> belongs to be checked?=A0
>
> Something that just came to mind - I'm using anonymous access to the =
LDAP=20
> directory.=A0 Would that affect user authentication?
>
> Thanks for your continued help Jens.
> =A0- Scott
>
> -----Original Message-----
> From: Jens Vagelpohl [mailto:jens@zope.com]
> Sent: Wednesday, August 21, 2002 8:25 PM
> To: Meilicke, Scott
> Cc: 'zope@zope.org'
> Subject: Re: [Zope] LDAPUserFolder Question
>
>
> does that user record have any groups associated with it? search for =
it
> again and then click on it to get the detailed view. it seems that it =
does
> not have any group association, which makes that lookup fail during
> authentication.
>
> jens
>
>
> On Wednesday, August 21, 2002, at 10:32 , Meilicke, Scott wrote:
>
> > (9) Aug 21 07:27:53: scott.meilicke not found (getUser)
> >
> > More info:
> >
> > When I do a search for meilicke against the cn within the users tab:
> >
> > cn=3DScott.Meilicke,cn=3DRecipients,ou=3DNorth America 3,o=3DCrane
> >
> > I am using:
> >
> > cn=3DRecipients,ou=3DNorth America 3,o=3DCrane
> >
> > as the Users Base DN.
> >
> > When I change Login Name Attribute from cn to sn and try to login I =
get=20
> a
> > traceback from zope, attached below.=A0 No entry in the =
LDAPUserFolder log.
> >
> > Thanks for helping out.
> >
> > Traceback:
> >
> > Zope has encountered an error while publishing this resource.
> >
> > Error Type: INAPPROPRIATE_AUTH
> > Error Value: {'desc': 'Inappropriate authentication'}
> >
> > Troubleshooting Suggestions
> >
> >=A0=A0=A0=A0 * The URL may be incorrect.
> >=A0=A0=A0=A0 * The parameters passed to this resource may be =
incorrect.
> >=A0=A0=A0=A0 * A resource that this resource relies on may be =
encountering an=20
> error.
> >
> > For more detailed information about the error, please refer to the =
HTML
> > source for this page.
> >
> > If the error persists please contact the site maintainer. Thank you =
for
> > your
> > patience.
> >
> > Traceback (innermost last):
> >=A0=A0 File D:\PROGRA~1\inside\lib\python\ZPublisher\Publish.py, line =
223, in
> > publish_module
> >=A0=A0 File D:\PROGRA~1\inside\lib\python\ZPublisher\Publish.py, line =
187, in
> > publish
> >=A0=A0 File D:\PROGRA~1\inside\lib\python\Zope\__init__.py, line 226, =
in
> > zpublisher_exception_hook
> >=A0=A0=A0=A0 (Object: portal_ldap)
> >=A0=A0 File D:\PROGRA~1\inside\lib\python\ZPublisher\Publish.py, line =
162, in
> > publish
> >=A0=A0 File D:\PROGRA~1\inside\lib\python\ZPublisher\BaseRequest.py, =
line 450,
> >=A0 in
> > traverse
> >=A0=A0 File
> > =
D:\PROGRA~1\inside\lib\python\Products\LDAPUserFolder\LDAPUserFolder.py,
> > line 614, in validate
> >=A0=A0=A0=A0 (Object: acl_users)
> >=A0=A0 File D:\PROGRA~1\inside\lib\python\AccessControl\User.py, line =
616, in
> > validate
> >=A0=A0=A0=A0 (Object: acl_users)
> >=A0=A0 File
> > =
D:\PROGRA~1\inside\lib\python\Products\LDAPUserFolder\LDAPUserFolder.py,
> > line 594, in authenticate
> >=A0=A0=A0=A0 (Object: acl_users)
> >=A0=A0 File
> > =
D:\PROGRA~1\inside\lib\python\Products\LDAPUserFolder\LDAPUserFolder.py,
> > line 505, in getUser
> >=A0=A0=A0=A0 (Object: acl_users)
> >=A0=A0 File
> > =
D:\PROGRA~1\inside\lib\python\Products\LDAPUserFolder\LDAPUserFolder.py,
> > line 262, in _lookupuser
> >=A0=A0=A0=A0 (Object: acl_users)
> >=A0=A0 File
> > =
D:\PROGRA~1\inside\lib\python\Products\LDAPUserFolder\LDAPUserFolder.py,
> > line 845, in _searchResults
> >=A0=A0=A0=A0 (Object: acl_users)
> > INAPPROPRIATE_AUTH: (see above)
> >
> >
> > -----Original Message-----
> > From: Jens Vagelpohl [mailto:jens@zope.com]
> > Sent: Wednesday, August 21, 2002 4:57 AM
> > To: Meilicke, Scott
> > Cc: 'zope@zope.org'
> > Subject: Re: [Zope] LDAPUserFolder Question
> >
> >
> > could you provide the exact text of the log entry that says =
"First.Last=20
> not
> > found"? that enables me to check where in the code it failed.
> >
> > jens
> >
> >
> > On Tuesday, August 20, 2002, at 07:07 , Meilicke, Scott wrote:
> >
> >> Hi - I am trying to authenticate against LDAPUserFolder 1.5.=A0 I'm =
using
> >> a
> >> MS
> >> Exchange 5.5 directory (I know, I know...).=A0 I can connect, and =
search=20
> for
> >> members based on both the cn and sn, but can't authenticate using =
CMF=20
> 1.
> >> 1
> >> and the CMFLDAP tools.=A0=A0 I'm trying to authenticate using the =
cn.=A0 When
> >> I
> >> do
> >> a search, the cn shows as First.Last.=A0 When I try to logon using
> >> First.Last,
> >> I get a logon failure, and the log set at debugging level(9) shows
> >> First.Last not found.
> >>
> >> Any thoughts on being able to authenticate?
> >>
> >> Thanks - Scott
> >>
> > The information contained in this email message may be privileged =
and is
> > confidential information intended only for the use of the recipient =
or=20
> any
> > employee or agent responsible for delivering it to the intended=20
> recipient.
> > Any unauthorized use, distribution or copying of this information is
> > strictly prohibited and may be unlawful.=A0 If you have received =
this
> > communication in error, please notify the sender immediately and =
destroy
> > the
> > original message and all attachments from your electronic files.
> >
> > _______________________________________________
> > Zope maillist=A0 -=A0 Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **=A0=A0 No cross posts or HTML encoding!=A0 **
> > (Related lists -
> >=A0 http://lists.zope.org/mailman/listinfo/zope-announce
> >=A0 http://lists.zope.org/mailman/listinfo/zope-dev )
> The information contained in this email message may be privileged and =
is=20
> confidential information intended only for the use of the recipient or =
any=20
> employee or agent responsible for delivering it to the intended =
recipient.
> =A0 Any unauthorized use, distribution or copying of this information =
is=20
> strictly prohibited and may be unlawful.=A0 If you have received this=20=

> communication in error, please notify the sender immediately and =
destroy=20
> the original message and all attachments from your electronic files.
>