[Zope] LDAPUSerFolder permission problem

[Nicholas Watmough]

I'm trying to access the getProperty() method of the LDAPUser class in a 
Python script, in order to access the Active Directory email address of 
the user.

There is no problem with this, if I use the method on the current active 
user. However, it doesn't work when I attempt to use the method on 
another property.

The output of VerboseSecurity is:

*Error Type: Unauthorized*
*Error Value: Your user account does not have the required permission. 
Access to 'getProperty' of nwuser denied. Your user account, abuser, 
exists at /acl_users. Access requires one of the following roles: 
['Manager']. Your roles in this context are ['Anonymous', 
'Authenticated', 'User'].*

It appears that the currently authenticated used has the 'View' 
permission (required to use getProperty) on itself, but not for other 
users. I'm not sure how to change this.

In order to get around this problem, I've tried giving the script a 
Proxy role of Manager. However, when I do this, i get the following 
output from VerboseSecurity:

*Error Type: Unauthorized*
*Error Value: The owner of the executing script is defined outside the 
context of the object being accessed. The script has proxy roles, but 
they do not apply in this context.. Access to 'getProperty' of nwuser 
denied. Access requires one of the following roles: ['Manager']. The 
executing script is (PythonScript at 
/DCARF/Forms/initialContact/initialContact), owned by admin1.
*

**
I'm not sure why this is occurring. Giving the script a proxy role of 
Manager should get around the first problem, but I'm not sure why it 
doesn't.

Any ideas what is causing this?