On Apr 19, 2006, at 1:23 AM, Damian Georgiou wrote: > Hi, > > I am currently using CPSLDAP for user authentication but required > LDAP to store group information. It has been suggested to me that i > use something else to manage the LDAP group extraction. What should > i use? (CPSLDAP with ? or another solution altogether) The main problem lies in cross references. While it's easy to extract the members of a group from LDAP, it's harder to provide on a member's entry the list of groups she belongs to (and you can't live without that). Of course the problem is the same with the current ZODB/LDAP mixed setup. Take a look in 'members' and 'members_ldap' schemas, you'll see that there is a read-process-expr doing exactly that. Of course it's up to you to adapt this right away to a full LDAP setup, but it's suboptimal (of course this depends on the volume you're after). If you do this, we'd be happy to include It would be much better to have your LDAP server do the job. I'm not knowledgable enough about LDAP, but after a bit of googling, I came to the conclusion that computed attributes aren't part of the standard protocol and come as proprietary extensions/plugins. I found very few info about this overall; please someone correct me if I'm wrong. Hope this helps a little bit. Cheers, --------- Georges Racinet Nuxeo SAS gracinet at nuxeo.com http://nuxeo.com Tel: +33 (0) 1 40 33 71 73
Hosting: Nuxeo: Zope service provider