Aitzol Naberan a écrit : > I need full integration (users, groups and roles) between LDAP and CPS, > so I have started playing with CPSLDAPSetup product, and now I'm able to > authenticate user agains LDAP (still have some errors, but ...). Next I > have started to prepare the directories structure for the groups. I have > created a LDAP Backing directory called groups_ldap (with his schema and > layout), them I have replaced the original groups directory with another > Meta directory called groups. I have added the groups_ldap directory as > a Backing and I have mapped the groups_ldap attributes to groups schema. You probably do not need a MetaDirectory but you need a StackingDirectory to be able to translate primary keys (DN <-> group id). > Well, now I can do searches for groups using the directories search > interface (I can ask for a group called 'system', and I get results). If > I extend the groups info to see the users of this group, I get a list of > 'DN' attributes from LDAP. How can I get usernames? Hum, this is tricky because DNs do not mean anything to CPS. You could add a computed field that does the translation however but you wont be able to search groups according to their members (computed fields are not evaluated in search mode). > And another question, how can I get groups info for a user? I supose I > have to ask to the LDAP server, but I don't know how (a computed > attribute in the schema???? ) Currently this is done through read_process_expr-based computed fields in the members schema but this might not be the best solution. Write process expressions might be a better idea. -- Olivier
Hosting: Nuxeo: Zope service provider