I should have tell that: 1- The provided example bbsone-ldap.zip only works with CPSDirectory version from the Trunk SVN. "schemas" property did not exist in MetaDirectory.py from the CPS-3.4.0tagged CPSDirectory version. It had been added later. 2- A patch, provided early on this list, must be installed in order to get/set photo for members. Regards, Fabrice 2006/5/17, jacques. champliaud <jacques.champliaud at free.fr>: > > Olivier Grisel <ogrisel at ...> writes: > > > > > Fabrice Robin a écrit : > > > > > Hi, > > > > > > You will find in attachment my LDAP setup for members and groups. > > > These are the settings for an openldap directory with the use of > > > samba and posix schemas. > > > > > > With these settings, the CPS groups are the system groups used on > > > the network. > > > Any group created through CPS is created in the ZODB > (groups_zodb). > > > > Thanks, I have opened a ticket to add a such a configuration option in > CPSLDAPSetup: > > > > http://svn.nuxeo.org/trac/pub/ticket/1648 > > > > Don't have time to do it now, though. > > I have tried to make CPSLDAPSetup work, my schemas are derived partly from > the > bbs-one's schemas ( which I cannot import (at least easily due to a > problem > witha <property name="schemas"/> line in some schemas ) > In my schemas, objectClass for groups is groupOfUniqueNames > > Three levels of directories for groups: Meta, stack and ldap > Ok it is almost working well : > I get the correct groups name list whit security/Manage Local Roles > > but ... > 1)when the mapping in the metadirectory called groups is set to: > id in groups_stack : uniqueMember <==> id in groups : members > then the members list is correctly displayed in CPS directories view but > a userbeing member of a group with corrects rights on a workspace > can't view this workspace > > 2) when the mapping is set to : > id in groups_stack : uniqueMember <==> id in groups : dummy > then the members list can't be retrieved CPS complains about a > missing members key but a user being member of a group with > corrects rights on a workspace can view it > > Any idea to make this work correctly ? > > I had to copy/paste the groups directory to mycompanygroups > and set the mapping to: > id in groups_stack : uniqueMember <==> id in mycompanygroups : members > > This way everything works but the groups membership list. > > names of members in the mycompanygroups's view are correctly displayed > thank's to a external python script called from > portal_schemas/groups_ldap/f__uniqueMember Read > expression:python:portal.members_list(uniqueMember) > members_list being a function accepting a list type argument in the form > ['uid=fname1.name1,ou=people,dc=mycomp,dc=fr', > 'uid=fname2.name2,ou=people,dc=mycomp,dc=fr'] > and returning a list in the form > ['fname1.name1','fname2.name2'] > (curiously this function is called 10 times by cps when listing > the members of a group,no matter the number of members this group > contains.) > these 10 times being made of 5 times two calls, first call with the real > list > (uid=...) second call with the returned list to the first call > (I'm not sure I'm clear) > > > CPSMailaccess works too. > my webmail config: > Access field (field:value) : WebmailAllow:allow > > WebmailAllow is a Directory string ldap attribute created for this > purpose and containing the word "allow" if the user can use the webmail > > but you can set a simpler condition if you don't mind giving the > webmail access to all of you users, for instance: > Access field (field:value) : uid:!a_dummy_string_that_is_not_a_real_uid > be prepared to use the undo button when playing with this condition as cps > breaks and there's no way to get back to the webmail config form. > > > > > > > > > > > > _______________________________________________ > cps-devel mailing list > http://lists.nuxeo.com/mailman/listinfo/cps-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.nuxeo.com/pipermail/cps-devel/attachments/20060517/3f7a74da/attachment.html
Hosting: Nuxeo: Zope service provider