jacques.champliaud a écrit : > Olivier Grisel <ogrisel at ...> writes: > >> Fabrice Robin a écrit : >> >>> Hi, >>> >>> You will find in attachment my LDAP setup for members and groups. >>> These are the settings for an openldap directory with the use of >>> samba and posix schemas. >>> >>> With these settings, the CPS groups are the system groups used on >>> the network. >>> Any group created through CPS is created in the ZODB (groups_zodb). >> Thanks, I have opened a ticket to add a such a configuration option in > CPSLDAPSetup: >> http://svn.nuxeo.org/trac/pub/ticket/1648 >> >> Don't have time to do it now, though. > > I have tried to make CPSLDAPSetup work, my schemas are derived partly from the > bbs-one's schemas ( which I cannot import (at least easily due to a problem > witha <property name="schemas"/> line in some schemas ) You will need CPS trunk or CPS 3.4.1 (that should get released by the end of the week) to have proper multi schema support for the directories. > In my schemas, objectClass for groups is groupOfUniqueNames > > Three levels of directories for groups: Meta, stack and ldap > Ok it is almost working well : > I get the correct groups name list whit security/Manage Local Roles > > but ... > 1)when the mapping in the metadirectory called groups is set to: > id in groups_stack : uniqueMember <==> id in groups : members > then the members list is correctly displayed in CPS directories view but > a userbeing member of a group with corrects rights on a workspace > can't view this workspace > > 2) when the mapping is set to : > id in groups_stack : uniqueMember <==> id in groups : dummy > then the members list can't be retrieved CPS complains about a > missing members key but a user being member of a group with > corrects rights on a workspace can view it > > Any idea to make this work correctly ? See later. > I had to copy/paste the groups directory to mycompanygroups > and set the mapping to: > id in groups_stack : uniqueMember <==> id in mycompanygroups : members > > This way everything works but the groups membership list. > > names of members in the mycompanygroups's view are correctly displayed > thank's to a external python script called from > portal_schemas/groups_ldap/f__uniqueMember Read > expression:python:portal.members_list(uniqueMember) > members_list being a function accepting a list type argument in the form > ['uid=fname1.name1,ou=people,dc=mycomp,dc=fr', > 'uid=fname2.name2,ou=people,dc=mycomp,dc=fr'] > and returning a list in the form > ['fname1.name1','fname2.name2'] Beware that read_process_expr are not computed in search mode (searchEntries API). That might be related to your problem of having the members of group get the right locaroles. -- Olivier
Hosting: Nuxeo: Zope service provider