Aitzol Naberan a écrit :
I need full integration (users, groups and roles) between LDAP and CPS, so I have started playing with CPSLDAPSetup product, and now I'm able to authenticate user agains LDAP (still have some errors, but ...). Next I have started to prepare the directories structure for the groups. I have created a LDAP Backing directory called groups_ldap (with his schema and layout), them I have replaced the original groups directory with another Meta directory called groups. I have added the groups_ldap directory as a Backing and I have mapped the groups_ldap attributes to groups schema.
You probably do not need a MetaDirectory but you need a StackingDirectory to be able to translate primary keys (DN <-> group id).
Well, now I can do searches for groups using the directories search interface (I can ask for a group called 'system', and I get results). If I extend the groups info to see the users of this group, I get a list of 'DN' attributes from LDAP. How can I get usernames?
Hum, this is tricky because DNs do not mean anything to CPS. You could add a computed field that does the translation however but you wont be able to search groups according to their members (computed fields are not evaluated in search mode).
And another question, how can I get groups info for a user? I supose I have to ask to the LDAP server, but I don't know how (a computed attribute in the schema???? )
Currently this is done through read_process_expr-based computed fields in the members schema but this might not be the best solution. Write process expressions might be a better idea.
-- Olivier _______________________________________________ cps-devel mailing list http://lists.nuxeo.com/mailman/listinfo/cps-devel
