Le 10 mai 2006, à 17:59, Olivier Grisel a écrit :
Aitzol Naberan a écrit :
I need full integration (users, groups and roles) between LDAP and
CPS,
so I have started playing with CPSLDAPSetup product, and now I'm able
to
authenticate user agains LDAP (still have some errors, but ...). Next
I
have started to prepare the directories structure for the groups. I
have
created a LDAP Backing directory called groups_ldap (with his schema
and
layout), them I have replaced the original groups directory with
another
Meta directory called groups. I have added the groups_ldap directory
as
a Backing and I have mapped the groups_ldap attributes to groups
schema.
You probably do not need a MetaDirectory but you need a
StackingDirectory to be able to translate primary keys (DN <-> group
id).
Congrats anyway, you've come a long way. Just being curious:
which objectClass do you use for groups, is it groupOfNames ?
what's your plan for roles wrt to LDAP schemas ?
Well, now I can do searches for groups using the directories search
interface (I can ask for a group called 'system', and I get results).
If
I extend the groups info to see the users of this group, I get a list
of
'DN' attributes from LDAP. How can I get usernames?
Hum, this is tricky because DNs do not mean anything to CPS. You could
add a computed field that does the translation however but you wont be
able to search groups according to their members (computed fields are
not evaluated in search mode).
And another question, how can I get groups info for a user? I supose I
have to ask to the LDAP server, but I don't know how (a computed
attribute in the schema???? )
Currently this is done through read_process_expr-based computed fields
in the members schema but this might not be the best solution. Write
process expressions might be a better idea.
And the other way round in the pure ZODB setup... There's also a write
process expression in those default setups: if you change the groups on
the user's entry, this will update the corresponding groups directory
entries.
The methods doing this synthesis are defined and registered here:
https://svn.nuxeo.org/pub/CPSDirectory/trunk/FieldNamespace.py
About a pure write expression solution, I don't remember much of what
we said about it, Olivier, was there more to it than just avoiding the
search on read-proccess fields ?
Needless to say, if you've come to a satisfactory setup, we'd be more
than happy to integrate it in CPSLDAPSetup.
_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel
