Olivier Grisel <[EMAIL PROTECTED]> writes: > > Fabrice Robin a écrit : > > > Hi, > > > > You will find in attachment my LDAP setup for members and groups. > > These are the settings for an openldap directory with the use of > > samba and posix schemas. > > > > With these settings, the CPS groups are the system groups used on > > the network. > > Any group created through CPS is created in the ZODB (groups_zodb). > > Thanks, I have opened a ticket to add a such a configuration option in CPSLDAPSetup: > > http://svn.nuxeo.org/trac/pub/ticket/1648 > > Don't have time to do it now, though.
I have tried to make CPSLDAPSetup work, my schemas are derived partly from the bbs-one's schemas ( which I cannot import (at least easily due to a problem witha <property name="schemas"/> line in some schemas ) In my schemas, objectClass for groups is groupOfUniqueNames Three levels of directories for groups: Meta, stack and ldap Ok it is almost working well : I get the correct groups name list whit security/Manage Local Roles but ... 1)when the mapping in the metadirectory called groups is set to: id in groups_stack : uniqueMember <==> id in groups : members then the members list is correctly displayed in CPS directories view but a userbeing member of a group with corrects rights on a workspace can't view this workspace 2) when the mapping is set to : id in groups_stack : uniqueMember <==> id in groups : dummy then the members list can't be retrieved CPS complains about a missing members key but a user being member of a group with corrects rights on a workspace can view it Any idea to make this work correctly ? I had to copy/paste the groups directory to mycompanygroups and set the mapping to: id in groups_stack : uniqueMember <==> id in mycompanygroups : members This way everything works but the groups membership list. names of members in the mycompanygroups's view are correctly displayed thank's to a external python script called from portal_schemas/groups_ldap/f__uniqueMember Read expression:python:portal.members_list(uniqueMember) members_list being a function accepting a list type argument in the form ['uid=fname1.name1,ou=people,dc=mycomp,dc=fr', 'uid=fname2.name2,ou=people,dc=mycomp,dc=fr'] and returning a list in the form ['fname1.name1','fname2.name2'] (curiously this function is called 10 times by cps when listing the members of a group,no matter the number of members this group contains.) these 10 times being made of 5 times two calls, first call with the real list (uid=...) second call with the returned list to the first call (I'm not sure I'm clear) CPSMailaccess works too. my webmail config: Access field (field:value) : WebmailAllow:allow WebmailAllow is a Directory string ldap attribute created for this purpose and containing the word "allow" if the user can use the webmail but you can set a simpler condition if you don't mind giving the webmail access to all of you users, for instance: Access field (field:value) : uid:!a_dummy_string_that_is_not_a_real_uid be prepared to use the undo button when playing with this condition as cps breaks and there's no way to get back to the webmail config form. _______________________________________________ cps-devel mailing list http://lists.nuxeo.com/mailman/listinfo/cps-devel
