1- The provided example bbsone-ldap.zip only works with CPSDirectory version from the Trunk SVN.
"schemas" property did not exist in MetaDirectory.py from the CPS-3.4.0 tagged CPSDirectory version. It had been added later.
2- A patch, provided early on this list, must be installed in order to get/set photo for members.
Regards,
Fabrice
2006/5/17, jacques. champliaud <
[EMAIL PROTECTED]>:
Olivier Grisel <[EMAIL PROTECTED]> writes:
>
> Fabrice Robin a écrit :
>
> > Hi,
> >
> > You will find in attachment my LDAP setup for members and groups.
> > These are the settings for an openldap directory with the use of
> > samba and posix schemas.
> >
> > With these settings, the CPS groups are the system groups used on
> > the network.
> > Any group created through CPS is created in the ZODB (groups_zodb).
>
> Thanks, I have opened a ticket to add a such a configuration option in
CPSLDAPSetup:
>
> http://svn.nuxeo.org/trac/pub/ticket/1648
>
> Don't have time to do it now, though.
I have tried to make CPSLDAPSetup work, my schemas are derived partly from the
bbs-one's schemas ( which I cannot import (at least easily due to a problem
witha <property name="schemas"/> line in some schemas )
In my schemas, objectClass for groups is groupOfUniqueNames
Three levels of directories for groups: Meta, stack and ldap
Ok it is almost working well :
I get the correct groups name list whit security/Manage Local Roles
but ...
1)when the mapping in the metadirectory called groups is set to:
id in groups_stack : uniqueMember <==> id in groups : members
then the members list is correctly displayed in CPS directories view but
a userbeing member of a group with corrects rights on a workspace
can't view this workspace
2) when the mapping is set to :
id in groups_stack : uniqueMember <==> id in groups : dummy
then the members list can't be retrieved CPS complains about a
missing members key but a user being member of a group with
corrects rights on a workspace can view it
Any idea to make this work correctly ?
I had to copy/paste the groups directory to mycompanygroups
and set the mapping to:
id in groups_stack : uniqueMember <==> id in mycompanygroups : members
This way everything works but the groups membership list.
names of members in the mycompanygroups's view are correctly displayed
thank's to a external python script called from
portal_schemas/groups_ldap/f__uniqueMember Read
_expression_:python:portal.members_list(uniqueMember)
members_list being a function accepting a list type argument in the form
['uid=fname1.name1,ou=people,dc=mycomp,dc=fr',
'uid=fname2.name2,ou=people,dc=mycomp,dc=fr']
and returning a list in the form
['fname1.name1','fname2.name2']
(curiously this function is called 10 times by cps when listing
the members of a group,no matter the number of members this group
contains.)
these 10 times being made of 5 times two calls, first call with the real list
(uid=...) second call with the returned list to the first call
(I'm not sure I'm clear)
CPSMailaccess works too.
my webmail config:
Access field (field:value) : WebmailAllow:allow
WebmailAllow is a Directory string ldap attribute created for this
purpose and containing the word "allow" if the user can use the webmail
but you can set a simpler condition if you don't mind giving the
webmail access to all of you users, for instance:
Access field (field:value) : uid:!a_dummy_string_that_is_not_a_real_uid
be prepared to use the undo button when playing with this condition as cps
breaks and there's no way to get back to the webmail config form.
_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel
_______________________________________________ cps-devel mailing list http://lists.nuxeo.com/mailman/listinfo/cps-devel
