jacques.champliaud a écrit :
Olivier Grisel <[EMAIL PROTECTED]> writes:
Fabrice Robin a écrit :
Hi,
You will find in attachment my LDAP setup for members and groups.
These are the settings for an openldap directory with the use of
samba and posix schemas.
With these settings, the CPS groups are the system groups used on
the network.
Any group created through CPS is created in the ZODB (groups_zodb).
Thanks, I have opened a ticket to add a such a configuration option in
CPSLDAPSetup:
http://svn.nuxeo.org/trac/pub/ticket/1648
Don't have time to do it now, though.
I have tried to make CPSLDAPSetup work, my schemas are derived partly from the
bbs-one's schemas ( which I cannot import (at least easily due to a problem
witha <property name="schemas"/> line in some schemas )
You will need CPS trunk or CPS 3.4.1 (that should get released by the end of the
week) to have proper multi schema support for the directories.
In my schemas, objectClass for groups is groupOfUniqueNames
Three levels of directories for groups: Meta, stack and ldap
Ok it is almost working well :
I get the correct groups name list whit security/Manage Local Roles
but ...
1)when the mapping in the metadirectory called groups is set to:
id in groups_stack : uniqueMember <==> id in groups : members
then the members list is correctly displayed in CPS directories view but
a userbeing member of a group with corrects rights on a workspace
can't view this workspace
2) when the mapping is set to :
id in groups_stack : uniqueMember <==> id in groups : dummy
then the members list can't be retrieved CPS complains about a
missing members key but a user being member of a group with
corrects rights on a workspace can view it
Any idea to make this work correctly ?
See later.
I had to copy/paste the groups directory to mycompanygroups
and set the mapping to:
id in groups_stack : uniqueMember <==> id in mycompanygroups : members
This way everything works but the groups membership list.
names of members in the mycompanygroups's view are correctly displayed
thank's to a external python script called from
portal_schemas/groups_ldap/f__uniqueMember Read
expression:python:portal.members_list(uniqueMember)
members_list being a function accepting a list type argument in the form
['uid=fname1.name1,ou=people,dc=mycomp,dc=fr',
'uid=fname2.name2,ou=people,dc=mycomp,dc=fr']
and returning a list in the form
['fname1.name1','fname2.name2']
Beware that read_process_expr are not computed in search mode (searchEntries
API). That might be related to your problem of having the members of group get
the right locaroles.
--
Olivier
_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel
