And what about roles? I have tryed same aproach as in groups, but it doesn't work, all users get all roles...
It will be the same as in groups... or not? jacques.champliaud wrote: > Olivier Grisel <[EMAIL PROTECTED]> writes: > > >>jacques.champliaud a écrit : >> >>>Olivier Grisel <ogrisel <at> ...> writes: >>> >>> >>>>Fabrice Robin a écrit : >>>> >>>> >>>>> Hi, >>>>> >>>>> You will find in attachment my LDAP setup for members and groups. >>>>> These are the settings for an openldap directory with the use of >>>>> samba and posix schemas. >>>>> >>>>> With these settings, the CPS groups are the system groups used on >>>>> the network. >>>>> Any group created through CPS is created in the ZODB (groups_zodb). >>>> >>>>Thanks, I have opened a ticket to add a such a configuration option in >>> >>>CPSLDAPSetup: >>> >>>>http://svn.nuxeo.org/trac/pub/ticket/1648 >>>> >>>>Don't have time to do it now, though. >>> >>>I have tried to make CPSLDAPSetup work, my schemas are derived partly from > > the > >>>bbs-one's schemas ( which I cannot import (at least easily due to a > > problem > >>>witha <property name="schemas"/> line in some schemas ) >> >>You will need CPS trunk or CPS 3.4.1 (that should get released by the end of > > the > >>week) to have proper multi schema support for the directories. >> >> >>>In my schemas, objectClass for groups is groupOfUniqueNames >>> >>>Three levels of directories for groups: Meta, stack and ldap >>>Ok it is almost working well : >>>I get the correct groups name list whit security/Manage Local Roles >>> >>>but ... >>>1)when the mapping in the metadirectory called groups is set to: >>>id in groups_stack : uniqueMember <==> id in groups : members >>>then the members list is correctly displayed in CPS directories view but >>>a userbeing member of a group with corrects rights on a workspace >>>can't view this workspace >>> >>>2) when the mapping is set to : >>>id in groups_stack : uniqueMember <==> id in groups : dummy >>>then the members list can't be retrieved CPS complains about a >>>missing members key but a user being member of a group with >>>corrects rights on a workspace can view it >>> >>>Any idea to make this work correctly ? >> >>See later. >> >> >>>I had to copy/paste the groups directory to mycompanygroups >>>and set the mapping to: >>>id in groups_stack : uniqueMember <==> id in mycompanygroups : members >>> >>>This way everything works but the groups membership list. >>> >>>names of members in the mycompanygroups's view are correctly displayed >>>thank's to a external python script called from >>>portal_schemas/groups_ldap/f__uniqueMember Read >>>expression:python:portal.members_list(uniqueMember) >>>members_list being a function accepting a list type argument in the form >>>['uid=fname1.name1,ou=people,dc=mycomp,dc=fr', >>>'uid=fname2.name2,ou=people,dc=mycomp,dc=fr'] >>>and returning a list in the form >>>['fname1.name1','fname2.name2'] >> >>Beware that read_process_expr are not computed in search mode (searchEntries >>API). That might be related to your problem of having the members of > > group get > >>the right locaroles. >> > > > > Ok, so I completly removed the field uniqueMember from > portal_schemas/groups_ldap object. A user being member of a group with > corrects rights on a workspace can *still* view this workspace. > This means that CPS can retrieve the membership of a user without > using the groups portal_directories... and as the ldap entry > of a user don't list the groups he belongs to... > I suspect this is due to the python expression : > python:util.dirCrossGetList('groups', 'members', data.get('uid')) > in the Read: expression of portal_schemas/members_ldap/f__cpsGroups > > Am I correct ? > > But even this way, as the members of a group are listed in the fields > uniqueMember of the ldap groups schema where is the uniqueMember field > mentionned in CPS ? > And how can I use it to limit the groups a member can list > ( the Entry Local Roles GroupMember python:entry_id in > getUserEntry().get('groups', []) doesn't work ) > Thanks > > > > > _______________________________________________ > cps-devel mailing list > http://lists.nuxeo.com/mailman/listinfo/cps-devel > -- Aitzol Naberan Burgaña CodeSyntax http://www.codesyntax.com 943 82 17 80
signature.asc
Description: OpenPGP digital signature
_______________________________________________ cps-devel mailing list http://lists.nuxeo.com/mailman/listinfo/cps-devel
