[CPS-devel] CPSLDAPSetup with Windows AD

RAAD Umar Wed, 07 Jun 2006 02:40:32 -0700

Hello everybody,

I tried to install CPSLDAPSetup on a test cps server and tried to configure it to authenticate toward a Windows 2000 server AD.

I tried to follow the instruction as precisely as possible and made an as accurate as possible configuration of the members_ldap.xml file but nothing works :-(

Here’s exactly what I’ve done:

- Installed a win2000 test server as domain controller for the “googol.ch” domain and named it DC1.

- Created a user named “cps” with password “cps” (I know… it’s bad, but it’s just for testing) in the standard “Users” OU. User is domain admin

- Downloaded CPS-3.4.0-3.exe (a version that needs CPS >= 3.4.0) and python-ldap-2.0.6.win32-py2.4.exe

- Installed another win2000 server named intra and joined it to the domain googol.ch

- Installed CPS-3.4.0-3 on the “intra” server

- Started IE and tried to login to the cps test site created by default (all OK)

- Installed python-ldap using python-ldap-2.0.6.win32-py2.4.exe and tested it using the “import ldap” command in a python shell (all OK)

- Modifed the members_ldap.xml file and copied CPSLDAPSetup to the Products directory. You have an exact copy of my members_ldap.xml at the end of this mail

- Restarted zope and created a new cps site named test1

- Tested it with the standard password entered during the creation of the site (all OK)

- Went to portal_setup tool, select the CPS LDAP Setup profile and import it.

- Tried to login to the site with the standard “admin” user defined during the creation of the site (Error message without any detail)

- Tried to login to the site with one of the users defined in the Users OU of active directory (Standard wrong user or password message). Also tested with the user “cps” defined at step 2

In the installation procedure it is written that : “you'll need to give each member the Member role for her CPS login to succeed.” But due to the fact that I havn’t found any way to give this role that doesn’t work too :-(

Here is the copy of my members_ldap.xml file:

<?xml version="1.0"?>

<property name="schema">members_ldap</property>

<property name="acl_entry_create_roles">Manager</property>

<property name="acl_entry_delete_roles">Manager</property>

<property name="acl_entry_view_roles">Manager</property>

<property name="acl_entry_edit_roles">Manager</property>

</property>

<property name="is_hierarchical">False</property>

<property name="password_field">userPassword</property>

<property name="ldap_server">dc1.gogol.ch</property>

<property name="ldap_use_ssl">False</property>

<property name="ldap_base">CN=Users,DC=gogol,DC=ch</property>

<property

name="ldap_base_creation">CN=Users,DC=gogol,DC=ch</property>

<property name="ldap_scope">SUBTREE</property>

<property name="ldap_search_classes">top, person</property>

<property name="ldap_bind_dn">[EMAIL PROTECTED]</property>

<property name="ldap_rdn_attr">sAMAccountName</property>

<property name="ldap_object_classes">top, person</property>

<cache-manager name="dir_ramcache"/>

</object>

Any advice of what I’ve done wrong or forgotten to do would be more than welcome, but remember that I’m really new to CPS… Explanations will have to be precise even for things that seem to be obvious for most of you.

Thank you for your help and best regards

Umar

_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel

[CPS-devel] CPSLDAPSetup with Windows AD

Reply via email to