I spent some time thinking about the problem and it is clearer in my mind
now.
In the example I told you, the memberOf information of a user could have
been:
CN=Alfa_QWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd;CN=ZXCV66_POIUYT_LKJHG_QAZXSWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd
in that case, probably the first element of the ldap_user.memberOf list was
"CN=Alfa_QWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd"
and the second one
"CN=ZXCV66_POIUYT_LKJHG_QAZXSWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd"
With my change in the code (changing the comma by semicolon in " cns = [
x.split(',')[0] for x in (ldap_user.memberOf or []) ]") what probably
happened was that the group DNs were not split correctly.
In the example, cns was supposed to result
["CN=Alfa_QWE", "CN=ZXCV66_POIUYT_LKJHG_QAZXSWE"]
, but came out to be
['CN=Alfa_QWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd',
'CN=ZXCV66_POIUYT_LKJHG_QAZXSWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd']
Then, on the second manipulation (cns = [x.split('=')[1] for x in cns] - I
haven't changed that), cns should have become
['Alfa_QWE', 'ZXCV66_POIUYT_LKJHG_QAZXSWE'] - the list with the group CNs
but instead it became
['Alfa_QWE,OU', 'ZXCV66_POIUYT_LKJHG_QAZXSWE,OU'] - note the ",OU" at the
end of the group CNs
Which would not refer to any real group.
So, tomorrow I am gonna change the code back to its original form, and I
will test whether deactivating the AD plugin as a Groups plugin (leaving the
other interfaces active) still allow the users to log in to the site. I will
compromise to a lesser degree of working features (which means not using AD
groups for local role assignment in Plone objects) if that at least allows
all users to access the site.
Now, there is some new information I forgot to share: remember when I told
that the UnicodeDecodeError started appearing to any authenticated user with
at least a group with a accented char (i.e. non ascii) in the group CN?
Well, I was looking at the AD plugin in ZMI, searching for users that
reported the problem and users that reported not having any problem, and I
got to verify that the memberOf info of the affected users was not displayed
correctly: the accented chars were displayed like japanese chars or the
square that indicates unknown char.
I wonder if that might give a hint on how to solve the problem or is just a
ZMI displaying information.
Anyway, do you have any others ideas on strategies I should try to solve the
problem?
Thank you again for your responses and your help so far.
Alberto
--
View this message in context:
http://n2.nabble.com/LDAPMultiPlugins-developers%3A-please-read-this---possible-localization-problem-tp777592p780461.html
Sent from the Product Developers mailing list archive at Nabble.com.
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
