Re: [Zope] ldap authentication with apache or LDAPUserFolder?

2005-07-11 Thread Tim Suter 
Sorry Marco the reply to all button eluded me once again:

I deleted the access file and recreated it so I could get ready to
delete all instances of the old LDAPUserFolder.  This has to been done
prior to migration of Data.fs as the new Zope 2.8 isn't compatible with
the old LDAPUserFolder.

Now, after commenting out the apache lines below:

  #
#AuthName "Knowledge Access"
#AuthType Basic
#AuthLDAPURL ldap://X.X.org:389/o=X.org?uid?sub?
(objectClass=person)
#require group cn=caitstaff,ou=Groups,o=X.org
#

I can type in the URL for the knowledge base and it takes me straight to
the index_html page without authentication unlike before.  However,
after clicking the Manage Zope link, then you must enter in credentials,
in order to access the ZMI of which the root folder contains the
acl_users folder with the LDAPUserFolder configuration.  Does this tell
me that LDAPUserFolder is being handed the credentials via apache
through some sort of redirect?

Tim

On Mon, 2005-07-11 at 18:56 +0200, Marco Bizzarri wrote:
> What I suspect is that you are working with Zope in Remote User Mode. 
> You can verify this in a very quick way, by looking at your instance 
> home directory and checking if the access file contains a line like 
> 'admin:' or 'super:' or whatever, but with no password.
> 
> Regards
> Marco
> 
> Tim Suter wrote:
> > As some of you know, I am working on an installation of Zope/Zwiki.
> > What I have inherited is a 2.5.1 Zope/Zwiki on a Debian box.  I am
> > wanting to move the data from the 2.5.1 to a 2.8.  But here's the
> > situation.
> > 
> > At the root of the 2.5.1 install there is an acl_users folder that
> > appears to be the LDAPUserFolder authentication mechanism.  However,
> > upon looking at the apache config on my Debian box you see this:
> > 
> > 
> > 
> > AuthName "Knowledge Access"
> > AuthType Basic
> > AuthLDAPURL ldap://X.X.org:389/o=X.org?uid?sub?
(objectClass=person)
> > require group cn=caitstaff,ou=Groups,o=X.org
> > 
> > DocumentRoot /var/www
> > ServerName X.X.org
> > 
> > RedirectMatch ^/$ /Zope/
> > RewriteEngine on
> > RewriteCond %{HTTP:Authorization}  ^(.*)
> > RewriteRule ^/Zope/(.*) /usr/lib/cgi-bin/Zope/$1
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
> > 
> > 
> > 
> > I am trying to figure out what is authenticating the user,
LDAPUserFolder or the AuthLDAP in Apache?
> > 
> > In the root folder of the 2.5.1 install, there is our knowledge
folder, argyle, inventory, a public folder.  Those are the custom
folders
> > we created.
> > The Zope install folders are the control panel, temp_folder,
Tutorial, test.  There is an acl_users folder, but
> > it is not the original and has the LDAPUserFolder configuration in
it.  
> > 
> > After authentication, the user is directed to the index_html which
is in the root folder.  The links present on this 
> > page point to our available knowledge bases (the custom folders we
created).  As well, it has a manage Zope link.  Only certain users can
access this link.
> > Anyone authenticated to the knowledge bases though, can add, edit or
delete content.
> > This is the preferred method of this application as we want all
users here to be able to openly collaborate.
> > 
> > I need to authenticate the same way on the new install as the old
one.  Here is the dilemma though.
> > On the new install of 2.8, it rests on an RHEL4 server.  On this
apache, I have to use authZLDAP
> > as there is a documented bug with RedHat for the AuthLDAP.
> > 
> > There are years of data collected in this knowledge base that I
don't want to lose.  So I am being 
> > about as careful as I can be...maybe too careful.  
> > 
> > So, question wise...I am wondering what authentication to use.  I
know that LDAPUserFolder appears
> > to be the way to go, but I don't know if that is what is actually
happening.  By the looks of the above 
> > apache configuration, could there be some sort of redirection
happening?
> > 
> > Tim
> > 
> > ___
> > Zope maillist  -  Zope@zope.org
> > http://mail.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists - 
> >  http://mail.zope.org/mailman/listinfo/zope-announce
> >  http://mail.zope.org/mailman/listinfo/zope-dev )
> 



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] ldap authentication with apache or LDAPUserFolder?

2005-07-11 Thread Marco Bizzarri 
What I suspect is that you are working with Zope in Remote User Mode. 
You can verify this in a very quick way, by looking at your instance 
home directory and checking if the access file contains a line like 
'admin:' or 'super:' or whatever, but with no password.


Regards
Marco

Tim Suter wrote:

As some of you know, I am working on an installation of Zope/Zwiki.
What I have inherited is a 2.5.1 Zope/Zwiki on a Debian box.  I am
wanting to move the data from the 2.5.1 to a 2.8.  But here's the
situation.

At the root of the 2.5.1 install there is an acl_users folder that
appears to be the LDAPUserFolder authentication mechanism.  However,
upon looking at the apache config on my Debian box you see this:



AuthName "Knowledge Access"
AuthType Basic
AuthLDAPURL ldap://X.X.org:389/o=X.org?uid?sub?(objectClass=person)
require group cn=caitstaff,ou=Groups,o=X.org

DocumentRoot /var/www
ServerName X.X.org

RedirectMatch ^/$ /Zope/
RewriteEngine on
RewriteCond %{HTTP:Authorization}  ^(.*)
RewriteRule ^/Zope/(.*) /usr/lib/cgi-bin/Zope/$1 
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]



I am trying to figure out what is authenticating the user, LDAPUserFolder or 
the AuthLDAP in Apache?

In the root folder of the 2.5.1 install, there is our knowledge folder, argyle, 
inventory, a public folder.  Those are the custom folders
we created.
The Zope install folders are the control panel, temp_folder, Tutorial, test.  
There is an acl_users folder, but
it is not the original and has the LDAPUserFolder configuration in it.  

After authentication, the user is directed to the index_html which is in the root folder.  The links present on this 
page point to our available knowledge bases (the custom folders we created).  As well, it has a manage Zope link.  Only certain users can access this link.

Anyone authenticated to the knowledge bases though, can add, edit or delete 
content.
This is the preferred method of this application as we want all users here to 
be able to openly collaborate.

I need to authenticate the same way on the new install as the old one.  Here is 
the dilemma though.
On the new install of 2.8, it rests on an RHEL4 server.  On this apache, I have 
to use authZLDAP
as there is a documented bug with RedHat for the AuthLDAP.

There are years of data collected in this knowledge base that I don't want to lose.  So I am being 
about as careful as I can be...maybe too careful.  


So, question wise...I am wondering what authentication to use.  I know that 
LDAPUserFolder appears
to be the way to go, but I don't know if that is what is actually happening.  By the looks of the above 
apache configuration, could there be some sort of redirection happening?


Tim

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce

 http://mail.zope.org/mailman/listinfo/zope-dev )


begin:vcard
fn:Marco Bizzarri
n:Bizzarri;Marco
org:Icube S.r.l.
adr:;;via Ridolfi 15;Pisa;PI;56124;Italy
email;internet:[EMAIL PROTECTED]
title:Amministratore Delegato
tel;work:+39-050-970-207
tel;fax:+39-050-3136-588
tel;cell:+39-348-640-4861
x-mozilla-html:FALSE
url:http://notenotturne.blogspot.com/
version:2.1
end:vcard

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] ldap authentication with apache or LDAPUserFolder?

2005-07-11 Thread Jens Vagelpohl 


On 11 Jul 2005, at 17:00, Tim Suter wrote:


As some of you know, I am working on an installation of Zope/Zwiki.
What I have inherited is a 2.5.1 Zope/Zwiki on a Debian box.  I am
wanting to move the data from the 2.5.1 to a 2.8.  But here's the
situation.




Why don't you just *try* different combinations and see what happens?  
Like, comment out the Apache AuthLDAP stuff and see what happens.


jens


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] ldap authentication with apache or LDAPUserFolder?

2005-07-11 Thread Tim Suter 
As some of you know, I am working on an installation of Zope/Zwiki.
What I have inherited is a 2.5.1 Zope/Zwiki on a Debian box.  I am
wanting to move the data from the 2.5.1 to a 2.8.  But here's the
situation.

At the root of the 2.5.1 install there is an acl_users folder that
appears to be the LDAPUserFolder authentication mechanism.  However,
upon looking at the apache config on my Debian box you see this:



AuthName "Knowledge Access"
AuthType Basic
AuthLDAPURL ldap://X.X.org:389/o=X.org?uid?sub?(objectClass=person)
require group cn=caitstaff,ou=Groups,o=X.org

DocumentRoot /var/www
ServerName X.X.org

RedirectMatch ^/$ /Zope/
RewriteEngine on
RewriteCond %{HTTP:Authorization}  ^(.*)
RewriteRule ^/Zope/(.*) /usr/lib/cgi-bin/Zope/$1 
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]



I am trying to figure out what is authenticating the user, LDAPUserFolder or 
the AuthLDAP in Apache?

In the root folder of the 2.5.1 install, there is our knowledge folder, argyle, 
inventory, a public folder.  Those are the custom folders
we created.
The Zope install folders are the control panel, temp_folder, Tutorial, test.  
There is an acl_users folder, but
it is not the original and has the LDAPUserFolder configuration in it.  

After authentication, the user is directed to the index_html which is in the 
root folder.  The links present on this 
page point to our available knowledge bases (the custom folders we created).  
As well, it has a manage Zope link.  Only certain users can access this link.
Anyone authenticated to the knowledge bases though, can add, edit or delete 
content.
This is the preferred method of this application as we want all users here to 
be able to openly collaborate.

I need to authenticate the same way on the new install as the old one.  Here is 
the dilemma though.
On the new install of 2.8, it rests on an RHEL4 server.  On this apache, I have 
to use authZLDAP
as there is a documented bug with RedHat for the AuthLDAP.

There are years of data collected in this knowledge base that I don't want to 
lose.  So I am being 
about as careful as I can be...maybe too careful.  

So, question wise...I am wondering what authentication to use.  I know that 
LDAPUserFolder appears
to be the way to go, but I don't know if that is what is actually happening.  
By the looks of the above 
apache configuration, could there be some sort of redirection happening?

Tim

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )