Re: [Zope] problem connecting LdapUserFolder with Active Directory

2009-09-02 Thread Jens Vagelpohl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On Sep 2, 2009, at 04:33 , Miguel Beltran R. wrote:

 OPERATIONS_ERROR: {'info': ': LdapErr: DSID-0C090627,  
 comment: In
 order to perform this operation a successful bind must be completed  
 on the
 connection., data 0, vece', 'desc': 'Operations error'}

The error message is informative enough I would say. An operation  
(probably a search) is being performed, but no bind has happened.

Since there is a (simple) bind being performed in the code right  
before this error it appears AD does not like it. Maybe AD is not  
configured to allow sinple user/password binds. Or it is configured to  
only allow access from certain hosts, and the host with the Zope  
installation is not on that list. With AD, the possibilities for  
problems are endless.

jens



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkqeEQwACgkQRAx5nvEhZLK6nACfSTxtVaplzFSh9NZbhlp61Obr
BmcAnRr626z6IIfzu062WzWcnh0CRvcO
=CmKK
-END PGP SIGNATURE-
___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] problem connecting LdapUserFolder with Active Directory

2009-09-02 Thread Miguel Beltran R.
2009/9/2 Jens Vagelpohl j...@dataflake.org

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1


 On Sep 2, 2009, at 04:33 , Miguel Beltran R. wrote:

  OPERATIONS_ERROR: {'info': ': LdapErr: DSID-0C090627,
  comment: In
  order to perform this operation a successful bind must be completed
  on the
  connection., data 0, vece', 'desc': 'Operations error'}

 The error message is informative enough I would say. An operation
 (probably a search) is being performed, but no bind has happened.

 Since there is a (simple) bind being performed in the code right
 before this error it appears AD does not like it. Maybe AD is not
 configured to allow sinple user/password binds. Or it is configured to
 only allow access from certain hosts, and the host with the Zope
 installation is not on that list. With AD, the possibilities for
 problems are endless.

 jens


 Thanks Jens, after a second look on directory LdapUserFolder (v2.12) I
found README.ActiveDirectory.txt what say how configure correctly LUF
My options was:
All options in LdapUserFolder use default, except
*Users Base DN  =  ou=Usuarios,ou=CEED,dc=ceed,dc=local
*Groups Base DN  =  ou=Usuarios,ou=CEED,dc=ceed,dc=local
*Manager DN = cn=zopeldap,ou=Usuarios,ou=CEED,dc=ceed,dc=local
* Manager DN Usage = Always (before was for login data only)  **important
option**
*read-only= on

The server now connect to port 3268
___
Zope maillist  -  Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope-dev )