I'd like the best of both worlds.  I'm currently running Python 2.3.5, Zope 
2.7.7, and Plone 2.1 (final).  Using LDAPUserFolder (2.5beta2) as the 
authentication method and it works perfectly.  I'm using LDAPUF as the User 
Source and User Folder as the Groups Source. It's better for us to manage 
groups in Plone.  But I'd like a little of the information in Active Directory 
to help with some "blanket" permissions.

What I have is a folder that contains folders and files that need to be viewed 
by some personnel of the organization, but not others.  For this, I've created 
a role called 'Reader' (Reader gets viewing permissions only).  I create a 
group that I want to view folder A.  At the local level, I assign this group 
the role 'Reader'.  This will work fine, but I have to manually manage each 
group.  What I'd like to do is use some of the LDAP schema attributes to act as 
a condition of permissionship.

I can use this to create a portal tab:

Title           MOD Report 5
Id              folderContent
URL             string:${portal_url}/corporate-reports/operations-reports/
Condition       python: 'CN=MOD Report,CN=Users' in 
Permission      View
Category        portal_tabs
Visible?        checked

This correctly creates the portal tab because the condition in this case is 
true. But because this member isn't a member of the group that is allowed to 
view the URL, when I click on the tab I get Insufficient Privileges.  I was 
hoping there was a way that I could use this Property to map this member to a 
particular group.  That way everyone that has memberOf - MOD Report in Active 
Directory would automagically be a member of said group.

I've tried creating an action like this in portal_memberships and 
portal_groups, trying things like Category - global,folder and user but to no 
avail.  Does anyone know how I can bind this Member Property to a Group without 
using LDAPUF as the Group Source?

BTW, I don't want to create a portal tab for each permissioned folder.  I just 
want to map to the group.

Peppi Vecchio | Web Developer 


The information contained in this message is privileged, confidential and 
intended only for use of the individual or entity addressed above.  If you 
have received this communication in error, please immediately notify us
by reply and delete the same.  Thank you. 

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to