Hi Sam,

Thanks for the detailed and quick reply.

On Fri, 12 May 2006 10:19:31 +1000
Sam Stainsby <[EMAIL PROTECTED]> wrote:

> On Thu, 11 May 2006 20:35:53 +0000, Jamie Bullock wrote:
> > Does anyone have a script or any advice for exporting Zope users and groups 
> > to an LDIF file?
> I have built such a script for a client, though the 'users' and 'groups'
> that the script works on are workflowable content objects in Plone
> (similar to the approach used CMFMember). It is then fairly easy to find
> users and groups in the portal catalog and map then to appropriate LDAP
> attributes. 

It is a Plone site, and we are using GRUF 3.4. We're not using CMFMember or 
anything like that.

>Writing LDIF to update an existing LDAP repository (rather
> than just rebuilding it completely) took me quite a while to get right.
> The script is about 700 LOC (including blank lines & comments) - it is not
> trivial, unless you are just going to rebuild your LDAP each time.

All of our users details are currently stored in the zodb, we don't have an 
existing LDAP service, so this is from scratch. I'd expect to just need to use 
the script once, and then just use LDAP as a backend, managing it with a 
Plone/Zope binding through LDAPUF.

> If not using Plone, CMFMemmber, etc. then imagine you could extract users
> and groups directly out of Zope and use member properties etc to find the
> LDAP attributes that you need.
> Let me know if you want me to ask my client to open source a version of
> the script. They are generally agreeable with that sort of thing. At some
> stage we may open source the whole project.
That would be extremely good of you. Of course when I changed the script, I 
would make that available to other also, so even more people could benefit.

> PS: The aim of my client's project is to have a central staff directory
> with all staff usernames and passwords, and group/role based authorization
> info controlled though a single Plone Web interface. For example, I have
> set up to be qmailGroup objects in LDAP so that mailing lists can be
> controlled through the web UI when using mail servers that understand the
> qmail schema. I am also using PAM LDAP to control access to apache 2 and
> subversion, and using LDAP to control authentication and authorization on
> other remote Zope servers.

That's almost identical to what I need to do. I want Zope/Plone management with 
an LDAP backend for Plone, ezmlm/qmail lists, and svn/trac!


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to