Hash: SHA1

Thomas Bennett wrote:
> I have installed the following:
> Zope Version  (Zope 2.9.7-final, python 2.4.4, linux2) 
> Python Version        2.4.4 (#1, Oct 23 2006, 13:58:00) 
>                        [GCC 4.1.1 20061011 (Red Hat 4.1.1-30)] 
> System Platform       linux2 
> SOFTWARE_HOME         /var/zope/lib/python 
> ZOPE_HOME     /var/zope 
> INSTANCE_HOME         /var/zope 
> CLIENT_HOME   /var/zope/var 
> Network Services      ZServer.HTTPServer.zhttp_server (Port: 8086)
> ZServer.HTTPServer.zwebdav_server (Port: 9800)
> I'm using Zeo storage with this.
> The main problem is my understanding roles with  my new set up.
> I am moving from a Zope 2.6.1 setup to the setup shown above.  I've already 
> added some Products to my INSTANCE_HOME/Products directory including Plone 
> which includes the PluggableAuthService folder.  I installed a Plone site for 
> testing and deleted it.
>   It appears that PAS has taken over my root acl_users folder or is this now 
> a 
> default in 2.9.

The installer for a 'Plone Site' replaces the root acl_users with a PAS:
 I've argued that this is poor practice (inexcusably rude, actually),
but they seem determined to continue it.

>   Now I can only add users from the ZODB User Manager under /acl_users/users, 
> there is nowhere to add a user from an Add buttion as in the older version of 
> Zope.

Correct.  In PAS, there are actually potentially muttiple user sources
(e.g,, SQL, LDAP, NTLM, etc.).  Adding them to the 'ZODB users' plugin
is the "cognate" of the od "Add" button.

>   I can add roles from ZODB Role Manager in /acl_users/roles but these roles 
> don't show up under the Security tab on any page.  I can add local roles 
> under the Security tab and they don't show up in /acl_users/roles. 

Correct.  The roles in the PAS plugin are used to control "global"
grants to the users;  the roles you set on a folder (even the root), are
about "local" grants.

> I have searched and can find little to no documentation on use or difference 
> in the two authentication methods.  Where can I find more information on 
> roles in 2.9.7 and use in this situation?

In general, I would avoid defining any new "global" roles in PAS, or
even granting the existing ones as "global" roles.  Rather, I advise
treating *all* grants as "local", even if that means setting them on the
root object.

> Is this normal behavior and if so how can I synchronize roles between the 
> Security tab and /acl_users/roles or is it not possible?

I would just avoid the role plugin altogether.

> Am still searching the WEB and archives in the meantime.

The better list for this would be [EMAIL PROTECTED] (CC'ed), which
deals with PAS specifics.

- --
Tres Seaver          +1 540-429-0999          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to