[Setup] Re: Ldap authentication not restricting users to Plone
nd51 at leicester.ac.uk
Wed May 27 11:02:22 UTC 2009
> • I cannot see members of ldap groups through Plone
If you have "many groups" set , you won't be able to, so that's worth
checking if thats set (site setup->Groups->settings tab ).
Or better still, go look at a user in Plone, from site setup->users and
groups->users tab and look at their group memberships. Can you see that
they're a member of the groups there that you expect from LDAP? If so
that means things are working OK
> • On sharing tab of Staff folder I have ldap group plonestaff* who Can view
> • Student Folder has no ldap groups who are allowed entry, only Logged-in
> users which has no permission checks in boxes
> • An ldap user in plonestaff* group can get into staff and student areas
> Plonestaff* Is staff usergroup on Novell eDirectory
> Ldap group Plonestaff does have Plone Member role.
I will rephrase to check I understood you correctly.
You've given PloneStaff group just "can view" access in Staff folder,
and no access in Student Folder ?
If those folders are published, everyone will be able to view it
regardless of permissions.
ONLY if its private will it be restricted only to people with "can view"
You say the PloneStaff group has Member role, but that is presumably
just by virtue that all LDAP users have Member role, if you've set
Default User roles to "Anonymous,Member" in your LDAP plugin, so that
sounds like irrelevant info in this case.
If your folders are indeed private, it sounds like it ought to work.
I note you're using Intranet workflow, whereas its more common to stay
with Plone's default "simple publication workflow" as public facing
sites are more common than intranet.
More light may be shed on the situation if you tried switching a copy of
your site to simple publication workflow and see if it works as expected
Its possible there's some issue with the intranet workflow that most
people don't encounter due to not using it.
Its also possible there's some issue in Plone 3.2.2, which is fairly new.
Hope this helps,
Web Application Developer
University of Leicester
More information about the Setup