Re: CPS3.4 + LDAP

Aitzol Naberan a écrit :

> I need full integration (users, groups and roles) between LDAP and CPS,
> so I have started playing with CPSLDAPSetup product, and now I'm able to
> authenticate user agains LDAP (still have some errors, but ...). Next I
> have started to prepare the directories structure for the groups. I have
> created a LDAP Backing directory called groups_ldap (with his schema and
> layout), them I have replaced the original groups directory with another
> Meta directory called groups. I have added the groups_ldap directory as
> a Backing and I have mapped the groups_ldap attributes to groups schema.

You probably do not need a MetaDirectory but you need a StackingDirectory to be 
able to translate primary keys (DN <-> group id).

> Well, now I can do searches for groups using the directories search
> interface (I can ask for a group called 'system', and I get results). If
> I extend the groups info to see the users of this group, I get a list of
> 'DN' attributes from LDAP. How can I get usernames?

Hum, this is tricky because DNs do not mean anything to CPS. You could add a 
computed field that does the translation however but you wont be able to search 
groups according to their members (computed fields are not evaluated in search 
mode).

> And another question, how can I get groups info for a user? I supose I
> have to ask to the LDAP server, but I don't know how (a computed
> attribute in the schema???? )

Currently this is done through read_process_expr-based computed fields in the 
members schema but this might not be the best solution. Write process 
expressions might be a better idea.

--

-- 
Olivier

_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel