File: Configure.stx

package info (click to toggle)
zope-ldapuserfolder 2.2-2
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 508 kB
  • ctags: 313
  • sloc: python: 3,042; sh: 50; makefile: 38
file content (103 lines) | stat: -rw-r--r-- 5,026 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
LDAPUserFolder - Configure: Set the basic configuration for the LDAPUserFolder

    Description

       This view is used to change the basic settings of a LDAPUserFolder.

    Controls

     'Title' -- The (optional) title for this adapter

     'Login Name Attribute' -- The LDAP record attribute used as the username. The list 
       of default choices can be changed in the Advanced settings.

     'RDN Attribute' -- The RDN attribute (Relative Distinguished Name) is the
       name of the LDAP attribute used as the first component of the full DN
       (Distinguished Name). In most cases the default value of *cn* is correct, you
       can select *uid* if your schema defines it. Please see RFC 2377 for more
       information.

     'Users Base DN' -- The DN for the branch of your LDAP database that 
       contains user records.

     'Scope' -- Choose the depth for all searches from the user search base dn

     'Group storage' -- Choose where to store the group (a.k.a. Role) information
       for users. You can either store roles inside LDAP itself or you can store it
       inside the LDAP User Folder, which is simpler and does not require that LDAP
       deals with user roles at all.

     'Groups Base DN' -- The DN for the branch of your LDAP database that 
       contains group records. These group records are of the LDAP class 
       "groupOfUniqueNames" and the entry CN attribute constitutes the group name. 
       Groups embody Zope roles. A user which is part of a "Manager" group will 
       have the "Manager" role after authenticating through the LDAPUserFolder.
       If you have chosen to store groups inside the user folder itself this setting
       will be disregarded.

     'Scope' -- Choose the depth for all searches from the group search base 
       dn. If you have chosen to store groups inside the user folder itself this setting
       will be disregarded.

     'Manager DN and password' -- All LDAP operations require some form of
       authentication with the LDAP server. Under normal operation if no
       separate Manager DN is provided, the LDAPUserFolder will use the current
       user's DN and password to try and authenticate to the LDAP server. If a
       Manager DN and password are given, those will be used instead.

     'Manager DN usage' -- Specify how the Manager DN (if it has been provided) 
       will be used. 
       
       - *Never* will never apply this DN. If no Manager DN is specified this 
         is the default value. Bind operations use the current user's DN and 
         password if the user is known and an anonymous bind if not. Under
         normal operation only initial logins are performed without a known
         current user.

       - *Always* means the Manager DN is used to bind for every single
         operation on the LDAP server.

       - *For login data lookup only* uses the Manager DN upon user login when
         the user itself has not been instantiated yet and thus the user's DN
         is not yet known. Once the user has been instantiated its DN and 
         password are used for binding.

     'Read-only' -- Check this box if you want to prevent the LDAPUserFolder
       from writing to the LDAP directory. This will disable record insertion
       or modification.

     'User object classes' -- Comma-separated list of object classes for user
       records. Any new user record created through the LDAPUserFolder will 
       carry this list of object classes as its objectClass attribute.

     'User password encryption' -- This dropdown specifies the encryption scheme 
       used to encrypt a user record userPassword attribute. This scheme is 
       applied to the plaintext password when a user edits the password or when a
       new user is created. Check your LDAP server to see which encryption schemes
       it supports, pretty much every server can at least do "crypt" and "SHA".

     'Default User Roles' -- All users authenticated from your ldap tree
       will be given the roles you put into this comma-delimited list.
       Zope expects all users - anonymous as well as authenticated - to
       have the role Anonymous.

     'Apply Changes' -- Save your configuration changes.

     'LDAP Servers' -- The LDAP servers this LDAPUserFolder is connecting to.

     'Delete' -- Delete a LDAP server definition from the list of LDAP servers
       used by the LDAPUserFolder.

     'Add LDAP server' -- Add new LDAP servers to connect to.

     'Server host name or IP' -- The hostname or IP address for the LDAP server.

     'Server port' -- The port the LDAP server is listening on. By default, 
       LDAP servers listen on port 389. LDAP over SSL uses port 636 by default.

     'Protocol' -- Select whether to use standard LDAP or LDAP over SSL. 
       Please note that LDAP over SSL is *not* StartTLS, which uses the
       same port as unencrypted traffic.

     'Add Server' -- Add the new server to the list of servers used by the
       LDAPUserFolder.