LDAPUserFolder - Configure: Set the basic configuration for the LDAPUserFolder

Description

This view is used to change the basic settings of a LDAPUserFolder.

Controls

Title
The (optional) title for this adapter
Login Name Attribute
The LDAP record attribute used as the username. The list of default choices can be changed by adding attributes on the LDAP Schema tab.
User ID Attribute
The LDAP record attribute used as the user ID. The list of default choices can be changed by adding attributes on the LDAP Schema tab. IMPORTANT: You should only set this attribute to a LDAP record attribute that contains a single value and that does not get changed, otherwise you will run into problems with the Zope object ownership mechanism.
RDN Attribute
The RDN attribute (Relative Distinguished Name) is the name of the LDAP attribute used as the first component of the full DN (Distinguished Name). In most cases the default value of cn is correct, you can select uid if your schema defines it. Please see RFC 2377 for more information.
Users Base DN
The DN for the branch of your LDAP database that contains user records.
Scope
Choose the depth for all searches from the user search base dn
Group storage
Choose where to store the group (a.k.a. Role) information for users. You can either store roles inside LDAP itself or you can store it inside the LDAP User Folder, which is simpler and does not require that LDAP deals with user roles at all.
Group mapping
If your group information is stored in LDAP and you do not want to set up individual LDAP group to Zope role mappings, then you can simply map all LDAP groups to Zope roles. Each group a user is member of will show up as a role with the same name on the user object.
Groups Base DN
The DN for the branch of your LDAP database that contains group records. These group records are of the LDAP class "groupOfUniqueNames" and the entry CN attribute constitutes the group name. Groups embody Zope roles. A user which is part of a "Manager" group will have the "Manager" role after authenticating through the LDAPUserFolder. If you have chosen to store groups inside the user folder itself this setting will be disregarded.
Scope
Choose the depth for all searches from the group search base dn. If you have chosen to store groups inside the user folder itself this setting will be disregarded.
Manager DN and password
All LDAP operations require some form of authentication with the LDAP server. Under normal operation if no separate Manager DN is provided, the LDAPUserFolder will use the current user's DN and password to try and authenticate to the LDAP server. If a Manager DN and password are given, those will be used instead.
Manager DN usage
Specify how the Manager DN (if it has been provided) will be used.
Read-only
Check this box if you want to prevent the LDAPUserFolder from writing to the LDAP directory. This will disable record insertion or modification.
User object classes
Comma-separated list of object classes for user records. Any new user record created through the LDAPUserFolder will carry this list of object classes as its objectClass attribute.
Additional user search filter
Only set this value if you really know what you are doing! You can lock out your users with a faulty value here! The additional user search filter allows the administrator to specify a free-form LDAP filter expression which will be added to the default user search filter. The default user search filter and this additional search filter are combined as an AND expression. Records must satisfy both filters to be found using the various user searches. Any value specified in this field must follow correct LDAP search filter syntax.
User password encryption
This dropdown specifies the encryption scheme used to encrypt a user record userPassword attribute. This scheme is applied to the plaintext password when a user edits the password or when a new user is created. Check your LDAP server to see which encryption schemes it supports, pretty much every server can at least do "crypt" and "SHA".
Default User Roles
All users authenticated from your ldap tree will be given the roles you put into this comma-delimited list. Zope expects all users - anonymous as well as authenticated - to have the role Anonymous.
Apply Changes
Save your configuration changes.