Accessing site for administration tasks with no LDAP user

Hi guys,

I am working on a Plone 4.1 site which has the following LDAP add-ons:

dataflake.ldapconnection 1.2
Products.LDAPMultiPlugins 1.14
Products.LDAPUserFolder 2.20
Products.PloneLDAP 1.1

All the site's users are stored in an LDAP server, except for Zope admin user.

When I access to the ZMI with admin credentials, I can expand the base node of the Intranet site in the tree-view, but I am unable to navigate through the childnodes, i.e. I am asked for intranet credentials.

The site was originally developed by another company and I don't have any of their credentials, nor does the Client (who claims to be unable to create an administration user).

Given that I am working on a developement environment, which is a perfect copy of the production one, I wonder if there is any possible way to add a non-LDAP user (with manager role) via ZMI or programamtically and then use that one to connect to my local site.

TIA for any help and suggestions.


Hello Luca,

What normally happens is that a user that is not in the Plone site's acl_users folder (for example the admin use) is inherited from the upper folders' acl_users (which is the zope site_root). If there's however another 'admin' user object in /plone_site_name/acl_users either a real object or something coming in through ldap, this admin object is returned.

If this is happening, the solution is to create a new admin capable user in the zope-siteroot with a name that you are sure is not used in the Plone site itself. Check the bin/instance 'adduser' command:

Add with a user name like "admin_abcde", login using this new user and you should be able to enter the Plone site and fix up permissions etc. Oh and don't forget to clean up your rescue user afterwards. :wink:



Hi Fred,

thanks for your hint. As a matter of fact, I already tried adding a user via 'adduser' but it didn't work, I will try again with a different username (though I used my nickname and I don't think it was in the LDAP userlist). :smile:


[EDITED] I tried again and - as before - my new admin is created under Root Folder --> acl_users and cannot accessthe intranet site when I click on intrante --> acl_users I am prompted for login credentials.

That's truly bizarre, that the original Zope "admin" account can't see something.

The URL where you should be able to add a new Zope manager account is:


Click on the "Add a user" link, then when you've added the new user, go back to


and click on the question mark ('?') in the row for the Manager role, ie.


and in the Principal ID field type the name of the new user you created, click Search, then click on the user's line in the Available box then on the right arrow to assign the role to the user.

I had this too in past. I remember there was a bug in an older version of Plone where users in root acl_users where not valid in plones acl_users. I cant quickly find the reference to the bug. Iiirc the migration of the root user folder did not happen or something was not completed while migrating. An upgrade to a newer Plone may help. If you search the bugreports or changelogs you may find the cause and solution so you an patch your older Plone. Or maybe someone in here has a hint.

Thanks Jens,

I'll have a look a the bugreports/changelogs.


@jensens You were right.

I created a new site as suggested at and it resolved the problem.

Thank you,