Pas.plugins.ldap: Default roles

reinhardt · September 30, 2019, 9:14am

In plone.app.ldap there's an option to assign a set of roles to all LDAP users. Is there a way to get the same effect with pas.plugins.ldap?

I think I see why there is no equivalent option in the config. pas.plugins.ldap does not instantiate the user object like plone.app.ldap does but relies on the default factory, so there is no way of directly setting roles. But maybe there's some alternative or workaround? I'm also thinking about the feasibility of registering the plugin as a role provider and assign roles like that. But I suppose the user would have to be looked up a second time to decide whether it's an LDAP user or not, which is not ideal.

Anyway, all ideas much appreciated! @jensens or @rnixx maybe?

Cheers, Manuel

rnixx · September 30, 2019, 9:41am

Hi,

underlying node.ext.ldap implements roles support (technically using LDAP groups) but this feature is not exposed via PAS (yet)

You'd need to implement the related PAS interfaces and roles settings in control panel form.

Cheers

reinhardt · October 1, 2019, 10:45am

Thanks! I don't even need the full role support. The main thing I want is the Member role for all LDAP users. I'm building something here:

jensens · October 1, 2019, 2:57pm

On way to get the Member role to a user from any user-source is to add another autogroup plugin and give the Virtual Group the Member role.