#9 — LDAP-authenticated users lose privileges to add files following installation of plone.app.blob 1.0b2 to Plone 3.1.7 in ZEO cluster configuration
by
Graham Perrin
—
last modified
Sep 30, 2009 11:54 AM
| State | Resolved |
|---|---|
| Version: |
—
|
| Area | Functionality |
| Issue type | Bug |
| Severity | Important |
| Submitted by | Graham Perrin |
| Submitted on | Nov 18, 2008 |
| Responsible | Andreas Zeidler |
| Target release: | 1.0 |
In root ZEO cluster configuration, using the recommended installer for Plone 3.1.7:
installation and configuration of plone.app.ldap followed by
installation of plone.app.blob
appears to cause LDAP-authenticated users to
lose privileges that are required to add a file.
A most noticeable symptom *may* be the absence of 'File' from the 'Add…' menu.
Various other symptoms observed and discussed at
http://n2.nabble.com/multi-[…]sers-tp1131666p1514453.html
buildout configuration file attached.
Possible highlights from the steps to reproduce:
http://dev.plone.org/plone/ticket/8495
http://dev.plone.org/plone/ticket/8629
irc://irc.freenode.net/#plone is a good place to chat with me if testing is required and considering the two tickets referenced above, I may alert stevem to the presence of this issue in the plone.app.blob area.
If this transpires to be an issue that belongs in Trac for Plone core, then the formatting below should lend itself to easy copying to Trac.
Best regards
Graham
installation and configuration of plone.app.ldap followed by
installation of plone.app.blob
appears to cause LDAP-authenticated users to
lose privileges that are required to add a file.
A most noticeable symptom *may* be the absence of 'File' from the 'Add…' menu.
Various other symptoms observed and discussed at
http://n2.nabble.com/multi-[…]sers-tp1131666p1514453.html
buildout configuration file attached.
Possible highlights from the steps to reproduce:
http://dev.plone.org/plone/ticket/8495
http://dev.plone.org/plone/ticket/8629
irc://irc.freenode.net/#plone is a good place to chat with me if testing is required and considering the two tickets referenced above, I may alert stevem to the presence of this issue in the plone.app.blob area.
If this transpires to be an issue that belongs in Trac for Plone core, then the formatting below should lend itself to easy copying to Trac.
Best regards
Graham
- Steps to reproduce:
- 1. Plone-3.1.7-UnifiedInstaller
2. sudo ./install.sh zeo
3. cd to Plone/zeocluster
4. sudo bin/startcluster.sh
5. sudo bin/stopcluster.sh
6. add plone.app.blob and plone.app.ldap to [eggs] and [zcml] sections of buildout.cfg
7. sudo bin/buildout
# http://dev.plone.org/plone/ticket/8495
# http://dev.plone.org/plone/ticket/8629
# but note that here I'm using the _recommended_ installer for Plone 3.1.7
# (not an experimental variant)
8. sudo mkdir var/blobstorage
9. sudo chmod 700 var/blobstorage
10. sudo chown zeo var/blobstorage
11. sudo bin/startcluster.sh
12. install plone.app.ldap
13. configure for read-only access to an LDAP server
14. create a test folder at Plone site root, in its Sharing tab grant all four privileges to an LDAP user
----
15. launch a separate browser, log in as the LDAP user, browse to the test folder, test the Add… menu, observe that type File is present in the menu, add text/plain and application/msword files to the folder, affirm that both files are readable and legible
----
16. in the first browser, still working as Zope manager, install plone.app.blob
----
17. in the second browser, as the LDAP user, Add… File
= BUG =
> Insufficient Privileges
18. browse back, refresh, observe the Add… menu
= BUG =
19. the Add… menu no longer presents the File type.
= Environment =
* Plone 3.1.7
* Mac OS X Server 10.5.5, G4 PowerPC Xserve
* plone.app.ldap 1.1
* plone.app.blob
If details of LDAP configuration are required please let me know.
grahamperrin-2008-11-18-buildout.cfg
—
Octet Stream,
3 kB (4050 bytes)
Added by
Graham Perrin
on
Nov 18, 2008 06:37 PM
= Corrections and afterthoughts =
The first attachment -- grahamperrin-2008-11-18-buildout.cfg -- was from an experimental installation.
This second attachment
buildout-plone.app.blob-9-02.cfg
is a more proper configuration for buildout in a normal, non-experimental installation.
In both configurations, non-standard ports are used, the resulting Plone site is at
http://localhost:5557/Plone
> 6. add plone.app.blob and plone.app.ldap to [eggs] and [zcml] sections of buildout.cfg
There is of course a little more to it than that -- apologies for the abbreviated steps.
> 10. sudo chown zeo var/blobstorage
The proper ownership, in context of _non_-experimental 3.1.7 installation in ZEO cluster configuration, is:
sudo chown plone var/blobstorage
(Penalties of testing on two machines at the same time -- sorry!)
= Summary =
The issue/symptoms with plone.app.blob are evident with both
recommended/release and experimental versions of installers of Plone 3.1.7.
Added by
(anonymous)
on
Dec 05, 2008 03:35 PM
I had a similar problem, but worked around it it by adding "plone.app.blob: Add Blob" explicitly in my workflows. That gave my users the "Add File" option back.
Added by
Graham Perrin
on
Dec 10, 2008 09:54 PM
Credit and thanks to ace808 in irc://irc.freenode.net/#plone for the anonymous comment :)
Added by
Andreas Zeidler
on
May 08, 2009 03:27 PM
thanks for the report, graham! i'll come back to this, but will try to tackle some of the other issues first (as it seems to be resolved for you for now)...
Issue state:
Unconfirmed
→
Confirmed
Severity:
Medium
→
Low
Responsible manager:
(UNASSIGNED)
→
witsch
Added by
(anonymous)
on
May 12, 2009 07:19 PM
could you please add this bug to the requirements of a 1.0 version?login somehow works for the user interface, but not for webdav authentication. this is very annoying and forces me to delay the use of plone as the main knowledge management tool in my company.
Added by
Andreas Zeidler
on
May 12, 2009 09:47 PM
yes, i can mark it to go into 1.0. however, 1.0 final will still take a while, and i probably won't be able to investigate this before releasing the next two betas (which will happen during the next 3–4 weeks).
Target release:
None
→
1.0
however, i'd like to ask you to test this again with 1.0b3 (or trunk for that matter) once it's out. there have been a lot of fixes since the last release and chances are that things will behave differently by now...
Added by
Jukka Ojaniemi
on
Sep 16, 2009 05:51 AM
I can confirm this bug is still there. In our setup we have Plone 3.2.2 with plone.app.blob 1.0b5 and PloneLDAP 1.1.Like it was said above, by granting 'Add Blob' rights to other roles than manager solved this.
Added by
Andreas Zeidler
on
Sep 30, 2009 11:54 AM
this was (finally) fixed in https://dev.plone.org/plone/changeset/29875/ and will be released as part of 1.0b6 (in the next couple of days). in the meantime you might try testing the issue against current trunk... feedback appreciated ;)
Issue state:
Confirmed
→
Resolved
Severity:
Low
→
Important
thanks again for reporting this, graham and aaron — all the info was there for such a long time now, and i only got around to fixing this now. doh!
No responses can be added.
If you can, please log in before submitting a reaction.