From: Paul R. <pa...@cl...> - 2011-08-23 09:16:02
|
On 2011-08-23 06:19, ajung wrote: > > Alberto Lopes wrote: >> >> Remy, >> >> I never used the LDAP configlets in the Plone Site Setup area. All of my >> configurations are done with the ZMI interfaces (acl_users inside the >> Plone >> Site object). It suits perfectly for the usage. >> >> >> > > In general: touch the ZMI only when you know what you are doing. Plone has > for several reasons build-in wrappers for managing the necessary values > through the Plone UI and not to the ZMI - more options (ZMI) -> more chances > to mess up your overall configuration. The Plone UI gives you access to the > configuration that you really have to touch. > > -aj > In general, that's true. But for LDAP, it only really works if you work on the ZMI. It also exposes the connection strings, things that sysadmin types understand and can directly type in, and test right there on the spot by doing a little query. With the rather diverging setups of LDAP's, and a wide choice of whether you want this *just* for authentication or also to fetch user information, a 'raw' interface is just what is needed. And, since you're quite likely to have an admin in your organisation somewhere if you run LDAP at all, for this use-case the ZMI is acceptable and often the preferred way. Paul Roeland |