You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/admin-guide/zope-manager-users.md
+42Lines changed: 42 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -107,3 +107,45 @@ When you run the script, if the user already exists:
107
107
Maybe the user already exists and nothing is done then.
108
108
Or the implementation does not give info when it succeeds.
109
109
```
110
+
### `addzopeuser` script in dockerized setup
111
+
112
+
#### Prerequisites
113
+
- A running docker swarm stack from the full featured docker based Plone Volto deployment
114
+
- Created by current Cookieplone project template including backend, frontend, postgres, traefik, varnish:
115
+
116
+
#### Create a new Zope Manager User with a non existing user-ID
117
+
118
+
- Enter the host via ssh as root
119
+
- list the running containers: docker ps
120
+
- enter a shell in the first backend container listed: `docker exec -it [[4-digitPartOfID]] bash`
121
+
- run command in the app folder: `./docker-entrypoint.sh bin/addzopeuser -c /app/etc/relstorage.conf userid password`
122
+
123
+
Response: `User userid created`
124
+
The user is now available in the ZMI root at at /acl_users/users/manage_users
125
+
126
+
#### Hown to access the ZMI root from via basicauth and the new user
127
+
In the Volto page root use the url `/ClassicUI/aq_parent/acl_users/users/manage_users`
128
+
129
+
##### Notes on permissions
130
+
131
+
- Check permissions in the ZMI root at `/acl_users/manage_access` and search for userid
132
+
- In Volto from the browser use the url `/ClassicUI/aq_parent/acl_users/manage_access`
133
+
134
+
The new user has `Manager` role, but not `Owner` role and no `Take ownership` permission
135
+
- You can add the Owner role in the ZMI root manually, but only as the original `admin` user.
136
+
137
+
####` Remark on httpauth challenges for the ZMI `admin user in Cookieplone based Volto and ClassicUI projects using Traefik
138
+
139
+
The original cookieplone-template `project` in the above full setup includes a traefik middleware `mw-backend-auth` in the `docker-compose.yaml` `service -> backend -> labels` section. This basic httpauth overrides the ZMI httpauth for the original admin user-id.
140
+
141
+
```{note}
142
+
To change the Traefik middleware basicauth password edit the yaml file in devops/stacks/[hosturl].yml named after the hostname and follow the instructions in the comments for `mw-backend-auth` to create a proper hash and redeploy the project.
143
+
```
144
+
145
+
```{important}
146
+
Test the resulting logins in fresh incognito windows!
147
+
```
148
+
149
+
in the ZMI root
150
+
at the Plonelogin
151
+
How this has impact on the Plone Volto login needs testing in your particular setup.
0 commit comments