Hi Wim,
let me start with your last question.
The setup_jobserver script is a help to setup jobservers. It isn't 100% production proof as you've discovered already, but it does its job pretty well.
But of course this script doesn't know anything about semantics. It only knows you want to install a jobserver called X on node Y as user Z, or so.
And exactly this information is used to setup an environment and a set of resources such that the new jobserver can be uniquely addressed.
This on itself is an important result, but it's only a start.
Our view on jobservers and environments addressing them is that jobservers have some purpose and at least the environment addressing that jobserver should reflect that purpose.
So you could define an environment FTP_SERVER, NUMBER_CRUNCHER, DB_SERVER, ... requiring resources like RESOURCE.STATIC.FTP_SERVER, RESOURCE.STATIC.NUMBER_CRUNCHER, etc.
All jobservers that can be used as an FTP_SERVER get a resource RESOURCE.STATIC.FTP_SERVER. The jobservers on the Crays get a resource RESOURCE.STATIC.NUMBER_CRUNCHER, and so on.
A job that requests Environment NUMBER_CRUNCHER will automatically be executed by a jobserver that have the resource RESOURCE.STATIC.NUMBER_CRUNCHER.
Because you've already set up a tree for each environment (Dev, Test, Prod), you can attach an environment to each top level folder.
You create an environment DEV, TEST and PROD, requiring the resources
RESOURCE.STATIC.RUNMODE.DEV, RESOURCE.STATIC.RUNMODE.TEST, RESOURCE.STATIC.RUNMODE.PROD.
The DEV environment is then required by the top level development folder, and so on.
The effect is that jobs residing somewhere in the development tree requires a, let me say, NUMBER_CRUNCHER. But the requirement from the (grand)parent folder is automatically added.
This way this job will be executed by a NUMBER_CRUNCHER jobserver that also offers the DEV resource.
If development finishes and the job needs to be deployed, you simply move or copy it to the production tree. Started from there, it will automatically select a production NUMBER_CRUNCHER.
Still the initial setup is important. If you happen to have a pool of 200 NUMBER_CRUNCHERs and you encounter a problem every time when node 137 is executing a certain job, it is more than convenient if you can address exactly this physical environment in order to investigate the cause of the problem.
The other two questions aren't that easy to answer, apart from the confirmation that both creating users by a script and to access AD from Zope is possible.
I know I once wrote a script to create web users. But that's quite some years ago. In the meantime a lot happened, which means that my original script wouldn't even work any more. (It would be a good starting point though).
But as a matter of fact I developed it for a customer and the script isn't my property.
The basic idea is to use wget to send the message to the zope server that normally is sent by the browser.
To enable Zope to use AD in fact requires an Apache in front of it.
Then the Apache server needs some configuration changes as well as the Zope server.
That's a little bit much to explain here. And quite a lot of effort at this stage where you're talking about creating three users.
Best regards,
Ronald