diff --git a/organize/util.py b/organize/util.py
index 1fb94c7..00a1bf4 100644
--- a/organize/util.py
+++ b/organize/util.py
@@ -25,6 +25,7 @@ $Id$
 from zope import interface, component, schema
 from zope.app.authentication.interfaces import IPluggableAuthentication
 from zope.app.authentication.interfaces import IAuthenticatorPlugin
+from zope.app.authentication.groupfolder import GroupFolder
 from zope.app.security.interfaces import IAuthentication, PrincipalLookupError
 from zope.app.security.settings import Allow, Deny, Unset
 from zope.app.securitypolicy.interfaces import IPrincipalRoleManager
@@ -62,8 +63,7 @@ def getGroupsFolder(context=None, name='gloops', create=False):
     gf = getPrincipalFolder(authPluginId=name, ignoreErrors=True)
     if gf is None and create:
         pau = component.getUtility(IAuthentication, context=context)
-        gf = pau[name] = PrincipalFolder()
-        gf.prefix = name + '.'
+        gf = pau[name] = Groupfolder(name + '.')
         pau.authenticatorPlugins = tuple(
                         list(pau.authenticatorPlugins) + ['name'])
     return gf
diff --git a/security/browser.py b/security/browser.py
index 33f9143..c24eea0 100644
--- a/security/browser.py
+++ b/security/browser.py
@@ -236,7 +236,7 @@ class ManageWorkspaceView(PermissionView):
             rootName = '_'.join([getName(obj) for obj in
                             reversed(getParents(conceptManager)[:-1])])
             objName = getName(self.parent)
-            return '.'.join((rootName, objName, predicateName.strip('is')))
+            return '.'.join((rootName, objName, predicateName.lstrip('is')))
         apn = [pn for pn in self.context.allocationPredicateNames
                   if pn in conceptManager]
         gn = self.context.workspaceGroupNames