Jens Vagelpohl schrieb:
I'm looking now for the best way to integrate/rewrite CookieCrumbler/LDAPUserFolder to take the validated Login-Name and read the roles of the user out of the LDAP-directory.
What *specifically* does not work? Have you tried it and developed a list of features that are missing for it to work?
jens
I'm starting at the beginning :) I have a web-service that accepts a MYSAPSSO2-Cookie and return the User-Name if the signature included in the MYSAPSSO2-Cookie can be verified. I have a zope with CookieCrumber/LDAPUserFolder connected to LDAP-directory. The LDAPUserFolder can be configured anonymous or to use a managers-DN to access the LDAP-directory. Normally a user would enter a form-based password on first login and the CookieCrumber will sent back a Cookie were the authentication result of LDAPUserFolder is stored for next requests. My idea in first step is now that the CookieCrumber can take the MYSAPSSO2-Cookie, sent the MYSAPSSO2-Cookie to the external web-service, which return the real user-name, this user-name will be forwared/used by LDAPUserFolder as an authenticated user (no authenticated bind with the user-name, only bind anonymously or with managers-DN to read the roles of the user) and LDAPUserFolder/LDAPUserSatellite will read the assigned LDAP-groups and maps them to Zope-Roles. Does this description help to understand me ? I don't know :) Regards, Dirk -- Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis ++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++