+-------[ Jens Vagelpohl ]---------------------- | | On Feb 1, 2005, at 20:42, Tom Trelvik wrote: | | >Andrew Milton wrote: | >>1st, you need PAM support on every platform. | > | > True, but it's not like this is the only non-Zope dependency. For | >example, to use LDAPUserFolder I need python-ldap. | | Yes? That's available even on lesser operating systems from M$. Is PAM? | | | > Now this makes the most sense. Unfortunately, it also doesn't apply | >to my situation, as I'm part of a larger organization, and want to use | >the preexisting centralized LDAP (which I of course only have read | >access to) to manage authentication so my users don't need a new set | >of usernames/passwords, but I'll be *managing* the users locally (Not | >sure yet exactly how that's going to work, still working through | >documentation and whatnot (but I certainly wouldn't mind any | >pointers)). | | You can use the LDAPUserFolder in read-only mode so it does not try to | write back to the directory and store group/role information on the | LDAPUserFolder itself. That way the users log in with the same | credentials *and* you can manage the roles they get in the Zope context | locally. It's just a matter of configuration. Ditto for exUserFolder d8) -- Andrew Milton akm@theinternet.com.au