----- Original Message ----- From: "Erik Myllymaki" <erik.myllymaki@aviawest.com> To: <erik.myllymaki@aviawest.com> Cc: "Chris Withers" <chris@simplistix.co.uk>; "Bobb" <rawbobb@hotmail.com>; <zope@zope.org> Sent: Monday, May 10, 2004 1:51 PM Subject: Re: [Zope] NT User Authentication
Erik Myllymaki wrote:
Chris Withers wrote:
Erik Myllymaki wrote:
the PDC and zopeserver are on the same switch.
What userfolder are you using?
Chris
exUserFolder.
I have *extended* smbAuthSource.py form exUserFolder. I have a function getNTUserRoles(username) that takes a username and returns the list of groups that user belongs to in the NT DOMAIN. I add this to the roles list, and now, by simply adding a local role (with the same name as the NT group) to an object, all NT users in that group can immediately access this object.
How many users are you enumerating groups for? I would think that using getNTUserRoles(username) for each user would be a lengthy process. If you're doing it over and over again. I'm not sure if this would help, but I would start with the "everyone (or domain users)" group, and then add (in NT) specific roles for zope, but they would be static, and then use them (and them only). unless that's not what make sense in your case. This is beyond me at this point, though, sorry.
def listOneUser(self, username): roles=[] if self.currentPropSource:
roles=self.currentPropSource.getUserProperty(username=username, key='_roles', default=[]) roles = roles + getNTUserRoles(username) if not roles: roles=[] # make sure it's a list...
username = string.lower(username)
zLOG.LOG('smbAuthSource', zLOG.DEBUG, "listOneUser returning {username: '%s', password: '', roles: %s}" % (username, roles) ) return [{'username':username, 'password':'', 'roles':roles},]
I don't understand why this function seems to be called once for every object on the page? Seems very ineffifcient. It is quite slow. Maybe I should install Zope on a BDC...