Hello all,
I'm evaluating the use of Zope in some of our intranet projects. One thing that would be extremely helpful in selling the idea (even to myself) would be if authentication could tie into our existing LDAP authentication systems.
I apologize for not having looked at the code yet, but a quick answer would be beneficial. How feasible would it be to move Zope authentication from flat files to other authentication databases (LDAP, NIS, etc.)?
I would be willing to contribute to this kind of effort if it seems like a good idea in the world of Zope.
Thanks in advance, Chad Fowler cfowler@fedex.com
This is certainly possible. Note that Zope does not use flat files for authentication - it uses objects ;) This makes it relatively simple to devise new objects which draw authentication info from other sources.
We have created variations on the standard Zope "UserFolder" object (the standard built-in auth. object) which get their authentication info from sql databases, the host operating system, etc.
I think it is certainly a good idea and that others would find such a thing useful.
Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com
FWIW. I'm just polishing off a variant of the "UserFolder" object which allows authentication to come from a structure containing lots of other info for a user (phone numbers, email etc.). Using the source for UserFolder as a starting point, I found creating an object with responds to the same method calls as 'UserFolder' very straightforward. Also, one of the cooler aspects of doing this is that you have the freedom to choose where in the object hierarchy to drop your new 'LDAPFolder'. So you can restrict which levels in the object database 'LDAP authenticated' users will have access to, while still separately maintaining other authentication information elsewhere using normal Zope Userfolders. Cheers, Andy.