Zope/Apache and Microsoft Active Directory
Hello, Did anybody ever get Zope and/or Apache to authenticate against a Micrsoft Active Directory? I tried using LDAPUserfolder on Zope 2.5.1/Python 2.1.3 but I'm getting all sorts of errors, e.g. Logging: ldapuser not found (getUser) User-info: (###Error###: ldap.OPERATIONS_ERROR, {'desc': 'Operations error', 'info': '000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0\n'}) Did anybody else have more luck, or any idea where to start debugging? Pieter
LDAPUserFolder does not support Active Directory. this is not likely to change any time soon. the reason is that Active Directory, just like any M$ product, does not use well-defined standards like most other LDAP server products do. jens On Friday, May 3, 2002, at 02:00 , Pieter Biemond (prive) wrote:
Hello,
Did anybody ever get Zope and/or Apache to authenticate against a Micrsoft Active Directory? I tried using LDAPUserfolder on Zope 2.5.1/Python 2.1.3 but I'm getting all sorts of errors, e.g.
Logging: ldapuser not found (getUser)
User-info: (###Error###: ldap.OPERATIONS_ERROR, {'desc': 'Operations error', 'info': '000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0\n'})
Did anybody else have more luck, or any idea where to start debugging?
Pieter
Jens wrote:
LDAPUserFolder does not support Active Directory. this is not likely to change any time soon. the reason is that Active Directory, just like any M$ product, does not use well-defined standards like most other LDAP server products do. Do you think it is possible to extend LDAPUserFolder to add Active Directory support? Anybody willing to help working this out? Anybody know if it's possible to make a hack from Active Directory to export & convert all LDAP-info to an OpenLDAP-server?
The best practice to manage large user-accounts is probably to authenticate Apache to an (Open)LDAP-server and to use the same (Open)LDAP-server to authenticate for Zope. Is there a way to only authenticate once, and give the security-information to Zope? Pieter
LDAPUserFolder does not support Active Directory. this is not likely to change any time soon. the reason is that Active Directory, just like any M$ product, does not use well-defined standards like most other LDAP server products do. Do you think it is possible to extend LDAPUserFolder to add Active Directory support? Anybody willing to help working this out?
anything is possible given enough sweat and tears... however, you know it' ll break with the next minor release of "active directory" because things tend to change in unpredictable ways in M$ products...
Anybody know if it's possible to make a hack from Active Directory to export & convert all LDAP-info to an OpenLDAP-server?
have "active directory" spit out an LDIF file and then mangle the ldif so it conforms to a normal standard schema to be loaded into openldap would be one way. if it can spit out ldif files, that is.
The best practice to manage large user-accounts is probably to authenticate Apache to an (Open)LDAP-server and to use the same (Open)LDAP-server to authenticate for Zope. Is there a way to only authenticate once, and give the security-information to Zope?
if you can teach apache to set a cookie that can be understood by some cookie-based user folder maybe. it's hard to use an outside system for authentication and then expect zope to do the right thing, though. jens
Pieter Biemond (prive) writes:
Did anybody ever get Zope and/or Apache to authenticate against a Micrsoft Active Directory? I tried using LDAPUserfolder on Zope 2.5.1/Python 2.1.3 but I'm getting all sorts of errors, e.g.
Logging: ldapuser not found (getUser)
User-info: (###Error###: ldap.OPERATIONS_ERROR, {'desc': 'Operations error', 'info': '000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0\n'})
Did anybody else have more luck, or any idea where to start debugging? I would consult the ADS documentation to find out what "SvcErr: DSID-03100690" and "problem 5012" mean...
I am always facinated by Microsoft (and Oracle) error messages.... Dieter
participants (3)
-
Dieter Maurer -
Jens Vagelpohl -
pieterb@gewis.nl