LDAP Database and Zope user folders
Hi, I was looking at the code of the LDAPUserFolder and realized that it inherits from Object Manager. I'm just wondering if this is necesary. Does an user folder have to store some temporal data of a user while he's connected? or is it enough with the cookies used by zope? The reason of my question is that I want to implement a very simple user folder that directly authenticates a user against a LDAP server without searching his DN on the database. In my case, I know that all the DNs of the users of my system are the same except by the username and password, so I could do something like: import ldap LDAPSERVER=ldap.initialize(LDAPServerUrl+':'+serverPort) LDAPSERVER.bind_s('cn='+userId+baseDN,userPassword,ldap.AUTH_SIMPLE) I tested that code and it worked fine. My problem with the LDAPUserFolder is that if the server doesn't support anonymous connections, I'll need a bind password and username because this product searches the user's DN and then sends it with the user's password. The people from technical doesn't agree much with this approach. For they would be better if I did directly without such information. Thanks in advanced, Josef
Hi Josef, I think that the ObjectManager was taken because of the DTML-Method which can be added to realize login form for cookie support. Cookie Support will go away with LDAPUserFolder2.
From CVS for LDAPUserFolder I saw that LDAPUserFolder2 will derived from BasicUserFolder, which should be enough for you.
Regards, Dirk ------------------------------------- Der Inhalt dieser e-Mail ist ausschlie�lich f�r den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser e-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Ver�ffentlichung, Vervielf�ltigung oder Weitergabe des Inhalts dieser e-Mail unzul�ssig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der e-Mail in Verbindung zu setzen. The information contained in this e-mail ist intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, any from of disclosure, reproduction, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. Unsere e-mail Adresse hat sich ge"ndert. Wir sind aber auch weiterhin unter der alten Adresse @rasselstein-hoesch.de zu erreichen. Please note that our e-mail address has changed. Nevertheless you still can reach us by our old address @rasselstein-hoesch.de .
just subclass from AccessControl.User.BasicUserFolder. i only subclassed from ObjectManager as well to enable storing custom login forms and scripts right inside the LDAPUserFolder object, as dirk already pointed out. just FYI, version 2.0 of the LDAPUserFolder will allow you to specify a bind-DN and password to be used only during the initial login stage when the user object has not been created yet, and use the user's own credentials after that. the first beta of 2.0 will be released some time this weekend. jens On Wednesday, Nov 27, 2002, at 15:21 US/Eastern, Josef Meile wrote:
Hi,
I was looking at the code of the LDAPUserFolder and realized that it inherits from Object Manager. I'm just wondering if this is necesary. Does an user folder have to store some temporal data of a user while he's connected? or is it enough with the cookies used by zope?
The reason of my question is that I want to implement a very simple user folder that directly authenticates a user against a LDAP server without searching his DN on the database. In my case, I know that all the DNs of the users of my system are the same except by the username and password, so I could do something like:
import ldap LDAPSERVER=ldap.initialize(LDAPServerUrl+':'+serverPort) LDAPSERVER.bind_s('cn='+userId+baseDN,userPassword,ldap.AUTH_SIMPLE)
I tested that code and it worked fine. My problem with the LDAPUserFolder is that if the server doesn't support anonymous connections, I'll need a bind password and username because this product searches the user's DN and then sends it with the user's password. The people from technical doesn't agree much with this approach. For they would be better if I did directly without such information.
Thanks in advanced, Josef
participants (3)
-
Dirk Datzert -
Jens Vagelpohl -
Josef Meile