I am currently building an intranet utilising Zope/Plone and plan on authenticating users via LDAP (ldapuserfolder). However I am now expected to implement a "single sign on" system for the company which currently uses NT domains to authenticate users. Has anybody had any experience in this? I'm beginning to think that it may be "easier" (short term at least) to just authenticate people via NT domain and drop the ldap. I will be very grateful for any advice. cheers David Orr Development Analyst Programmer Henry Walker Eltin email: david.orr@hwe.com.au
David Orr wrote at 2003-4-16 12:11 +0800:
I am currently building an intranet utilising Zope/Plone and plan on authenticating users via LDAP (ldapuserfolder). However I am now expected to implement a "single sign on" system for the company which currently uses NT domains to authenticate users.
What do you mean by "single sign on"? I expect you mean "one login for all applications, both Windows as well as intranet application".
Has anybody had any experience in this? I'm beginning to think that it may be "easier" (short term at least) to just authenticate people via NT domain and drop the ldap. I will be very grateful for any advice.
When you mean the above, then "LDAP" will not help you. I know that IE is ready to send the Windows authentication information when challenged in the correct way. We use this for our intranet applications. However, I do not know how to do this with Zope. Maybe, "NTUserFolder" supports it. Dieter
David wrote
I am currently building an intranet utilising Zope/Plone and plan on authenticating users via LDAP (ldapuserfolder). However I am now expected to implement a "single sign on" system for the company which currently uses NT domains to authenticate users.
Has anybody had any experience in this? I'm beginning to think that it may be "easier" (short term at least) to just authenticate people via NT domain and drop the ldap. I will be very grateful for any advice.
I had serious troubles trying to authenticate zope to an Active Directory (NT-domain), because it's not completly LDAP. It was relatively easy to use Radius (which is also supported by NT, but might require some additional software on the NT domain server). I used Apache 1.3.x in front of Zope. The user was both authenticated by Apache and Zope. Pieter
PieterB wrote:
David wrote
I am currently building an intranet utilising Zope/Plone and plan on authenticating users via LDAP (ldapuserfolder). However I am now expected to implement a "single sign on" system for the company which currently uses NT domains to authenticate users.
Has anybody had any experience in this? I'm beginning to think that it may be "easier" (short term at least) to just authenticate people via NT domain and drop the ldap. I will be very grateful for any advice
I had serious troubles trying to authenticate zope to an Active Directory (NT-domain), because it's not completly LDAP. It was relatively easy to use Radius (which is also supported by NT, but might require some additional software on the NT domain server). I used Apache 1.3.x in front of Zope. The user was both authenticated by Apache and Zope
Pieter
I have no problems authenticating Zope (Plone in this case) with Active Directory users. The only problem lies at the time of creating new members explained at http://plone.org/collector/1105 You may also find this link usefull http://plone.org/documentation/howto/HowToActiveDirectory/view I had to change the cn=users to ou=Accounts since I have the users under an Organizational Unit. HTH Jordi Yeh
participants (4)
-
David Orr -
Dieter Maurer -
Jordi Yeh -
PieterB