A client of mine wants a site that is only accessible for members. However, there are more than 25000 members. Are there any reasons that would make it unwise to populate an ordinary acl_users folder with such a number of user accounts? If so, what other options do I have? tia Cornelis J. de Brabander
Kees de Brabander wrote:
A client of mine wants a site that is only accessible for members. However, there are more than 25000 members. Are there any reasons that would make it unwise to populate an ordinary acl_users folder with such a number of user accounts? If so, what other options do I have? If it's possible to use a existing userdatabase or authentication source I would prefer to use that. With http://www.zope.org/Products/PluggableAuthService/ it's very easy to let zope authenticate against any kind of database or source (including MySQL/LDAP etc). And if it's a custom source it's not difficult to write your own authentication plugin.
Where and how are these accounts stored now? LDAD/ADS or something else? Martijn. -- Martijn Jacobs Four Digits, Internet Solutions a: Willemsplein 15-1 6811 KB Arnhem NL kvk: 091621370000 | btw: 8161.22.234.B01 e-mail: martijn@fourdigits.nl | web: http://www.fourdigits.nl tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117
_____ Van: Martijn Jacobs [mailto:martijn@fourdigits.nl] Verzonden: dinsdag 3 juni 2008 15:57 Aan: Kees de Brabander CC: zope@zope.org Onderwerp: Re: [Zope] acl_users folder > 25000 Kees de Brabander wrote: A client of mine wants a site that is only accessible for members. However, there are more than 25000 members. Are there any reasons that would make it unwise to populate an ordinary acl_users folder with such a number of user accounts? If so, what other options do I have? If it's possible to use a existing userdatabase or authentication source I would prefer to use that. With <http://www.zope.org/Products/PluggableAuthService/> http://www.zope.org/Products/PluggableAuthService/ it's very easy to let zope authenticate against any kind of database or source (including MySQL/LDAP etc). And if it's a custom source it's not difficult to write your own authentication plugin. Where and how are these accounts stored now? LDAD/ADS or something else? I have no idea. I have been looking at the PAS, but did not find to much documentation on it. Would it be possible to use a database that my client does maintain? cb
Kees de Brabander wrote:
I have no idea. I have been looking at the PAS, but did not find to much documentation on it. Would it be possible to use a database that my client does maintain?
cb Yes that would be possible. Take a look at http://plone.org/products/gmailauthplugin as it's a pretty nice example how to write a plugin yourself. You can also take a look at https://svn.plone.org/svn/collective/PASPlugins/
Martijn -- Martijn Jacobs Four Digits, Internet Solutions a: Willemsplein 15-1 6811 KB Arnhem NL kvk: 091621370000 | btw: 8161.22.234.B01 e-mail: martijn@fourdigits.nl | web: http://www.fourdigits.nl tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117
Ok, thanks I'll check it out. cb _____ Van: Martijn Jacobs [mailto:martijn@fourdigits.nl] Verzonden: dinsdag 3 juni 2008 16:13 Aan: Kees de Brabander CC: zope@zope.org Onderwerp: Re: [Zope] acl_users folder > 25000 Kees de Brabander wrote: I have no idea. I have been looking at the PAS, but did not find to much documentation on it. Would it be possible to use a database that my client does maintain? cb Yes that would be possible. Take a look at http://plone.org/products/gmailauthplugin as it's a pretty nice example how to write a plugin yourself. You can also take a look at https://svn.plone.org/svn/collective/PASPlugins/ Martijn -- Martijn Jacobs Four Digits, Internet Solutions a: Willemsplein 15-1 6811 KB Arnhem NL kvk: 091621370000 | btw: 8161.22.234.B01 e-mail: martijn@fourdigits.nl | web: http://www.fourdigits.nl tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117 No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 269.24.6/1480 - Release Date: 3-6-2008 7:00
Thanks for the link to the gmailauthplugin. I am trying it out on plone 3 on a mac tiger laptop and I'm getting the following error: Exception Type URLError Exception Value <urlopen error no host given> * Module ZPublisher.Publish, line 110, in publish * Module ZPublisher.BaseRequest, line 580, in traverse * Module Products.PluggableAuthService.PluggableAuthService, line 233, in validate * Module Products.PluggableAuthService.PluggableAuthService, line 600, in _extractUserIds * Module Products.GMailAuthPlugin.GMailAuthPlugin, line 89, in authenticateCredentials * Module Products.GMailAuthPlugin.libgmail_incl.libgmail, line 320, in login * Module Products.GMailAuthPlugin.libgmail_incl.libgmail, line 333, in _retrievePage * Module urllib2, line 130, in urlopen * Module urllib2, line 356, in open * Module urllib2, line 943, in do_request_ Here is the environment specifics: Zope Version (Zope 2.10.5-final, python 2.4.4, darwin) Python Version 2.4.4 (#1, Feb 21 2008, 21:15:12) [GCC 4.0.1 (Apple Computer, Inc. build 5250)] System Platform darwin SOFTWARE_HOME /Applications/Plone-3.0.6/lib/python Any Suggestions? Thanks in advance. -Tim www.medicinebrain.com On 6/3/08, Martijn Jacobs <martijn@fourdigits.nl> wrote:
Kees de Brabander wrote:
I have no idea. I have been looking at the PAS, but did not find to much documentation on it. Would it be possible to use a database that my client does maintain?
cb Yes that would be possible. Take a look at http://plone.org/products/gmailauthplugin as it's a pretty nice example how to write a plugin yourself. You can also take a look at https://svn.plone.org/svn/collective/PASPlugins/
Martijn
-- Martijn Jacobs Four Digits, Internet Solutions
a: Willemsplein 15-1 6811 KB Arnhem NL kvk: 091621370000 | btw: 8161.22.234.B01 e-mail: martijn@fourdigits.nl | web: http://www.fourdigits.nl tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117
I wouldn't know, it seems like something is not correctly configured to reach the GMail server. However, I suggested the gmailauthplugin as an example for writing a PAS plugin, not as a functional product for a website :) Take a look authenticateCredentials in GMailAuthPlugin.py, there is where the authentication is happening. Martijn.
Thanks for the link to the gmailauthplugin.
I am trying it out on plone 3 on a mac tiger laptop and I'm getting the following error:
Exception Type URLError Exception Value <urlopen error no host given>
* Module ZPublisher.Publish, line 110, in publish * Module ZPublisher.BaseRequest, line 580, in traverse * Module Products.PluggableAuthService.PluggableAuthService, line 233, in validate * Module Products.PluggableAuthService.PluggableAuthService, line 600, in _extractUserIds * Module Products.GMailAuthPlugin.GMailAuthPlugin, line 89, in authenticateCredentials * Module Products.GMailAuthPlugin.libgmail_incl.libgmail, line 320, in login * Module Products.GMailAuthPlugin.libgmail_incl.libgmail, line 333, in _retrievePage * Module urllib2, line 130, in urlopen * Module urllib2, line 356, in open * Module urllib2, line 943, in do_request_
Here is the environment specifics:
Zope Version (Zope 2.10.5-final, python 2.4.4, darwin) Python Version 2.4.4 (#1, Feb 21 2008, 21:15:12) [GCC 4.0.1 (Apple Computer, Inc. build 5250)] System Platform darwin SOFTWARE_HOME /Applications/Plone-3.0.6/lib/python
Any Suggestions? Thanks in advance. -Tim www.medicinebrain.com
On 6/3/08, Martijn Jacobs <martijn@fourdigits.nl> wrote:
Kees de Brabander wrote:
I have no idea. I have been looking at the PAS, but did not find to much documentation on it. Would it be possible to use a database that my client does maintain?
cb
Yes that would be possible. Take a look at http://plone.org/products/gmailauthplugin as it's a pretty nice example how to write a plugin yourself. You can also take a look at https://svn.plone.org/svn/collective/PASPlugins/
Martijn
-- Martijn Jacobs Four Digits, Internet Solutions
a: Willemsplein 15-1 6811 KB Arnhem NL kvk: 091621370000 | btw: 8161.22.234.B01 e-mail: martijn@fourdigits.nl | web: http://www.fourdigits.nl tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117
-- Martijn Jacobs Four Digits, Internet Solutions a: Willemsplein 15-1 6811 KB Arnhem NL kvk: 091621370000 | btw: 8161.22.234.B01 e-mail: martijn@fourdigits.nl | web: http://www.fourdigits.nl tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117
_____ Van: Martijn Jacobs [mailto:martijn@fourdigits.nl] Verzonden: dinsdag 3 juni 2008 16:13 Aan: Kees de Brabander CC: zope@zope.org Onderwerp: Re: [Zope] acl_users folder > 25000 Kees de Brabander wrote: I have no idea. I have been looking at the PAS, but did not find to much documentation on it. Would it be possible to use a database that my client does maintain? cb Yes that would be possible. Take a look at http://plone.org/products/gmailauthplugin as it's a pretty nice example how to write a plugin yourself. You can also take a look at https://svn.plone.org/svn/collective/PASPlugins/ It appears that the database of my client is not accessible. They can provide me an excel file with the members. The intended application actually is an election. It is a one time thing. Every member is using this application once, and presumably not all of them. Would it still be unwise then to put these 25000 accounts in an ordinary acl_users folder? cb
It appears that the database of my client is not accessible. They can provide me an excel file with the members.
The intended application actually is an election. It is a one time thing. Every member is using this application once, and presumably not all of them. Would it still be unwise then to put these 25000 accounts in an ordinary acl_users folder?
You could import the users in a database (like mysql) and authenticate with a PAS plugin. Performance wise it could be really slow to have 25K users in a userfolder. I found this userfolder today as well : http://www.simplistix.co.uk/software/zope/simpleuserfolder. You could easily write a ZSQL method for authentication for this (it's easier than writing a PAS plugin). If you have time or resources to write a PAS plugin I suggest to invest some time for that. Martijn. -- Martijn Jacobs Four Digits, Internet Solutions a: Willemsplein 15-1 6811 KB Arnhem NL kvk: 091621370000 | btw: 8161.22.234.B01 e-mail: martijn@fourdigits.nl | web: http://www.fourdigits.nl tel: +31 (0)26 44 22 700 | fax: +31 (0)84 22 06 117
_____ Van: Martijn Jacobs [mailto:martijn@fourdigits.nl] Verzonden: donderdag 5 juni 2008 15:35 Aan: Kees de Brabander CC: zope@zope.org Onderwerp: Re: [Zope] acl_users folder > 25000 It appears that the database of my client is not accessible. They can provide me an excel file with the members. The intended application actually is an election. It is a one time thing. Every member is using this application once, and presumably not all of them. Would it still be unwise then to put these 25000 accounts in an ordinary acl_users folder? You could import the users in a database (like mysql) and authenticate with a PAS plugin. Performance wise it could be really slow to have 25K users in a userfolder. I found this userfolder today as well : http://www.simplistix.co.uk/software/zope/simpleuserfolder. You could easily write a ZSQL method for authentication for this (it's easier than writing a PAS plugin). If you have time or resources to write a PAS plugin I suggest to invest some time for that. For the moment, MySql and simpleuserfolder would be the easiest way, I presume. Thanks again, cb
Kees de Brabander wrote at 2008-6-5 15:44 +0200:
... The intended application actually is an election. It is a one time thing. Every member is using this application once, and presumably not all of them. Would it still be unwise then to put these 25000 accounts in an ordinary acl_users folder?
The standard UserFolder stores all data directly in itself -- i.e. without using persistent subobjects. Storing 25.000 accounts in it may give you quite a big object -- about 0.5 to 1 Mb. Nevertheless, it might work for you. Initial access is proably not that fast -- but after that, the object is probably in the cache. Otherwise, a slight modification to the UserFolder would suffice to let is use persistent subobjects: store the user data not in a dict but in an "BTrees.OOBTree.OOBTree". You would derive from the standard one and use a different storage in your derived class. -- Dieter
Kees de Brabander wrote:
A client of mine wants a site that is only accessible for members. However, there are more than 25000 members. Are there any reasons that would make it unwise to populate an ordinary acl_users folder with such a number of user accounts?
we have a Plone site with 30K users, if you access some parts you can have slow response (eg source_users is not batched), so if you use these parts often it is better to use an LDAP or RDBMS "user manager" plugin
If so, what other options do I have? tia Cornelis J. de Brabander
-- Riccardo Lemmi Email: riccardo@reflab.it Reflab S.r.l. - Plone Design, Development and Consulting Phone: +39 349 4620820 http://www.reflab.it
Kees de Brabander skrev:
A client of mine wants a site that is only accessible for members. However, there are more than 25000 members. Are there any reasons that would make it unwise to populate an ordinary acl_users folder with such a number of user accounts?
Have you tried to just generate 25K users in an empty site and see what happens? It should take 15 about minutes to set up and write the code. Members are stored in a dict, and the ZODB. They should be plenty fast. Last week I wrote a tool that imported 10K lines of data from a csv file as dicts. It took about 2 seconds to read them from disk and save them in the ZODB. That is comparable. Perhaps you don't have a problem? -- hilsen/regards Max M, Denmark http://www.mxm.dk/ IT's Mad Science
participants (7)
-
Andreas Jung -
Dieter Maurer -
Kees de Brabander -
Martijn Jacobs -
Max M -
Riccardo Lemmi -
Tim Nash