[Zope-PTK] LDAP, LoginManager, PTK and DataSkins
Phillip J. Eby
pje@telecommunity.com
Mon, 16 Oct 2000 17:31:18 -0500
At 12:47 AM 10/17/00 +0800, daniel.fulton@delphiauto.com wrote:
>
>Problem:
>
>Need to hit LDAP server through LoginManager/PTK for authentication and
then to
>track certain LDAP attributes specific to each dept in our co.
>
>Here's where I am:
>
>Using LoginManager 0.8.7a1 and ZPatterns 0.4.2a3 (version file says
0.4.2a2) and
>ZopeLDAP 1.0b5. (I know it's all beta, just in proof-of-concept mode). PTK
>0.9.0 (collector pending for _ZClass_For_Base added to ProductContext.py,
etc.)
>--
>
>Under acl_users folder: Specialist ---> Not changed using rack
UserSource.
>
>1) created ZLDAP connection within rack UserSource
> named ----> ldapConnect
>
>2) created ZLDAP filter method (to pull attrs for specific user
> from LDAP server) within rack UserSource object
> named ----> ldapGetUser
>
> Args: username
>
> uid=<dtml-var username>
>
>
>Get fuzzy at DataPlugin and DataSkin abstraction, see below:
>
>
>Data Plugin:
>
>3) create GAP Data Plugin named ---> ldapGAP
>
> fromexp = ldapGetUser(uid pwd roles domains dept ETC)
> attrexp = uid pwd roles domains
>
> Question: Or should I have put the LDAP filter method above as a method
> of this plugin?
You're in the right place, but your "fromexp" may not be correct if
ldapGetUser returns a sequence. You probably want:
fromexp = (ldapGetUser(etc) or [NOT_FOUND])[0]
This will ensure that NOT_FOUND is returned if ldapGetUser does not return
a result. Note, by the way, that GAP's and GenericTriggers will be
deprecated in ZPatterns 0.4.3 and you will need to move to SkinScript in
the future. The nice part is that SkinScript is now very well documented,
while GAP's and GT's were never really documented at all. They were pretty
much intended to be stopgaps until SkinScript came into its own.
>4) next create ZClass with base LoginUser
> named ----> LDAPMember
>
> *****
> methods here to auth / manage users / members
>
> *****
>
> Question: do I need to base class DataSkin as well?
> I don't see a need for it since LoginUser takes
> DataSkin properties now. But earlier docs on wiki
> suggested this.
You don't need it if your ZClass supports adding DataSkin Property Sheet
objects. That was the reason for doing that previously.
> 5) go to rack and change storage to LDAPMember
>
>Am I heading down right path?
>
Yes.