[Zope-dev] Username/userid separation
Tino Wildenhain
tino at wildenhain.de
Thu Aug 4 01:53:03 EDT 2005
Am Mittwoch, den 03.08.2005, 21:01 -0300 schrieb Leonardo Rochael
Almeida:
> Hi,
>
> I've started the lra-userid_username_separation-branch (from
> Zope-2_8-branch to start from a stable point) in order to implement
> proper userid/username separation in Zope.
>
> I don't intend to change the default user folder implementation, just
> the ZMI interface for owner and local roles so that they keep using
> userid for storage like they currently do but use usernames for display
> (specifically acl_users.getUserById(id).getUserName()). The intent is to
> never leak the userid to the ZMI (except for url query strings and
> such), and to never store the username persistently.
>
> The motivating usecase is an LDAP (eDirectory) authenticated system
> where the username for a user can change, but not the internal ID (a
> string).
>
> This will also help ActiveDirectory integration, which also has an
> internal ID to reference users.
>
> I remember there being a discussion about this in the list archives, but
> a Google search didn't help much.
>
> Are there any other projects in this area that I should colaborate with
> instead of duplicating efforts?
>
> Are there any considerations I should be aware of?
Are you aware of the PAS (Pluggable Auth Service) project?
http://cvs.zope.org/Products/PluggableAuthService/
They already have a separation of uid and login.
What this product could use is just some polishing
and a lot of documentation for the users.
All the other things you mention (including a LDAP
plugin) are already done.
More information about the Zope-Dev
mailing list