[Zope-dev] Re: SAP SSO feature for Zope/LDAPUserFolder
Dirk Datzert
dummy at habmalnefrage.de
Sun Jun 26 09:57:08 EDT 2005
Hi Mark,
Mark Hammond schrieb:
>
>I would suggest looking at PAS. You would write an "extraction" plugin for
>PAS, and use the PAS LDAPMultiPlugin (from dataflake) for user properties
>and role/group enumeration. Your PAS plugin then only has the job of
>creating a "user id" suitable for use with the LDAP plugin (ie, the same
>'id' that LDAPUF is configured to use). PAS has had a number of recent
>changes - you should look at the CVS versions (of PAS and the dataflake
>stuff) rather than the released versions if you want to avoid migration
work
>in the future.
>
>http://www.zope.org/Members/urbanape/PluggableAuthService
>
>mailing list at:
>
>http://mail.zope.org/mailman/listinfo/zope-pas
>
I like the idea of PAS and I have downloaded PluginRegistry, PAS and
LDAPMultiPlugin. I made a MySapSsoCookieAuthHelper, which will take the
MYSAPSSO2-Cookie, sent this to the external Validation Service.
Since this service will return the login name which is identical to the
LDAP-User I hopefully only have to work for reading the LDAP-Attributes and
roles.
One question about PAS/LDAPMultiPlugin and LDAPUserFolder/LDAPUserSatellite:
We work a lot with LDAPUserSatellite in different Folders, which will change
local roles of users. Is this also possible with PAS/LDAPMultiPlugin ?
Thanks for that hint.
Dirk
--
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
More information about the Zope-Dev
mailing list