[Zope] - Alternate authentication mechanisms
Andy Smith
andy@verticality.com
Fri, 11 Dec 1998 11:59:44 -0500
> > Hello all,
> >
> > I'm evaluating the use of Zope in some of our intranet projects.
> > One thing that would be extremely helpful in selling the idea
> > (even to myself)
> > would be if authentication could tie into our existing LDAP
> > authentication systems.
> >
> > I apologize for not having looked at the code yet, but a
> > quick answer would
> > be beneficial. How feasible would it be to move Zope
> > authentication from flat files
> > to other authentication databases (LDAP, NIS, etc.)?
> >
> > I would be willing to contribute to this kind of effort if it
> > seems like a good idea
> > in the world of Zope.
> >
> > Thanks in advance,
> > Chad Fowler
> > cfowler@fedex.com
>
> This is certainly possible. Note that Zope does not use flat files
> for authentication - it uses objects ;) This makes it relatively
> simple to devise new objects which draw authentication info from
> other sources.
>
> We have created variations on the standard Zope "UserFolder" object
> (the standard built-in auth. object) which get their authentication
> info from sql databases, the host operating system, etc.
>
> I think it is certainly a good idea and that others would find
> such a thing useful.
>
>
> Brian Lloyd brian@digicool.com
> Software Engineer 540.371.6909
> Digital Creations http://www.digicool.com
>
>
FWIW. I'm just polishing off a variant of the "UserFolder" object which
allows authentication to come from a structure containing lots of other info
for a user (phone numbers, email etc.). Using the source for UserFolder as a
starting point, I found creating an object with responds to the same method
calls as 'UserFolder' very straightforward. Also, one of the cooler aspects
of doing this is that you have the freedom to choose where in the object
hierarchy to drop your new 'LDAPFolder'. So you can restrict which levels in
the object database 'LDAP authenticated' users will have access to, while
still separately maintaining other authentication information elsewhere
using normal Zope Userfolders.
Cheers,
Andy.