[Zope] Zope/Apache and Microsoft Active Directory

[Jens Vagelpohl]

>> LDAPUserFolder does not support Active Directory. this is not likely to
>> change any time soon. the reason is that Active Directory, just like any
>> M$ product, does not use well-defined standards like most other LDAP
>> server products do.
> Do you think it is possible to extend LDAPUserFolder to add Active
> Directory support? Anybody willing to help working this out?

anything is possible given enough sweat and tears... however, you know it'
ll break with the next minor release of "active directory" because things 
tend to change in unpredictable ways in M$ products...


> Anybody know if it's possible to make a hack from Active Directory to
> export & convert all LDAP-info to an OpenLDAP-server?

have "active directory" spit out an LDIF file and then mangle the ldif so 
it conforms to a normal standard schema to be loaded into openldap would be 
one way.  if it can spit out ldif files, that is.


> The best practice to manage large user-accounts is probably to
> authenticate Apache to  an (Open)LDAP-server and to use the same
> (Open)LDAP-server to authenticate for Zope. Is there a way to only
> authenticate once, and give the security-information to Zope?

if you can teach apache to set a cookie that can be understood by some 
cookie-based user folder maybe. it's hard to use an outside system for 
authentication and then expect zope to do the right thing, though.

jens