[Zope] LDAP Database and Zope user folders

Jens Vagelpohl jens@zope.com
Sat, 30 Nov 2002 10:46:10 -0500


just subclass from AccessControl.User.BasicUserFolder. i only 
subclassed from ObjectManager as well to enable storing custom login 
forms and scripts right inside the LDAPUserFolder object, as dirk 
already pointed out.

just FYI, version 2.0 of the LDAPUserFolder will allow you to specify a 
bind-DN and password to be used only during the initial login stage 
when the user object has not been created yet, and use the user's own 
credentials after that.

the first beta of 2.0 will be released some time this weekend.

jens


On Wednesday, Nov 27, 2002, at 15:21 US/Eastern, Josef Meile wrote:

> Hi,
>
> I was looking at the code of the LDAPUserFolder and realized
> that it inherits from Object Manager. I'm just wondering if
> this is necesary. Does an user folder have to store some
> temporal data of a user while he's connected? or is it enough
> with the cookies used by zope?
>
> The reason of my question is that I want to implement a very
> simple user folder that directly authenticates a user against
> a LDAP server without searching his DN on the database. In my
> case, I know that all the DNs of the users of my system are
> the same except by the username and password, so I could do
> something like:
>
> import ldap
> LDAPSERVER=ldap.initialize(LDAPServerUrl+':'+serverPort)
> LDAPSERVER.bind_s('cn='+userId+baseDN,userPassword,ldap.AUTH_SIMPLE)
>
> I tested that code and it worked fine. My problem with the
> LDAPUserFolder is that if the server doesn't support anonymous
> connections, I'll need a bind password and username because this
> product searches the user's DN and then sends it with the user's
> password. The people from technical doesn't agree much with this
> approach. For they would be better if I did directly without such
> information.
>
> Thanks in advanced,
> Josef
>