[Zope] Single Sign on

Jordi Yeh jyeh@ivymortgage.com
Mon, 21 Apr 2003 10:15:37 -0400


PieterB wrote:

>David wrote
>  
>
>>I am currently building an intranet utilising Zope/Plone and plan on
>>authenticating users via LDAP (ldapuserfolder).  However I am now expected
>>to implement a "single sign on" system for the company which currently uses
>>NT domains to authenticate users.  
>>
>>Has anybody had any experience in this?  I'm beginning to think that it may
>>be "easier" (short term at least) to just authenticate people via NT domain
>>and drop the ldap.  I will be very grateful for any advice 
>>    
>>
>
>I had serious troubles trying to authenticate zope to an Active
>Directory (NT-domain), because it's not completly LDAP. It was
>relatively easy to use Radius (which is also supported by NT, but
>might require some additional software on the NT domain server). I
>used Apache 1.3.x in front of Zope. The user was both authenticated by
>Apache and Zope 
>
>Pieter
>
>  
>
I have no problems authenticating Zope (Plone in this case) with Active 
Directory users. The only problem lies at the time of creating new 
members explained at http://plone.org/collector/1105
You may also find this link usefull 
http://plone.org/documentation/howto/HowToActiveDirectory/view

I had to change the cn=users to ou=Accounts since I have the users under 
an Organizational Unit.

HTH

Jordi Yeh