[Zope] Single Sign on
Jordi Yeh
jyeh@ivymortgage.com
Mon, 21 Apr 2003 10:15:37 -0400
PieterB wrote:
>David wrote
>
>
>>I am currently building an intranet utilising Zope/Plone and plan on
>>authenticating users via LDAP (ldapuserfolder). However I am now expected
>>to implement a "single sign on" system for the company which currently uses
>>NT domains to authenticate users.
>>
>>Has anybody had any experience in this? I'm beginning to think that it may
>>be "easier" (short term at least) to just authenticate people via NT domain
>>and drop the ldap. I will be very grateful for any advice
>>
>>
>
>I had serious troubles trying to authenticate zope to an Active
>Directory (NT-domain), because it's not completly LDAP. It was
>relatively easy to use Radius (which is also supported by NT, but
>might require some additional software on the NT domain server). I
>used Apache 1.3.x in front of Zope. The user was both authenticated by
>Apache and Zope
>
>Pieter
>
>
>
I have no problems authenticating Zope (Plone in this case) with Active
Directory users. The only problem lies at the time of creating new
members explained at http://plone.org/collector/1105
You may also find this link usefull
http://plone.org/documentation/howto/HowToActiveDirectory/view
I had to change the cn=users to ou=Accounts since I have the users under
an Organizational Unit.
HTH
Jordi Yeh