[Zope] RemoteUserFolder and local user attributes

Brendan O'Connor brendan@oconn.org
Mon Aug 4 05:39:24 EDT 2003 

Hello all -

I'm using the RemoteUserFolder product in an intranet portal that I've 
built for my company.  So far the feedback has been overwhelmingly 
positive, with everyone starting to see the light.  So far, 
authentication in my prototype site has been done within Zope.  My IT 
dept supports an authentication mechanism that is done through apache 
allowing users to login using either their Unix or Windows passwords.  
It has been expressed to me as a requirement that I be able to use that 
information for logging users into the portal automatically.  This 
problem would seem to be solved via the RemoteUserFolder since the 
authentication mechanism they use generates a REMOTE_USER field in the 
header.  Unfortunately, the REMOTE_USER field is stuffed with a unique 
ID number (the employee ID number) rather than the more user friendly 
username.

It's simple for me to get a mapping from employee ID number to 
username, but it is very expensive in terms of time.  My initial 
implementation (which is a modification of RemoteUserFolder) just 
queries a database whenever a user needs to be authenticated to access 
an object.  Naturally, this is very slow.  Slow enough, in fact, to 
drive the load on the web server (normally 0.10-0.50) well over 2 
whenever more than 1 person is accessing the portal.

So, enough with my longwinded problem description ... I have considered 
the following solution (and would gladly entertain others, hint hint ..)

When a new user is encountered, do the database lookup as part of the 
auto-add feature of RemoteUserFolder.  Store the username as the user 
name and store the ID number as an attribute.  That way, when a user 
needs to be authenticated, I can just match the ID number with the name 
within Zope and never have to go back to the database again.  Seems 
reasonable ... only problem is that I can't figure out how to store the 
ID number as an attribute of the user.

Any comments are welcome!  Thanks in advance ...

Regards,
Brendan

More information about the Zope mailing list