[Zope] Authentication questions
Jens Vagelpohl
jens at zope.com
Fri Aug 29 18:30:24 EDT 2003
> The internal staff are currently authenticated via Windows (and Active
> Directory accounts) which is a critical requirement. The external
> folks
> will only be accessing this one site, so their accounts are very
> site-specific.
>
> What is the most logical way to have both specific AD accounts (not the
> whole directory) and Zope user accounts authenticate for one site?
>
Use the LDAPUserFolder** and either create group-type records in AD
that hold the AD people allowed to log in and map it to a role in Zope,
or store role information for the AD users on the user folder itself
(-> see configuration help) and manually assign the right roles to
these privileged directory users.
Make sure you read README.ActiveDirectory.txt for all the pitfalls
associated with their poor LDAP implementation.
jens
** http://www.dataflake.org/software/ldapuserfolder/
More information about the Zope
mailing list