[Zope] zope and LDAP for authorisation

Jens Vagelpohl jens at dataflake.org
Mon Dec 12 06:26:00 EST 2005


On 12 Dec 2005, at 11:04, Marinussen, M.J. (Ria) wrote:

> Hi,
>
> I'm looking for a zope product that enables me to use our Active
> Directory LDAP server for verification of login credentials only.
> I want users still stored in Zope, and access to directories should be
> also something I can handle in Zope, and I don't want to use LDAP  
> groups
> because I don't control the LDAP server and there are no groups on the
> LDAP server I can use.
>
> So really, all I want is that Zope checks the passwords with the LDAP
> server instead of with it's own userfolder.
> And perhaps, a possibility to check/search for the available  
> loginnames
> on the LDAP server when adding a user to the userfolder.
>
> I've checked out LDAPUserFolder but that's not what I'm looking for (I
> think...).

I'd say "start coding". There is nothing that fits your (somewhat  
strange) requirements. I would suggest you modify those requirements  
to come up with a saner plan. Could it be you're thinking too much in  
terms of specific implementation and too little in terms of what the  
underlying goals are?

First of all, what do you gain from "storing users in Zope"? Is your  
real goal to make sure only a subset of users from LDAP can access  
your site? That goal is easily fulfilled by configuring the  
LDAPUserFolder to store role information on the user folder and  
disregard the LDAP server. Then you just secure your site by  
requiring a certain role and only give that role to the subset of  
users you want to let in.

jens



More information about the Zope mailing list