<div><br></div>you can utilize the ldapadapter, and ldappas packages to integrate in ldap authentication..<div><br></div><div><div>ldap = ldapadapter.utility.LDAPAdapter('<a href="http://foobar.org">foobar.org</a>',</div>
<div> 389,</div><div> bindDN='cn=pftreadonly,cn=users,dc=foobar,dc=org',</div><div> bindPassword='nowayhome')</div>
<div><br></div><div>you'll register the connection via zcml</div><div><br></div><div><div> <!-- Setup LDAP Connection --></div><div> <utility</div><div> name="my-ldap"</div><div> component=".auth.ldap"/></div>
<div><br></div><div>and then setup an auth utility to utilize it, if you need to apply zope groups its best to subclass the authentication utility, for example here's a subclasses authentication utility that provides extra roles based on a field in the ldap user.</div>
<div><br></div><div><div>class LDAPAuthentication( ldappas.authentication.LDAPAuthentication ):</div><div><br></div><div> type_role_map = {</div><div> 'Company Employee' : 'app.Contributor',</div>
<div> None : 'app.Member' # default</div><div> }</div><div><br></div><div> def getInfoFromEntry( self, dn, entry ):</div><div> current_user_role.user_id = entry[self.loginAttribute][0]</div>
<div> user_type = entry['usertype'][0]</div><div> current_user_role.user_role = self.type_role_map.get( user_type, self.type_role_map.get( None ) )</div><div> return super( LDAPAuthentication, self).getInfoFromEntry( dn, entry )</div>
<div><br></div><div>and then set up an instance to be used.</div></div></div><div><br></div><div>authService = LDAPAuthentication()</div><div><br></div><div>authService.adapterName = 'my-ldap'</div><div>authService.titleAttribute = 'cn'</div>
<div>authService.idAttribute = 'sAMAccountName'</div><div>authService.loginAttribute = 'sAMAccountName'</div><div>authService.principalIdPrefix = 'ldap.'</div><div>authService.searchBase = 'ou=People,dc=foobar,dc=org'</div>
<div>authService.searchScope = 'sub'</div><div>authService.groupSearchBase = 'ou=People,dc=foobar,dc=org'</div><div>authService.groupSearchScope = 'sub'</div><div><br></div><div>and register it in zcml as an auth service</div>
<div><br></div><div><div> <!-- LDAP Authentication Utility --></div><div> <utility</div><div> provides="zope.app.authentication.interfaces.IAuthenticatorPlugin"</div><div> component=".auth.authService"</div>
<div> name="ldap-auth"/></div><div><br></div><div>hope that helps,</div><div><br></div><div>kapil</div></div><br><div class="gmail_quote">On Fri, Aug 7, 2009 at 8:46 AM, Jeroen Michiel <span dir="ltr"><<a href="mailto:jmichiel@yahoo.com">jmichiel@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
Sorry for bringing up an old topic, but this looks like exactly what I would<br>
need.<br>
Is there such a package available somewhere?<br>
<br>
<br>
Vinny-5 wrote:<br>
><br>
> On Fri, 16 Feb 2007 09:03:29 -0400<br>
> "Alec Munro" <<a href="mailto:alecmunro@gmail.com">alecmunro@gmail.com</a>> wrote:<br>
><br>
> [snip]<br>
>><br>
>> Thanks to all your excellent advice, I have gone ahead and extended<br>
>> the existing Group folder to automatically import and periodically<br>
>> synchronize it's groups with an LDAP directory. The functionality is<br>
>> currently a bit crude, but it gets the job done. I'm talking to my<br>
>> employer about open sourcing it, would anyone here be interested in<br>
>> it?<br>
>><br>
>> Alec<br>
><br>
> +1<br>
><br>
> I, for one, would probably learn something useful from the code, if<br>
> you decide to release it. Thanks in advance if that is the case.<br>
><br>
> Vinny<br>
> _______________________________________________<br>
> Zope3-users mailing list<br>
> <a href="mailto:Zope3-users@zope.org">Zope3-users@zope.org</a><br>
> <a href="http://mail.zope.org/mailman/listinfo/zope3-users" target="_blank">http://mail.zope.org/mailman/listinfo/zope3-users</a><br>
><br>
><br>
<font color="#888888"><br>
--<br>
View this message in context: <a href="http://www.nabble.com/Applying-permissions-to-users-from-LDAP-tp8887767p24864213.html" target="_blank">http://www.nabble.com/Applying-permissions-to-users-from-LDAP-tp8887767p24864213.html</a><br>
Sent from the Zope3 - users mailing list archive at Nabble.com.<br>
<br>
_______________________________________________<br>
Zope3-users mailing list<br>
<a href="mailto:Zope3-users@zope.org">Zope3-users@zope.org</a><br>
<a href="http://mail.zope.org/mailman/listinfo/zope3-users" target="_blank">http://mail.zope.org/mailman/listinfo/zope3-users</a><br>
</font></blockquote></div><br></div>