[Zope-dev] Username/userid separation

Leonardo Rochael Almeida leo at enfoldsystems.com
Wed Aug 3 20:01:12 EDT 2005


Hi,

I've started the lra-userid_username_separation-branch (from
Zope-2_8-branch to start from a stable point) in order to implement
proper userid/username separation in Zope.

I don't intend to change the default user folder implementation, just
the ZMI interface for owner and local roles so that they keep using
userid for storage like they currently do but use usernames for display
(specifically acl_users.getUserById(id).getUserName()). The intent is to
never leak the userid to the ZMI (except for url query strings and
such), and to never store the username persistently.

The motivating usecase is an LDAP (eDirectory) authenticated system
where the username for a user can change, but not the internal ID (a
string).

This will also help ActiveDirectory integration, which also has an
internal ID to reference users.

I remember there being a discussion about this in the list archives, but
a Google search didn't help much.

Are there any other projects in this area that I should colaborate with
instead of duplicating efforts?

Are there any considerations I should be aware of?

Is the "Proposals" wiki pages still used for this kind of change?

Cheers, Leo

-- 
Leonardo Rochael Almeida <leo at enfoldsystems.com>
Enfold Systems



More information about the Zope-Dev mailing list