[Zope] NT User Folder - No Domain support?

Chris McDonough chris@iqgroup.com
Mon, 18 Oct 1999 23:11:11 -0400


Ian,

 I haven't looked at the source for the NT User Folder product, but creating
the SMB User Folder product was a trivial hack on Michel's etcUserFolder
product.  Maybe... six lines changed.  And that was from Linux using a
Python SMB library.   It would probably be almost as trivial to change the
smbUserFolder product to recognize the platform on which it runs.  Then in
the code, conditionally import modules (it would need to import some win32
stuff if on NT, or the smb library on UNIX) and conditionally use different
SMB validation schemes depending on what OS platform the code detects.

here's pseudocode -

def authorize:
   if myplatform == win32:
        authenticate using markhammond's stuff (win32net)
        return authentication result

   elif myplatform == unix:
        authenticate using smbmodule stuff
        return authentication result
   
   else:
        return unsupported

This seems to me to make more sense than using XML-RPC.  It's maybe a 2-hour
job.  I'd promise to do it, but I'd probably be lying :)  Its nuts at work
right now.  That said, if I get time, I will give it a roll... 



-----Original Message-----
From: Ian Blenke
To: zope@zope.org
Sent: 10/18/99 7:11 PM
Subject: [Zope] NT User Folder - No Domain support?

After fighting with the "NT User Folder" product for quite a while, 
I've run across a "feature" :)

Unless your NT server is a PDC/BDC for a Domain (so that the local SAM
is queried), it isn't possible to use NT User Folder for authentication
of users in the Domain.

I'm attempting to run Zope on an IIS server that is member server in a 
Domain, but not a Domain Controller of any kind. The only way to limit
access seems to be by adding/deleting local users and putting them in 
the ACL for HKLM/Software/DigitalCreations/.../Role

SO, I'm entertaining alternatives. How can I reference the users in
a remote Zope User Folder? It would be nice to be able to put the
"smb User Folder" on a Linux server running Zope, and merely XML-RPC
the folder lookups from the NT box to the Linux box.

Would it be possible to create a regular acl_users folder with the
preresiquite methods defined that would merely redirect the "simulated"
method to another Zope server?

Yes, it's a kludge. Yes it's sick and twisted.

The appropriate solution would be to put the Zope server on a BDC.

However, I'm not one for the "easy way out" :)

- Ian C. Blenke <icblenke@2c2.com> <ian@blenke.com>



_______________________________________________
Zope maillist  -  Zope@zope.org
http://www.zope.org/mailman/listinfo/zope

(Related lists - please, no cross posts or HTML encoding!

To receive general Zope announcements, see:
http://www.zope.org/mailman/listinfo/zope-announce

For developer-specific issues, zope-dev@zope.org -
http://www.zope.org/mailman/listinfo/zope-dev )