[Zope] RE: NT User Folder

Ava ava@dde974.equipement.gouv.fr
Thu, 6 Jan 2000 13:51:31 +0400


> I have a question in regards to your 
> jcNTUserFolder..........how can set the
> folder to authenticate to a remote Domain Controller?
When a user identify himself as USERNAME, it is considered to be
DEFAULTNTDOMAIN\USERNAME.
So I you want to authenticate users on a different domain than the local
domain, you have to change the Default NT Domain to the remote domain. I
suppose that your server have to be part of the domain.
Unfortunately, you have then to create each remote user in the 'domain
users' tab **in order to be able to give them roles**. If those users are to
be anonymous, you needn't create them in the tab.

Also, a user can log as DOMAIN\USERNAME to authenticate as USERNAME on
DOMAIN.

My product is currently designed to be run *on* a Domain Controller (primary
or backup) to be able to enumerate all the users of the domain.
Perhaps in a future version it will be able to enumerate users on a distant
server???

> In addition, when I use your product....the local Domain Name 
> it sees is "NT Authority"
This is normal because you run Zope as a service. I noticed that the users
are authenticated the right way nevertheless. So it shouldn't be a problem.
If you are in doubt, change the default nt domain

> When I run the win32api.GetDomainName in the PythonWin I would get the
> correct Domain.
Pythonwin is not run as a service... :-)

> What can I do to change this?
It shouldn't be a problem. users should be authenticated the right way. If
you have problems, I am interested to hear about them.


PS: I hope to write some docs very soon. I apologize to release a product
without any docs. As usual, the source is to be read to understand how the
product work :-)

Regards,
Jephte CLAIN
minf7@educ.univ-reunion.fr