[Zope] Re: jcNTUserFolder query - authenticating when Zope is not running on DC
Jephte CLAIN
Jephte.Clain@univ-reunion.fr
Wed, 14 Mar 2001 19:53:44 +0400
Ian Sealy wrote:
> Hi. I'm really sorry to bother you by writing to you directly, but can I
> ask you a question about jcNTUserFolder? I'm not quite clear how it's
> meant to work. I've got Zope running on an NT machine that's not a
> domain controller for the domain it's in. Is it possible to authenticate
> all the users that are in that domain?
Hello,
Well, jcNTUserFolder is designed to run on the domain controller. The
problem is, I don't know how to *enumerate* users on a distant
controller. Also, I don't know how to ask what is the controller of a
domain.
jcNTUserFolder try to log the user on the computer running Zope.
This always succeed when the machine is a domain controller, and the
user is in the domain.
However, when the machine running zope is not the domain controller, you
have to create all the users of that domain in jcNTUserFolder (with the
syntax domain\username), and on NT, give those users the right to log on
from the network on the machine running Zope. This is difficult to do
when you have a lot of users, but sorry, there isn't another way right
now, until of course I find a way to enumerate users on a distant
controller.
regards,
jephte.clain@univ-reunion.fr