[Zope] zope and LDAP for authorisation
Jens Vagelpohl
jens at dataflake.org
Mon Dec 12 06:26:00 EST 2005
On 12 Dec 2005, at 11:04, Marinussen, M.J. (Ria) wrote:
> Hi,
>
> I'm looking for a zope product that enables me to use our Active
> Directory LDAP server for verification of login credentials only.
> I want users still stored in Zope, and access to directories should be
> also something I can handle in Zope, and I don't want to use LDAP
> groups
> because I don't control the LDAP server and there are no groups on the
> LDAP server I can use.
>
> So really, all I want is that Zope checks the passwords with the LDAP
> server instead of with it's own userfolder.
> And perhaps, a possibility to check/search for the available
> loginnames
> on the LDAP server when adding a user to the userfolder.
>
> I've checked out LDAPUserFolder but that's not what I'm looking for (I
> think...).
I'd say "start coding". There is nothing that fits your (somewhat
strange) requirements. I would suggest you modify those requirements
to come up with a saner plan. Could it be you're thinking too much in
terms of specific implementation and too little in terms of what the
underlying goals are?
First of all, what do you gain from "storing users in Zope"? Is your
real goal to make sure only a subset of users from LDAP can access
your site? That goal is easily fulfilled by configuring the
LDAPUserFolder to store role information on the user folder and
disregard the LDAP server. Then you just secure your site by
requiring a certain role and only give that role to the subset of
users you want to let in.
jens
More information about the Zope
mailing list