[Zope3-dev] RE: zope3: ldapauth

Roger Ineichen dev at projekt01.ch
Fri Feb 11 22:03:51 EST 2005 

Hi Derrick

> -----Original Message-----
> From: Derrick Hudson [mailto:dman at dman13.dyndns.org] 
> Sent: Saturday, February 12, 2005 3:20 AM
> To: Roger Ineichen
> Subject: zope3: ldapauth
> 
> Hello Roger,
> 
> I took a look at your 'ldapauth' module today.  Thank you for
> implementing that for me :-).  I did discover a couple of issues with
> it, however.  First, a couple pieces of code try to call getLogin()
> on LDAPPrincipal objects but this method doesn't exist.  Secondly, the
> 'title' attribute is always the empty string.  This doesn't work well
> with the @@PrincipalRoles.html view because it displays the title in
> the selection list.  (go to 
> 'http://localhost:8080/@@PrincipalRoles.html'
> to see what I mean)

Yes, this part needs some work.

> The attached patch resolves these issues for me, however I think the
> 'title' (and 'description') field need further work.  I wanted to
> check with you before committing these changes since this module is
> mainly yours.  The patch also eliminates a deprecation warning with
> trustedRemoveSecurityProxies().

Feel free to commit and enhance the package. It's not my package 
I just started to implement it. I'm really happy if you can
work on it. 

> As for 'title' and 'description', perhaps the principal source should
> have a configuration parameter indicating which LDAP attribute should
> provide that Zope field.  I can imagine some sites using, for example,
> 'uid' for the username and 'cn' for the title.  Perhaps there should
> be an option to use the Principal Annotations concept Stephan outlines
> in his book to store those fields in the ZODB.  Either way will
> require some more work, which I have not explored at this point.


We implemeted the package arround the IsarSprint. Since the sprint
jim did some work on the ldapauth package. The package is located
in the root because it uses a external python lib. That's the bad
part, because nobody runs test on it and merged the changes from the 
trunk.

I'm really happy if you can apply patches as needed. I don't use 
the package right now. Feel free to enhance it and do the required
changes. 

Btw: At the sprint we implement the ldapadapter package and I just
was looking at the svn.zope.org and was seeing a ldappas module.
I think that's the right module for authenticate like we do now.

The ldapadapter is more like a DB adapter implementation and gives
a good base for authentication plugins. 

Feel free migrate the ldapauth to work with the newest version
of the trunk if needed.

Did you see the package ldappas on the trunk? I just saw that
somebody is working on somthing like another ldap PAU/PAS plugin 
for zope3 base on the ldapadapter package.

The ldapadapter package offers a good base for build components
for zope3 base on ldap. It offers a ldap connection like stefan
describes in his book. The ldapadapter is defently the best place
to start.

Regards
Roger Ineichen
 
> -D
> 
> -- 
> "...In the UNIX world, people tend to interpret 
> `non-technical user' as
> meaning someone who's only ever written one device driver."
>     --Daniel Pead
>  
> www: http://dman13.dyndns.org/~dman/            jabber: 
> dman at dman13.dyndns.org
>

More information about the Zope3-dev mailing list