[Zope3-Users] Applying permissions to users from LDAP
Kapil Thangavelu
kapil.foss at gmail.com
Fri Aug 28 08:14:39 EDT 2009
you can utilize the ldapadapter, and ldappas packages to integrate in ldap
authentication..
ldap = ldapadapter.utility.LDAPAdapter('foobar.org',
389,
bindDN='cn=pftreadonly,cn=users,dc=foobar,dc=org',
bindPassword='nowayhome')
you'll register the connection via zcml
<!-- Setup LDAP Connection -->
<utility
name="my-ldap"
component=".auth.ldap"/>
and then setup an auth utility to utilize it, if you need to apply zope
groups its best to subclass the authentication utility, for example here's a
subclasses authentication utility that provides extra roles based on a field
in the ldap user.
class LDAPAuthentication( ldappas.authentication.LDAPAuthentication ):
type_role_map = {
'Company Employee' : 'app.Contributor',
None : 'app.Member' # default
}
def getInfoFromEntry( self, dn, entry ):
current_user_role.user_id = entry[self.loginAttribute][0]
user_type = entry['usertype'][0]
current_user_role.user_role = self.type_role_map.get( user_type,
self.type_role_map.get( None ) )
return super( LDAPAuthentication, self).getInfoFromEntry( dn, entry
)
and then set up an instance to be used.
authService = LDAPAuthentication()
authService.adapterName = 'my-ldap'
authService.titleAttribute = 'cn'
authService.idAttribute = 'sAMAccountName'
authService.loginAttribute = 'sAMAccountName'
authService.principalIdPrefix = 'ldap.'
authService.searchBase = 'ou=People,dc=foobar,dc=org'
authService.searchScope = 'sub'
authService.groupSearchBase = 'ou=People,dc=foobar,dc=org'
authService.groupSearchScope = 'sub'
and register it in zcml as an auth service
<!-- LDAP Authentication Utility -->
<utility
provides="zope.app.authentication.interfaces.IAuthenticatorPlugin"
component=".auth.authService"
name="ldap-auth"/>
hope that helps,
kapil
On Fri, Aug 7, 2009 at 8:46 AM, Jeroen Michiel <jmichiel at yahoo.com> wrote:
>
> Sorry for bringing up an old topic, but this looks like exactly what I
> would
> need.
> Is there such a package available somewhere?
>
>
> Vinny-5 wrote:
> >
> > On Fri, 16 Feb 2007 09:03:29 -0400
> > "Alec Munro" <alecmunro at gmail.com> wrote:
> >
> > [snip]
> >>
> >> Thanks to all your excellent advice, I have gone ahead and extended
> >> the existing Group folder to automatically import and periodically
> >> synchronize it's groups with an LDAP directory. The functionality is
> >> currently a bit crude, but it gets the job done. I'm talking to my
> >> employer about open sourcing it, would anyone here be interested in
> >> it?
> >>
> >> Alec
> >
> > +1
> >
> > I, for one, would probably learn something useful from the code, if
> > you decide to release it. Thanks in advance if that is the case.
> >
> > Vinny
> > _______________________________________________
> > Zope3-users mailing list
> > Zope3-users at zope.org
> > http://mail.zope.org/mailman/listinfo/zope3-users
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Applying-permissions-to-users-from-LDAP-tp8887767p24864213.html
> Sent from the Zope3 - users mailing list archive at Nabble.com.
>
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope3-users/attachments/20090828/993dc4de/attachment.html
More information about the Zope3-users
mailing list