[Grok-dev] LDAP authentication and groups

Jeroen Michiel jmichiel at yahoo.com
Fri Aug 7 04:32:23 EDT 2009

Sebastian Ware wrote:
> Have you looked at this:
>    http://grok.zope.org/documentation/how-to/authentication-with-grok
> Mvh Sebastian

Yep, and found it very useful to get the authentication going (although
getting it to work with AD took me a while), but there's no mention of the
IPrincipalCreated event.

I think that's a bit of a missing link in the documentation:
You have a very good explanation about authentication, as you mentioned
(http://grok.zope.org/documentation/how-to/authentication-with-grok), and
one about permissions and roles
(http://grok.zope.org/documentation/tutorial/permissions), but how you
should couple them together (especially if you authenticate to an external
server) is still vague (at least to me). There is no mention of the
IPrincipalCreated event in the docs, unless I missed it.

I'm willing to make a small Howto on this (assigning roles/permissions to
externally authenticated users), if someone can point me in the right
direction, because I still have a few questions...

For instance what exactly is the difference between IPrincipalCreated,
IAuthenticatedPrincipalCreated and IFoundPrincipalCreated? 
Since the latter 2 are derived from IPrincipalCreated, IPrincipalCreated is
triggered always when a principal is created by a factory. As far as I can
gather from the zope API docs, IAuthenticatedPrincipalCreated is fired when
a principal is really authenticated (typically by a user logging is to the
site and providing his/her credentials), while IFoundPrincipalCreated is
fired when a user is looked up (in the code) typically by a call to
getPrincipal on the PAU.
Is this correct?
When should you use which?

Thanks for any advice/ideas!
View this message in context: http://www.nabble.com/LDAP-authentication-and-groups-tp24848493p24860905.html
Sent from the Grok mailing list archive at Nabble.com.

More information about the Grok-dev mailing list