[Zope-PTK] Question about Login Manager

[Phillip J. Eby]

At 07:08 PM 2/6/00 -0600, Clarence T. Pate wrote:
>You guys are way over my head with the UUF and user source stuff.  I
>have not reached the point of attaining zope zen yet.

One reason we're all talking about it is because we're trying to make it
easier!  Right now it's just too darn hard to write a decent custom
authentication/authorization/user database system for Zope.


>I believe that you are talking about setting up the User Manager in a
>way that I will need for my application.  I have started playing around
>with trying to use certificates for authentication (not there yet). I am
>using Apache/mod_ssl with pcgi/rewite to get to zope.
>
>What I need to be able to do:
>
>1. get the user certificate info (specifically employeeid from a field
>in the certificate) using Apache/mod_ssl or using M2Crypto supplied
>functions

In the LoginManager system, you would use a LoginMethod to do this, getting
data from the REQUEST object (I'm assuming that Apache sets environment
variables that will give you at least part of what you need.)


>2. using employeeid get info from an ldap directory which would give me
>some of the user's permissions, userid and etc.

This would be done with a UserSource.  The UserSource's "getUser()" method
would be passed an ID by the LoginMethod.  The UserSource would create a
LoginUser object containing data from the LDAP directory.


>3. log an entry in database showing the user is logged in (maybe
>something like SQL Session)

Not sure how you would do this exactly.  You would probably need to have
the LoginMethod set a cookie to indicate the user is "logged in", and only
ask the UserSource to authenticate the user upon "logging in".  Then the
UserSource could log all authentication events.  Alternatively, you could
have a second LoginMethod that handled sessions and their associated cookies.