[Zope-dev] Username/userid separation

Tino Wildenhain tino at wildenhain.de
Thu Aug 4 01:53:03 EDT 2005

Am Mittwoch, den 03.08.2005, 21:01 -0300 schrieb Leonardo Rochael
> Hi,
> I've started the lra-userid_username_separation-branch (from
> Zope-2_8-branch to start from a stable point) in order to implement
> proper userid/username separation in Zope.
> I don't intend to change the default user folder implementation, just
> the ZMI interface for owner and local roles so that they keep using
> userid for storage like they currently do but use usernames for display
> (specifically acl_users.getUserById(id).getUserName()). The intent is to
> never leak the userid to the ZMI (except for url query strings and
> such), and to never store the username persistently.
> The motivating usecase is an LDAP (eDirectory) authenticated system
> where the username for a user can change, but not the internal ID (a
> string).
> This will also help ActiveDirectory integration, which also has an
> internal ID to reference users.
> I remember there being a discussion about this in the list archives, but
> a Google search didn't help much.
> Are there any other projects in this area that I should colaborate with
> instead of duplicating efforts?
> Are there any considerations I should be aware of?

Are you aware of the PAS (Pluggable Auth Service) project?


They already have a separation of uid and login.
What this product could use is just some polishing
and a lot of documentation for the users.

All the other things you mention (including a LDAP
plugin) are already done.

More information about the Zope-Dev mailing list