[Zope-dev] Re: SAP SSO feature for Zope/LDAPUserFolder

Dirk Datzert dummy at habmalnefrage.de
Sun Jun 26 09:57:08 EDT 2005


Hi Mark,

Mark Hammond schrieb:

>
>I would suggest looking at PAS.  You would write an "extraction" plugin for
>PAS, and use the PAS LDAPMultiPlugin (from dataflake) for user properties
>and role/group enumeration.  Your PAS plugin then only has the job of
>creating a "user id" suitable for use with the LDAP plugin (ie, the same
>'id' that LDAPUF is configured to use).  PAS has had a number of recent
>changes - you should look at the CVS versions (of PAS and the dataflake
>stuff) rather than the released versions if you want to avoid migration
work
>in the future.
>
>http://www.zope.org/Members/urbanape/PluggableAuthService
>
>mailing list at:
>
>http://mail.zope.org/mailman/listinfo/zope-pas
>

I like the idea of PAS and I have downloaded PluginRegistry, PAS and
LDAPMultiPlugin. I made a MySapSsoCookieAuthHelper, which will take the
MYSAPSSO2-Cookie, sent this to the external Validation Service.

Since this service will return the login name which is identical to the
LDAP-User I hopefully only have to work for reading the LDAP-Attributes and
roles.

One question about PAS/LDAPMultiPlugin and LDAPUserFolder/LDAPUserSatellite:

We work a lot with LDAPUserSatellite in different Folders, which will change
local roles of users. Is this also possible with PAS/LDAPMultiPlugin ?

Thanks for that hint. 

Dirk

-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++


More information about the Zope-Dev mailing list