[Zope] __ac_name and __ac_password

Evan Gibson egibson@connect.com.au
Wed, 13 Oct 1999 12:21:31 +1000 

On Tue, Oct 12, 1999 at 04:09:45PM +0800, kedai wrote:
> > The variables/objects you name are used as part of the UserDB product, this
> > product allows you to authenticate against a RDBMS instead of the
> > user-folders as you normally would.
> > It has a few more advantages such as cookie based authentication etc.
> > HTH
> > 
> > Phil
> > phil@philh.org

> does anybody know any work around so that we can use UserDb in the root folder, 
> replacing the user folder?
> tia

It can be done, you just have to be _very_ careful. There are a few
mistakes to watch out for...

Firstly do NOT delete your Users folder expecting to be able to install the new
UserDb one. As soon as you delete the old one you no longer have management
access (I think the superuser password still works at this point), but once
you install the UserDb folder the superuser password _stops_ working and
you no longer have permissions to do anything and it will kick you out.

This happened to me and was quite annoying. (I had to mess around with the
python code and pretty much comment out a lot of the security so I could
get back in to my site to set up the UserDb properly...)

So what you want to do is make a temporary folder, set your UserDb object
up in there and make sure it is working _perfectly_, that it is looking at
the right database, that you have users set up properly and that they have
the right permissions (including you having management permissions.)

Then you _copy_ that UserDb object and, immediately on deleting the Users
folder in root, paste the already configured one in.

At this point it will probably bring up the password window asking you to
authenticate. If you are using Cookie-based authentication this password
window NO LONGER WORKS, so cancel out of it.

Go directly to the URL:

domain.com:port/acl_users/docLogin

and log in there.

You HAVE to login this way from now on (if you are using cookie-based
authentication), so you probably want to have a "Login" link on your front
page that leads here.


It's probably wise to back up your zope db before you do this just in case
you make a mistake and can't get back in.



If you do get locked out of your site you can try commenting out the first
two lines of the validate method in UserDb.py:

    def validate(self,request,auth='',roles=None):
#        if self.cookie_mode:
#           return self.cookie_validate(request, auth, roles)
        return self.std_validate(request, auth, roles)

This will disable cookie-based authentication and make the password window
work off your UserDb database. This does not use the cookies properly
though so you won't want to leave it like this. Use this to get back in
and fix your site up properly. (This still requires you to have the proper
users set up in your database, so if that is your problem you will need to
get external access to your database and enter them manually.)



-- 
  Evan ~ThunderFoot~ Gibson    ~ nihil mutatem, omni deletum ~
      May the machines watch over you with loving grace.