[Zope] NT User Authentication

Erik Myllymaki erik.myllymaki at aviawest.com
Mon May 10 13:51:07 EDT 2004



Erik Myllymaki wrote:

> Chris Withers wrote:
>
>> Erik Myllymaki wrote:
>>
>>> the PDC and zopeserver are on the same switch.
>>
>>
>>
>> What userfolder are you using?
>>
>> Chris
>>
> exUserFolder.
>

I have *extended* smbAuthSource.py form exUserFolder. I have a function 
getNTUserRoles(username) that takes a username and returns the list of  
groups that user belongs to in the NT DOMAIN. I add this to the roles 
list, and now, by simply adding a local role (with the same name as the 
NT group) to an object, all NT users in that group can immediately 
access this object.


    def listOneUser(self, username):
        roles=[]
        if self.currentPropSource:
            
roles=self.currentPropSource.getUserProperty(username=username, 
key='_roles', default=[])
        roles = roles + getNTUserRoles(username)
        if not roles:
            roles=[] # make sure it's a list...

        username = string.lower(username)

        zLOG.LOG('smbAuthSource',
             zLOG.DEBUG,
             "listOneUser returning {username: '%s', password: '', 
roles: %s}" % (username, roles)
            )
        return [{'username':username, 'password':'', 'roles':roles},]

I don't understand why this function seems to be called once for every 
object on the page? Seems very ineffifcient. It is quite slow. Maybe I 
should install Zope on a BDC...





More information about the Zope mailing list