[Zope] NT User Authentication

Bobb rawbobb at hotmail.com
Tue May 11 09:42:21 EDT 2004 

----- Original Message -----
From: "Erik Myllymaki" <erik.myllymaki at aviawest.com>
To: <erik.myllymaki at aviawest.com>
Cc: "Chris Withers" <chris at simplistix.co.uk>; "Bobb" <rawbobb at hotmail.com>;
<zope at zope.org>
Sent: Monday, May 10, 2004 1:51 PM
Subject: Re: [Zope] NT User Authentication


>
>
> Erik Myllymaki wrote:
>
> > Chris Withers wrote:
> >
> >> Erik Myllymaki wrote:
> >>
> >>> the PDC and zopeserver are on the same switch.
> >>
> >>
> >>
> >> What userfolder are you using?
> >>
> >> Chris
> >>
> > exUserFolder.
> >
>
> I have *extended* smbAuthSource.py form exUserFolder. I have a function
> getNTUserRoles(username) that takes a username and returns the list of
> groups that user belongs to in the NT DOMAIN. I add this to the roles
> list, and now, by simply adding a local role (with the same name as the
> NT group) to an object, all NT users in that group can immediately
> access this object.

How many users are you enumerating groups for? I would think that using
 getNTUserRoles(username) for each user would be a lengthy process. If
you're doing it
over and over again.
I'm not sure if this would help, but I would start with the "everyone (or
domain users)"
group, and then add (in NT) specific roles for zope, but they would be
static, and then
use them (and them only). unless that's not what make sense in your case.
This is beyond me at this point, though, sorry.


>
>
>     def listOneUser(self, username):
>         roles=[]
>         if self.currentPropSource:
>
> roles=self.currentPropSource.getUserProperty(username=username,
> key='_roles', default=[])
>         roles = roles + getNTUserRoles(username)
>         if not roles:
>             roles=[] # make sure it's a list...
>
>         username = string.lower(username)
>
>         zLOG.LOG('smbAuthSource',
>              zLOG.DEBUG,
>              "listOneUser returning {username: '%s', password: '',
> roles: %s}" % (username, roles)
>             )
>         return [{'username':username, 'password':'', 'roles':roles},]
>
> I don't understand why this function seems to be called once for every
> object on the page? Seems very ineffifcient. It is quite slow. Maybe I
> should install Zope on a BDC...
>
>
>

More information about the Zope mailing list