Hi Mark, Mark Hammond schrieb:
> >I would suggest looking at PAS. You would write an "extraction" plugin for >PAS, and use the PAS LDAPMultiPlugin (from dataflake) for user properties >and role/group enumeration. Your PAS plugin then only has the job of >creating a "user id" suitable for use with the LDAP plugin (ie, the same >'id' that LDAPUF is configured to use). PAS has had a number of recent >changes - you should look at the CVS versions (of PAS and the dataflake >stuff) rather than the released versions if you want to avoid migration work >in the future. > >http://www.zope.org/Members/urbanape/PluggableAuthService > >mailing list at: > >http://mail.zope.org/mailman/listinfo/zope-pas > I like the idea of PAS and I have downloaded PluginRegistry, PAS and LDAPMultiPlugin. I made a MySapSsoCookieAuthHelper, which will take the MYSAPSSO2-Cookie, sent this to the external Validation Service. Since this service will return the login name which is identical to the LDAP-User I hopefully only have to work for reading the LDAP-Attributes and roles. One question about PAS/LDAPMultiPlugin and LDAPUserFolder/LDAPUserSatellite: We work a lot with LDAPUserSatellite in different Folders, which will change local roles of users. Is this also possible with PAS/LDAPMultiPlugin ? Thanks for that hint. Dirk -- Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis ++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++ _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )