Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Zope>
  3. CMF
[Zope-PTK] Question about Login Manager
ctpate at uronramp
Feb 6, 2000, 6:08 PM
Post #1 of 2 (291 views)
Permalink
You guys are way over my head with the UUF and user source stuff. I
have not reached the point of attaining zope zen yet.

I believe that you are talking about setting up the User Manager in a
way that I will need for my application. I have started playing around
with trying to use certificates for authentication (not there yet). I am
using Apache/mod_ssl with pcgi/rewite to get to zope.

What I need to be able to do:

1. get the user certificate info (specifically employeeid from a field
in the certificate) using Apache/mod_ssl or using M2Crypto supplied
functions

2. using employeeid get info from an ldap directory which would give me
some of the user's permissions, userid and etc.

3. log an entry in database showing the user is logged in (maybe
something like SQL Session)

4. present the user with a default web page and some options similar to
the Toolbox. My items would be something like request SecurID, approve
request for SecurID, manage/delegate approval authority. Anonymous
users would only have the option to request a SecurID.

5. more undetermined stuff...

I would love to help if I could reach a level of understanding this
stuff.

Clarence T. Pate
Re: [Zope-PTK] Question about Login Manager [ In reply to ]
pje at telecommunity
Feb 6, 2000, 6:25 PM
Post #2 of 2 (276 views)
Permalink
At 07:08 PM 2/6/00 -0600, Clarence T. Pate wrote:
>You guys are way over my head with the UUF and user source stuff. I
>have not reached the point of attaining zope zen yet.

One reason we're all talking about it is because we're trying to make it
easier! Right now it's just too darn hard to write a decent custom
authentication/authorization/user database system for Zope.


>I believe that you are talking about setting up the User Manager in a
>way that I will need for my application. I have started playing around
>with trying to use certificates for authentication (not there yet). I am
>using Apache/mod_ssl with pcgi/rewite to get to zope.
>
>What I need to be able to do:
>
>1. get the user certificate info (specifically employeeid from a field
>in the certificate) using Apache/mod_ssl or using M2Crypto supplied
>functions

In the LoginManager system, you would use a LoginMethod to do this, getting
data from the REQUEST object (I'm assuming that Apache sets environment
variables that will give you at least part of what you need.)


>2. using employeeid get info from an ldap directory which would give me
>some of the user's permissions, userid and etc.

This would be done with a UserSource. The UserSource's "getUser()" method
would be passed an ID by the LoginMethod. The UserSource would create a
LoginUser object containing data from the LDAP directory.


>3. log an entry in database showing the user is logged in (maybe
>something like SQL Session)

Not sure how you would do this exactly. You would probably need to have
the LoginMethod set a cookie to indicate the user is "logged in", and only
ask the UserSource to authenticate the user upon "logging in". Then the
UserSource could log all authentication events. Alternatively, you could
have a second LoginMethod that handled sessions and their associated cookies.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal