Dear fellas, I am thinking about the problem above and I guessed I might have a strategy for a solution, but I would like to hear from a more experient developer whether it is feasible.
To sum up the situation, I am using PloneLDAP (to access MS-AD) and passsl. Passsl extracts correctly the username from the client-certificate, but this username is sometimes case-incompatible with the login for the user in AD. Example is John Doe, which might have his username as johnDOE in the certificate and Johndoe in AD. So, lowercasing just one of them would not suffice: Plone does not recognize a local role assigned to Johndoe when user johnDOE logs in. My idea is to put a command somewhere in the extract credentials chain, to retrieve the username from the LDAP record after passsl extracted the credentials from the certificate. The idea is that passsl would extract johnDOE but, instead of using it throughout the user session, replace it in the session information for the AD login. The idea is to make a LDAP search for a user whose login is johnDOE; AD would retrieve (I guess) the correct record. Then I get the value of sAMAccountName field, which would be Johndoe, and replace the username in the session information for it. I'd like to hear whether this solution is a viable one and whether the best idea is change the extractCredentials code in passsl or implement extractCredentials in LDAPMultiPlugins. Thanks in advance. Best regards, Alberto -- View this message in context: http://n2.nabble.com/Too-much-case-sensitivity-%28LDAPMultiPlugins%2C-PASSSL%29-tp679232p1080738.html Sent from the Product Developers mailing list archive at Nabble.com. _______________________________________________ Product-Developers mailing list [email protected] http://lists.plone.org/mailman/listinfo/product-developers
