Mike said: > So that would require two LDAP queries or two SQL queries for every login?
The way I suggested, yes. If that's an issue, you could extend the authenticators (or create your own) so that you retrieve everything in one go, putting the metadata in a temporary location in the WSGI environ and then making a metadata provider that moves it to the identity dict. > That brings up another issue I forgot. The LDAP plugin seems to assume > a long-running connection that will never be broken, and has no > provision to reconnect. (The constructor takes a connection rather > than a factory.) I don't know if LDAP is as likely to close idle > connections as MySQL is, but our server does go down occasionally. In > my app, I connect to LDAP separately for each login attempt. I suppose > that might increase the latency, but it does mean I don't have to > worry about reconnecting. It should probably start with a long-lived > connection but reconnect gracefully. The plugin only uses the "simple_bind_s" method of the connection object, so you could define a class with that method so that you can connect to the LDAP server on every login attempt. Or, the plugin could be modified to do it automatically when required. I can apply a patch to do it. -- Gustavo Narea <xri://=Gustavo>. | Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about | -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
