On 04/28/2014 07:26 PM, Mike Orr wrote:
I need a Pyramid authentication policy that does the following:
- Use LDAP or a local database depending on the username suffix.
- Retrieve the user's LDAP properties for authorization (especially
'ou' and 'ou1').
- A custom login form for interactive users, and basic auth for
nonhuman clients. This can be either based on the user agent or
configured on URL trees, since they will be going to different URLs.
I'm inclined to use 'repose_who' because it's supposed to have all of
these. Does it actually work well? Is its LDAP subsystem working yet
or would I have to do significant work on it? (Last I heard it didn't
have a maintainer.) Are there any other libraries worth considering?
I'm porting a Pylons application which has a custom implementation of
the first two features, and punts on the third (i.e., Apache's basic
auth handles those URLs).
I'd ideally prefer something Python 3 compatible, but I understand the
underlying Python-LDAP is not compatible at this point.
There is a pyramid_ldap library available (Python 2 only probably), and
it provides at least part of a solution to your particular problems.
http://docs.pylonsproject.org/projects/pyramid-ldap/en/latest/
I'd suggest trying to combine it with pyramid_multiauth to get the rest
of the way (falling back to basic authentication as opposed to a login
form).
At very least, you can look at the code and steal bits of it to create a
completely custom authentication policy for yourself that does what you
need, I'd suspect.
- C
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/d/optout.
