Hello, I a standard Turbogears 2 project Users can be member of Groups which grant certain Permissions. However, I try to configure the tg2 app using a who.ini file, allowing LDAP users to login as well as the standard users. I am working on the repoze.who.plugins.ldap plugin. This works fine so far, but the local users do no longer have the group and permission metadata set.
in my who.ini file I have: [plugin:sa_mdp] use = repoze.who.plugins.sa:make_sa_user_mdprovider user_class = prjmodel:User dbsession = prj.model:DBSession [mdproviders] plugins = sa_mdp This mdprovider only sets a few attributes from the User table, since it doesn't know about the group and permission table. In contrast the tg2 application config: # Configure the authentication backend base_config.auth_backend = 'sqlalchemy' base_config.sa_auth.dbsession = model.DBSession # what is the class you want to use to search for users in the database base_config.sa_auth.user_class = model.User # what is the class you want to use to search for groups in the database base_config.sa_auth.group_class = model.Group # what is the class you want to use to search for permissions in the database base_config.sa_auth.permission_class = model.Permission Is there a way to configure the 'sqlalchemy' backend from tg2 in the who.ini ? I don't really understand how tg2 initializes the repoze stuff and how this can be overridden by the who.ini file. As a final result, I should be able to grant Permissions to LDAP groups in my application. As the tg_group_permissions table in the database is not doing type or consistency checking, I could easily put LDAP groups in there. This would of course not me manageable by the catwalk engine, but by the management frontend of my app. Since this will be IMHO a common usage of LDAP Authentication in tg2 and maybe other frameworks using repoze, this should maybe be implemented in the repoze.who.plugins.ldap ? What are your insights on this ? Regards andré _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev