I need some help understanding the repoze middleware mechanisms.

Context: I want to write a LDAP Auth and MetaData plugin for repoze.who,
to be used with Turbogears 2.
This works so far, but the integration in tg2 does not work as expected,
the standard sqlalchemy authentication gets completely replaced by the LDAP
auth. This is not what I want, I need "local" users and groups (admins
for example)
in combination with LDAP accounts.

this is how tg2 is initialized (in prj/config/middleware.py):

    # This is the standard tg2 app
    app = make_base_app(global_conf, full_stack=True, **app_conf)

    # Wrap your base TurboGears 2 application with custom middleware here
    # This adds the LDAP auth:
    app = make_who_with_config(app, global_conf,

but this seems to override the tg2 auth and metadata providers. only
what is
configured in the who.ini is active like that.

I tried to configure the tg2 auth and metadata providers in the who.ini, but
without success. It works for authentication with the repoze.who.plugins.sa,
but this does not provide the necessary metadata for the tg2 groups and

What would be the way to go ?

- Configure the whole thing in who.ini and try to extract the IAuthenticator
  and IMetadataProvider from tg 2


- Configure everything in prj/config/middleware.py and try to extract the
  needed things from make_who_with_config without overriding the existing
  tg2 IAuthenticator and IMetadataProvider

Thanks for your help


Repoze-dev mailing list

Reply via email to