Jens Vagelpohl schrieb:
>> I'm looking now for the best way to integrate/rewrite
>> CookieCrumbler/LDAPUserFolder to take the validated Login-Name and read
>> roles of the user out of the LDAP-directory.
> What *specifically* does not work? Have you tried it and developed a list
of features that are missing for it to work?
I'm starting at the beginning :)
I have a web-service that accepts a MYSAPSSO2-Cookie and return the
User-Name if the signature included in the MYSAPSSO2-Cookie can be verified.
I have a zope with CookieCrumber/LDAPUserFolder connected to LDAP-directory.
The LDAPUserFolder can be configured anonymous or to use a managers-DN to
access the LDAP-directory. Normally a user would enter a form-based password
on first login and the CookieCrumber will sent back a Cookie were the
authentication result of LDAPUserFolder is stored for next requests.
My idea in first step is now that the CookieCrumber can take the
MYSAPSSO2-Cookie, sent the MYSAPSSO2-Cookie to the external web-service,
which return the real user-name, this user-name will be forwared/used by
LDAPUserFolder as an authenticated user (no authenticated bind with the
user-name, only bind anonymously or with managers-DN to read the roles of
the user) and LDAPUserFolder/LDAPUserSatellite will read the assigned
LDAP-groups and maps them to Zope-Roles.
Does this description help to understand me ? I don't know :)
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -