Jens Vagelpohl schrieb:

>> I'm looking now for the best way to integrate/rewrite
>> CookieCrumbler/LDAPUserFolder to take the validated Login-Name and  read
>> roles of the user out of the LDAP-directory.
> What *specifically* does not work? Have you tried it and developed a  list
of features that are missing for it to work?
> jens

I'm starting at the beginning :)

I have a web-service that accepts a MYSAPSSO2-Cookie and return the
User-Name if the signature included in the MYSAPSSO2-Cookie can be verified.

I have a zope with CookieCrumber/LDAPUserFolder connected to LDAP-directory.
The LDAPUserFolder can be configured anonymous or to use a managers-DN to
access the LDAP-directory. Normally a user would enter a form-based password
on first login and the CookieCrumber will sent back a Cookie were the
authentication result of LDAPUserFolder is stored for next requests.

My idea in first step is now that the CookieCrumber can take the
MYSAPSSO2-Cookie, sent the MYSAPSSO2-Cookie to the external web-service,
which return the real user-name, this user-name will be forwared/used by
LDAPUserFolder as an authenticated user (no authenticated bind with the
user-name, only bind anonymously or with managers-DN to read the roles of
the user) and LDAPUserFolder/LDAPUserSatellite will read the assigned
LDAP-groups and maps them to Zope-Roles.

Does this description help to understand me ? I don't know :)


Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ ++
Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to