Jens Vagelpohl schrieb:

>> I'm looking now for the best way to integrate/rewrite
>> CookieCrumbler/LDAPUserFolder to take the validated Login-Name and  read
the
>> roles of the user out of the LDAP-directory.
>
>
> What *specifically* does not work? Have you tried it and developed a  list
of features that are missing for it to work?
>
> jens

I'm starting at the beginning :)

I have a web-service that accepts a MYSAPSSO2-Cookie and return the
User-Name if the signature included in the MYSAPSSO2-Cookie can be verified.

I have a zope with CookieCrumber/LDAPUserFolder connected to LDAP-directory.
The LDAPUserFolder can be configured anonymous or to use a managers-DN to
access the LDAP-directory. Normally a user would enter a form-based password
on first login and the CookieCrumber will sent back a Cookie were the
authentication result of LDAPUserFolder is stored for next requests.

My idea in first step is now that the CookieCrumber can take the
MYSAPSSO2-Cookie, sent the MYSAPSSO2-Cookie to the external web-service,
which return the real user-name, this user-name will be forwared/used by
LDAPUserFolder as an authenticated user (no authenticated bind with the
user-name, only bind anonymously or with managers-DN to read the roles of
the user) and LDAPUserFolder/LDAPUserSatellite will read the assigned
LDAP-groups and maps them to Zope-Roles.

Does this description help to understand me ? I don't know :)

Regards,
Dirk

-- 
Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to