Hi Mark,

Mark Hammond schrieb:

>I would suggest looking at PAS.  You would write an "extraction" plugin for
>PAS, and use the PAS LDAPMultiPlugin (from dataflake) for user properties
>and role/group enumeration.  Your PAS plugin then only has the job of
>creating a "user id" suitable for use with the LDAP plugin (ie, the same
>'id' that LDAPUF is configured to use).  PAS has had a number of recent
>changes - you should look at the CVS versions (of PAS and the dataflake
>stuff) rather than the released versions if you want to avoid migration
>in the future.
>mailing list at:

I like the idea of PAS and I have downloaded PluginRegistry, PAS and
LDAPMultiPlugin. I made a MySapSsoCookieAuthHelper, which will take the
MYSAPSSO2-Cookie, sent this to the external Validation Service.

Since this service will return the login name which is identical to the
LDAP-User I hopefully only have to work for reading the LDAP-Attributes and

One question about PAS/LDAPMultiPlugin and LDAPUserFolder/LDAPUserSatellite:

We work a lot with LDAPUserSatellite in different Folders, which will change
local roles of users. Is this also possible with PAS/LDAPMultiPlugin ?

Thanks for that hint. 


Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis
++ Jetzt anmelden & testen ++ http://www.gmx.net/de/go/promail ++
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to