Previously Tres Seaver wrote: > Tim Olsen wrote: > > I see there is a separation between User ID and Login Name in PAS, but > > IUserAdderPlugin only has "login" and "password" arguments for > > doAddUser() > > > > Is the User ID supposed to be left up to the User Manager to determine? > > Yes, it is an implementation detail of the plugin (or actually, the > constellation of plugins). The ZODB user manager plugin allows the > admin to specify the ID when adding a user, but external systems (e.g., > an LDAP store) might not allow it.
There is a bit of an issue here which I have been meaning to discuss: the IUserAdderPlugin interface is really narrow. When you create users in LDAP you need to populate the record with enough data to satisfy the requirements for the choosen objectClass. Since doAddUser only has the loginname to work with this is only possible in LDAP environments where the DN is keyed on the chosen login attribute and you do not mind filling the other obligatory attributes with bogus data. If your LDAP environment uses another attribute for DN (Active Directory does for example: it uses cn) it is impossible to create LDAP users using the IUserAdderPlugin interface. I would like to see a way to get this fixed in Zope2, preferably in PAS. If I remember correctly PAU takes a different approach and passes a full user object to its doAddUser equivalent which guarantees a user creation plugin always has all user information it might require. Could we extend IUserAdderPlugin or add a new interface to support this kind of usage? Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Zope-PAS mailing list [email protected] http://mail.zope.org/mailman/listinfo/zope-pas
