Previously Tres Seaver wrote:
> Tim Olsen wrote:
> > I see there is a separation between User ID and Login Name in PAS, but
> > IUserAdderPlugin only has "login" and "password" arguments for
> > doAddUser()
> > 
> > Is the User ID supposed to be left up to the User Manager to determine?
> Yes, it is an implementation detail of the plugin (or actually, the
> constellation of plugins).  The ZODB user manager plugin allows the
> admin to specify the ID when adding a user, but external systems (e.g.,
> an LDAP store) might not allow it.

There is a bit of an issue here which I have been meaning to discuss:
the IUserAdderPlugin interface is really narrow. When you create users
in LDAP you need to populate the record with enough data to satisfy the
requirements for the choosen objectClass. Since doAddUser only has the
loginname to work with this is only possible in LDAP environments where
the DN is keyed on the chosen login attribute and you do not mind
filling the other obligatory attributes with bogus data. If your LDAP
environment uses another attribute for DN (Active Directory does for
example: it uses cn) it is impossible to create LDAP users using the
IUserAdderPlugin interface.

I would like to see a way to get this fixed in Zope2, preferably in PAS.
If I remember correctly PAU takes a different approach and passes a full
user object to its doAddUser equivalent which guarantees a user creation
plugin always has all user information it might require. Could we extend
IUserAdderPlugin or add a new interface to support this kind of usage?


Wichert Akkerman <[EMAIL PROTECTED]>    It is simple to make things.                   It is hard to make things simple.
Zope-PAS mailing list

Reply via email to