-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wichert Akkerman wrote:

> There is a bit of an issue here which I have been meaning to discuss:
> the IUserAdderPlugin interface is really narrow. When you create users
> in LDAP you need to populate the record with enough data to satisfy the
> requirements for the choosen objectClass. Since doAddUser only has the
> loginname to work with this is only possible in LDAP environments where
> the DN is keyed on the chosen login attribute and you do not mind
> filling the other obligatory attributes with bogus data. If your LDAP
> environment uses another attribute for DN (Active Directory does for
> example: it uses cn) it is impossible to create LDAP users using the
> IUserAdderPlugin interface.

Which is actually fine.  We aren't going to be able to come up with a
uniform interface for all possible backends;  instead, the application
which drives user creation is going to need tweaking to accomodate what
the backends require.

> I would like to see a way to get this fixed in Zope2, preferably in PAS.
> If I remember correctly PAU takes a different approach and passes a full
> user object to its doAddUser equivalent which guarantees a user creation
> plugin always has all user information it might require. Could we extend
> IUserAdderPlugin or add a new interface to support this kind of usage?

I'd rather punt, as noted above, and have the application talk directly
to the plugin (which is what PAU does, actually, I think).  I don't see
that making PAS a hyper-generic intermediary is a win for this problem.


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD0k8e+gerLs4ltQ4RAjVzAJ4k/faNGoFiWuDpoxDValZd6hyyMwCfd86g
bBpKdHF3wzZYvr3Lz7BrjXQ=
=1JyY
-----END PGP SIGNATURE-----

_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to