-----BEGIN PGP SIGNED MESSAGE-----
Wichert Akkerman wrote:
> There is a bit of an issue here which I have been meaning to discuss:
> the IUserAdderPlugin interface is really narrow. When you create users
> in LDAP you need to populate the record with enough data to satisfy the
> requirements for the choosen objectClass. Since doAddUser only has the
> loginname to work with this is only possible in LDAP environments where
> the DN is keyed on the chosen login attribute and you do not mind
> filling the other obligatory attributes with bogus data. If your LDAP
> environment uses another attribute for DN (Active Directory does for
> example: it uses cn) it is impossible to create LDAP users using the
> IUserAdderPlugin interface.
Which is actually fine. We aren't going to be able to come up with a
uniform interface for all possible backends; instead, the application
which drives user creation is going to need tweaking to accomodate what
the backends require.
> I would like to see a way to get this fixed in Zope2, preferably in PAS.
> If I remember correctly PAU takes a different approach and passes a full
> user object to its doAddUser equivalent which guarantees a user creation
> plugin always has all user information it might require. Could we extend
> IUserAdderPlugin or add a new interface to support this kind of usage?
I'd rather punt, as noted above, and have the application talk directly
to the plugin (which is what PAU does, actually, I think). I don't see
that making PAS a hyper-generic intermediary is a win for this problem.
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope-PAS mailing list