Hash: SHA1

Wichert Akkerman wrote:

> There is a bit of an issue here which I have been meaning to discuss:
> the IUserAdderPlugin interface is really narrow. When you create users
> in LDAP you need to populate the record with enough data to satisfy the
> requirements for the choosen objectClass. Since doAddUser only has the
> loginname to work with this is only possible in LDAP environments where
> the DN is keyed on the chosen login attribute and you do not mind
> filling the other obligatory attributes with bogus data. If your LDAP
> environment uses another attribute for DN (Active Directory does for
> example: it uses cn) it is impossible to create LDAP users using the
> IUserAdderPlugin interface.

Which is actually fine.  We aren't going to be able to come up with a
uniform interface for all possible backends;  instead, the application
which drives user creation is going to need tweaking to accomodate what
the backends require.

> I would like to see a way to get this fixed in Zope2, preferably in PAS.
> If I remember correctly PAU takes a different approach and passes a full
> user object to its doAddUser equivalent which guarantees a user creation
> plugin always has all user information it might require. Could we extend
> IUserAdderPlugin or add a new interface to support this kind of usage?

I'd rather punt, as noted above, and have the application talk directly
to the plugin (which is what PAU does, actually, I think).  I don't see
that making PAS a hyper-generic intermediary is a win for this problem.

- --
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Zope-PAS mailing list

Reply via email to