Tres Seaver wrote: > robert rottermann wrote: > >> Hi there, > >> > >> I would like to use Session Auth Helper to authenticate a user after he > >> has logged into a site using Active Directory. > >> > >> this are the steps I use to create the setup: > >> - add an ActiveDirectory Multiplugin > >> - activate all services > >> - apply patches to have the groups working > >> according instructions on Plone I install > >> LDAPMultiPlugins-plone.org.patch from antiloop.plone.org > >> - add an Session Auth Helper > >> - activate all three services (Reset Credentials, > UpdateCredentials, > >> Extraction) > >> - Up the session timeout of the site to 5 hours > >> > >> Now my questions: > >> - do I have to change the sequence of the active plugins to avoid > >> contacting the AD server after a successful login > > >> (as long the session is active) > >> it is like this now > >> credentials_cookie_auth > >> AD Multiplugin > >> Session Auth Helper > >> > >> - is there something else I have to take care of? > > > Yes, you want the session auth plugin to be registered *ahead* of the AD > / LDAP plugin, in the registration for IAuthenticateCredentials. That > list looks like the one for IExtractCredentials (the cookie plugin can't > actually authenticate, it only retrieves credentials from the request). > > > Tres. > -- thanks Tres, a stupid follow up question: what is ahead? (from the context of this mail) I assume this means above of AD?
robert
begin:vcard fn:robert rottermann n:rottermann;robert email;internet:[EMAIL PROTECTED] tel;work:031 333 10 20 tel;fax:031 333 10 23 tel;home:031 333 36 03 x-mozilla-html:FALSE version:2.1 end:vcard
_______________________________________________ Zope-PAS mailing list [email protected] http://mail.zope.org/mailman/listinfo/zope-pas
