From: richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Tue, 24 Jun 2003 01:34:18 +0000 (+0000)
Subject: added simplistic LDAP authentication example
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=58fc4aa170d273c1379ca395818c69f54f8a9a73;p=roundup.git

added simplistic LDAP authentication example


git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1749 57a73879-2fb5-44c3-a270-3262357dd7e2
---

diff --git a/doc/customizing.txt b/doc/customizing.txt
index 178808b..36712de 100644
--- a/doc/customizing.txt
+++ b/doc/customizing.txt
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.90 $
+:Version: $Revision: 1.91 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -3112,6 +3112,42 @@ now do all the work::
 And that's it!
 
 
+Using an LDAP database for user information
+-------------------------------------------
+
+A script that reads users from an LDAP store using
+http://python-ldap.sf.net/ and then compares the list to the users in the
+roundup user database would be pretty easy to write. You'd then have it run
+once an hour / day (or on demand if you can work that into your LDAP store
+workflow). See the example `Using a UN*X passwd file as the user database`_
+for more information about doing this.
+
+To authenticate off the LDAP store (rather than using the passwords in the
+roundup user database) you'd use the same python-ldap module inside an
+extension to the cgi interface. You'd do this by adding a method called
+"verifyPassword" to the Client class in your tracker's interfaces.py
+module. The method is implemented by default as::
+
+    def verifyPassword(self, userid, password):
+        ''' Verify the password that the user has supplied
+        '''
+        stored = self.db.user.get(self.userid, 'password')
+        if password == stored:
+            return 1
+        if not password and not stored:
+            return 1
+        return 0
+
+So you could reimplement this as something like::
+
+    def verifyPassword(self, userid, password):
+        ''' Verify the password that the user has supplied
+        '''
+        # look up some unique LDAP information about the user
+        username = self.db.user.get(self.userid, 'username')
+        # now verify the password supplied against the LDAP store
+
+
 Enabling display of either message summaries or the entire messages
 -------------------------------------------------------------------