summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJens Vagelpohl <jens@netz.ooo>2002-07-18 18:41:02 +0000
committerJens Vagelpohl <jens@netz.ooo>2002-07-18 18:41:02 +0000
commit264394f02bf28e5099eb3dabceea86233b61e170 (patch)
tree4b825dc642cb6eb9a060e54bf8d69288fbee4904
parent623c733fb16c73530a7823abc3497323c29878f3 (diff)
downloadLDAPRoleExtender-264394f02bf28e5099eb3dabceea86233b61e170.zip
LDAPRoleExtender-264394f02bf28e5099eb3dabceea86233b61e170.tar.gz
New repository initialized by cvs2svn.
-rw-r--r--CHANGES.txt247
-rw-r--r--INSTALL.txt49
-rw-r--r--LDAPLoginAdapter.py946
-rw-r--r--LDAPUser.py103
-rw-r--r--LICENSE.txt72
-rw-r--r--README.txt156
-rw-r--r--SAMPLE_RECORDS.txt44
-rw-r--r--VERSION.txt1
-rw-r--r--__init__.py24
-rw-r--r--dtml/addLDAPLoginAdapter.dtml78
-rw-r--r--dtml/advancedProps.dtml140
-rw-r--r--dtml/contents.dtml251
-rw-r--r--dtml/finduser.dtml181
-rw-r--r--dtml/ldapschema.dtml86
-rw-r--r--dtml/login.dtml18
-rw-r--r--dtml/logout.dtml7
-rw-r--r--dtml/properties.dtml80
-rw-r--r--dtml/showcache.dtml89
-rw-r--r--dtml/showlog.dtml20
-rw-r--r--help/LDAPLoginAdapter.py107
-rw-r--r--help/LDAPLoginAdapter_Add.stx73
-rw-r--r--help/LDAPLoginAdapter_Advanced.stx60
-rw-r--r--help/LDAPLoginAdapter_Caches.stx29
-rw-r--r--help/LDAPLoginAdapter_Configure.stx60
-rw-r--r--help/LDAPLoginAdapter_Contents.stx39
-rw-r--r--help/LDAPLoginAdapter_Log.stx32
-rw-r--r--help/LDAPLoginAdapter_Schema.stx30
-rw-r--r--help/LDAPLoginAdapter_Search.stx18
-rw-r--r--help/LDAPUser.py86
-rw-r--r--version.txt1
-rw-r--r--www/ldaploginadapter.gifbin914 -> 0 bytes
31 files changed, 0 insertions, 3127 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
deleted file mode 100644
index 0c890a7..0000000
--- a/CHANGES.txt
+++ /dev/null
@@ -1,247 +0,0 @@
-CHANGES.txt for the LDAPLoginAdapter
-
- This file contains change information for the LDAPLoginAdapter product.
-
- LDAPLoginAdapter 1.2
-
- Bugs fixed:
-
- * Added a missing comma in __ac_permissions__ that broke
- changing roles via the "Security" tab on the
- LDAPLoginAdapter...
-
- * Completely revamped the exception handling in authenticate
- so that there will always be a (hopefully) helpful output
- in the log
-
- * authenticate had an exeption handler that would try and use a
- variable left uninitialized when the exception was thrown.
-
- LDAPLoginAdapter 1.2beta3
-
- Bugs fixed:
-
- * The methods that manipulate the publicly available user object
- attributes now make sure to flush the cache of user objects
- and force all of them to be recreated, thereby making the
- changes "grab" immediately and not just whenever the user object
- expires all by itself and gets recreated.
-
- LDAPLoginAdapter 1.2beta2
-
- Features Added:
-
- * A new management tab called "LDAP Schema" allows the
- manager to enter or delete attributes that describe the
- LDAP schema used for the LDAP user records. This completely
- replaces the misleading "Allowable User Attributes" found
- on the Advanced tab which had been abused to find out more
- about the LDAP schema in use. All select lists that list
- LDAP attributes are now driven by the attributes that are
- shown on the LDAP Schema tab.
-
- Features deprecated:
-
- * The "Special Users" and "Special User Roles" feature has been
- deprecated. I considered it a kludge in cases where you cannot
- set your LDAP schema correctly. With the advent of the
- LDAPUserManager product it has become trivially easy to add
- users and groups. This is the much preferred way of conferring
- roles to users.
-
- Bugs fixed:
-
- * Mishandled the loop to delete the public attribute mappings
- in manage_deletePublicUserAttrs which caused index errors
-
- * Default handling of method calls through the web or from
- python was inconsistent in regards to what to return and
- what to expect. All method signatures that might expect
- REQUEST now set it to a default value of None and in the
- method body test to see if it is None. This improves the
- use of methods from python where no REQUEST is guaranteed.
-
- * Change capitalization of manage_AddPublicUserAttrs to bring
- it in line with the normally used capitalization scheme
-
- * Renamed "Contents" tab to "Custom Forms" to clear up the
- meaning of this tab
-
- LDAPLoginAdapter 1.2beta1
-
- Features Added:
-
- * Cookie-based authentication with a login page and the
- ability to simply drop in custom login pages.
-
- * Complete rewriting of all code connected to the
- validate method, which does the actual authentication,
- to reflect the way it is done in the latest built-in
- user folder object.
-
- Bugs fixed:
-
- * The bunduid and bindpwd attributes which hold the DN and
- password of the LDAP server manager user are now safeguarded
- from DTML access by changing names to _binduid and _bindpwd.
- A (protected) method, getProperty, is now used to get them.
-
- * The LDAP search string created in _lookupuser, the method
- which is called by validate to find a user in LDAP, created
- search expressions with asterisk wildcard characters around
- the search term. These were removed in the interest of an
- unambiguous match.
-
- LDAPLoginAdapter 1.1
-
- Features Added:
-
- * Instead of hardcoding fixed publicly available attributes
- onto the LDAPUser object you can now take full control
- of the mapping from LDAP attribute to public user object
- attribute.
- A public user object attribute is an attribute that is
- directly accessible on the user object. DTML code like
- "AUTHENTICATED_USER.email" is an example of accessing
- a directly accessible attribute on the user object. A lot
- of legacy DTML code relies on such attributes.
-
- Bugs fixed:
-
- * finduser() now lowercases all DN records from valid groups
- and compares it to a lowercased DN from any search results
- among user records. This fixes records not showing up if
- the capitalization in the group and on the user record
- is different.
-
- * When a user object was created the code expected a "mail"
- attribute on the LDAP record to set the email attribute
- used for compatibility with the Tracker. This has been
- repaired and will just default to an empty string.
-
- * Users who use tools like PADL's migration script end up
- with records that do not have the expected "sn" attribute.
- This is not set to a default value in finduser() to avoid
- errors in case it is not there.
- This will make the LDAPLoginAdapter compatible with
- user records of type posixAccount.
-
-
- LDAPLoginAdapter 1.0
-
- Bugs fixed:
-
- * Due to a bug in checking the return values from an LDAP search
- the cache can be polluted by invalid records for failed
- logins. This did not constitue a security breach, just more
- processing than necessary.
-
-
- LDAPLoginAdapter 1.0beta3
-
- Bugs Fixed:
-
- * Moved the LDAP search scope translation list from a volatile
- attribute on the LDAPLoginAdapter to a module-level attribute.
- This avoids any re-initialization calls.
-
- * Eliminated the extra attribute _v_loglines that counted the
- length of the log. A simple call to len(self._v_log) replaces
- it where log length info is needed.
-
- * Created one centralized method that handles connecting to and
- searching the LDAP server. This allows centralized error
- handling and makes for less and cleaner code. So far finduser,
- getUserDetails, getGroups, getUserNames and _lookupuser have
- been converted to use it instead of having their own connection
- code.
-
- * Rooted out error that would put a known user into the cache
- even though the password was not matched. This was not a
- security error since the broken user had the wrong password
- and failed any tests in validate()
-
- * Rigorous pruning of overly long lines of code to pare everything
- down to 80 chars width max
-
- * Avoiding unnecessary calls to the logging routine by checking
- for the correct log level *before* the call and not in the
- logging method.
-
- * Added a file, SAMPLE_RECORDS.txt, that shows a sample group-
- and user record. This will hopefully make it easier to
- understand the types of LDAP records needed.
-
- Features added:
-
- * Nicer Search screen adopted from the LDAPUserManager
-
-
- LDAPLoginAdapter 1.0beta2
-
- Features added:
-
- * Clearer error messages through refactoring of all code that
- is responsible for connecting and disconnecting from the LDAP
- server.
-
- * Co-operation with the Zope Tracker software has been ensured
- by making a full name and email attribute available on the
- user object returned from the LDAPLoginAdapter.
-
- * Added API documentation to the Zope Help System
-
- Bugs Fixed:
-
- * Various code cleanups
-
- * Added check to see if a server address with a prepended
- "ldap://" was entered.
-
- * Updated all docs to clarify the reliance on Zope
- version 2.3.0 of higher.
-
- * Vetted all code to make sure that every connection made
- to the LDAP server is followed by a formal disconnect,
- regardless of processing between connect and disconnect.
-
-
- LDAPLoginAdapter 1.0beta1
-
- Features added:
-
- * The LDAP record attribute to be used as the user's name
- can be selected from a list of attributes
-
- * The list of LDAP attributes to be used as the user's name
- can be extended or reduced and custom attributes can be
- added to it.
-
- * A Search screen allows the Manager to search the LDAP
- database for user records and then view their details.
-
- * The python code has been refactored and the code for the
- LDAPUser class has been split off into a separate module.
-
- * All LDAPLoginAdapter-specific management screens have help
- screens associated with them, accessible through the built-in
- Zope Help System.
-
- * All management screens have been modified to integrate with
- the new Zope Management Interface, introduced in Zope 2.3.0.
-
- * ...and many others I forgot to track.
-
-
- The Beginning
-
- This product started from Ross Lazarus' Zope LDAP Adapter, which has
- since seen many improvement and moved to SourceForge. You can see
- Ross' and Soren Roug's efforts at:
-
- http://sourceforge.net/projects/zldapadapter
-
- I decided to use it as a base and develop a customized version for
- use in authenticating users in Digital Creations' own intranet. I
- have come to the point where it has matured enough to be released
- to a wider audience.
diff --git a/INSTALL.txt b/INSTALL.txt
deleted file mode 100644
index 9fc5bb3..0000000
--- a/INSTALL.txt
+++ /dev/null
@@ -1,49 +0,0 @@
-Installing the LDAPLoginAdapter Product
-
- You will need Zope version 2.3.0 or higher!
-
- If you are looking for a similar solution for a pre-2.3.0-site
- see http://sourceforge.net/projects/zldapadapter/ for the
- LDAPAdapter. The LDAPAdapter, written by Ross Lazarus and Soren Roug,
- formed the basis for the LDAPLoginAdapter.
-
- This product does not require any special handling after unzipping
- and untarring it in the Zope Products directory. You should do
- something like::
-
- $ cp LDAPLoginAdapter-xyz.tgz <zope_root>/lib/python/Products
- $ cd <zope_root>/lib/python/Products
- $ tar zxvf LDAPLoginAdapter-xyz.tgz
- <watch files being decompressed>
-
- That's all. Do not forget to restart Zope afterwards.
-
-
- **Upgraders beware**
-
- In order to avoid problems everyone who upgrades from a prior
- version of the LDAPLoginAdapter should delete and recreate any
- LDAPLoginAdapter instance they have!
-
-
- **Important Hint**
-
- Depending on your choice of Zope install (e.g. compiled from source
- or binary version) you need to make sure that the python-ldap
- module (see README.txt) can be found by Zope.
-
- The first step after compiling the python-ldap module is to find
- out if it works correctly by firing up your python interpreter
- and typing "import ldap". Then hit return. If no error message shows
- up the module is compiled and installed correctly.
-
- If after correctly installing and compiling the python-ldap
- module Zope still complains "ImportError: No module named ldap"
- you need to find the module file (its name is "ldapmodule.so") and
- manually copy it into the LDAPLoginAdapter folder in your Zope
- Products folder. This will be the case with all those Zope installs
- that contain their own python binary, like the Linux binary install.
-
-
-
- See README.txt for any other dependencies and requirements.
diff --git a/LDAPLoginAdapter.py b/LDAPLoginAdapter.py
deleted file mode 100644
index 0ee75f9..0000000
--- a/LDAPLoginAdapter.py
+++ /dev/null
@@ -1,946 +0,0 @@
-#####################################################################
-#
-# LDAPLoginAdapter An LDAP-based user source for Zope
-#
-# This software is governed by a license. See
-# LICENSE.txt for the terms of this license.
-#
-#####################################################################
-__version__='$Revision$'[11:-2]
-
-from LDAPUser import LDAPUser
-import string, time, sys, os, urllib, ldap
-from base64 import encodestring, decodestring
-from Globals import HTMLFile, MessageDialog, package_home
-from AccessControl.User import BasicUserFolder
-from AccessControl.ZopeSecurityPolicy import _noroles
-from Acquisition import Implicit
-from ExtensionClass import Base
-from OFS.ObjectManager import ObjectManager
-from OFS.SimpleItem import SimpleItem
-import Products
-
-_marker = []
-_dtmldir = os.path.join(package_home(globals()), 'dtml')
-addLDAPLoginAdapterForm = HTMLFile('addLDAPLoginAdapter', _dtmldir)
-ldap_scopes = (ldap.SCOPE_BASE, ldap.SCOPE_ONELEVEL, ldap.SCOPE_SUBTREE)
-
-
-class LDAPLoginAdapter(BasicUserFolder, ObjectManager, Implicit, Base):
- """ LDAPLoginAdapter
-
- The LDAPLoginAdapter is a user database. It contains management hooks
- so that it can be added to a Zope folder as an 'acl_users'
- database. Its important public method is validate() which
- returns a Zope user object of type LDAPUser
-
- """
-
- meta_type = 'LDAPLoginAdapter'
- id = 'acl_users'
- title = 'LDAPLoginAdapter'
-
- isAUserFolder = 1
-
-
- manage_options=(
- (
- {'label' : 'Configure', 'action' : 'manage_main',
- 'help' : ('LDAPLoginAdapter','LDAPLoginAdapter_Configure.stx')},
- {'label' : 'Advanced', 'action' : 'manage_advanced',
- 'help' : ('LDAPLoginAdapter','LDAPLoginAdapter_Advanced.stx') },
- {'label' : 'LDAP Schema', 'action' : 'manage_ldapschema',
- 'help' : ('LDAPLoginAdapter', 'LDAPLoginAdapter_Schema.stx') },
- {'label' : 'Caches', 'action' : 'manage_showcache',
- 'help' : ('LDAPLoginAdapter', 'LDAPLoginAdapter_Caches.stx') },
- {'label' : 'Search', 'action' : 'manage_finduser',
- 'help' : ('LDAPLoginAdapter', 'LDAPLoginAdapter_Search.stx') },
- {'label' : 'Custom Forms', 'action' : 'manage_contents',
- 'help' : ('LDAPLoginAdapter', 'LDAPLoginAdapter_Contents.stx')},
- {'label' : 'Log', 'action' : 'manage_showlog',
- 'help' : ('LDAPLoginAdapter', 'LDAPLoginAdapter_Log.stx') },
- )
- + SimpleItem.manage_options
- )
-
-
- __ac_permissions__=(
- ('View management screens',('manage', 'manage_main', 'manage_contents',
- 'manage_showlog', 'manage_advanced',
- 'manage_showcache', 'manage_finduser',
- 'manage_ldapschema')),
- ('Manage users', ('getUserNames','getUser','getUsers',
- 'getUserById', 'findUser', 'getUserDetails',
- 'getLDAPSchema', 'getLog',
- 'getPublicUserAttrs', 'getProperty')),
- ('Change LDAPLoginAdapter', ('manage_edit', 'manage_editLogVerbosity',
- 'manage_addPublicUserAttrs',
- 'manage_deletePublicUserAttrs',
- 'manage_addLDAPSchemaItem',
- 'manage_deleteLDAPSchemaItems'))
- )
-
-
- manage=manage_main = HTMLFile('dtml/properties', globals())
- manage_advanced = HTMLFile('dtml/advancedProps', globals())
- manage_ldapschema = HTMLFile('dtml/ldapschema', globals())
- manage_showlog = HTMLFile('dtml/showlog', globals())
- manage_showcache = HTMLFile('dtml/showcache', globals())
- manage_finduser = HTMLFile('dtml/finduser', globals())
- manage_contents = HTMLFile('dtml/contents', globals())
-
- default_loginpage = HTMLFile('dtml/login', globals())
- default_logoutpage = HTMLFile('dtml/logout', globals())
-
-
- def __setstate__(self, v):
- LDAPLoginAdapter.inheritedAttribute('__setstate__')(self, v)
-
- self._clearCaches()
- if not hasattr(self, 'verbose'): self.verbose = 1
- self.verbose > 2 and self._logit(3,'Initialized through __setstate__')
-
-
- def __init__(self, title, LDAP_server, login_attr,
- users_base, users_scope,
- roles, groups_base, groups_scope,
- binduid, bindpwd, use_cookies, REQUEST):
- self.verbose = 2 # _logit needs it
- self._public_userattrs = [] # safe default
- self._ldapschema = [('dn', 'Distinguished Name'),
- ('cn', 'Canonical Name'),
- ('sn', 'Surname')]
-
- self.manage_edit(title, LDAP_server, login_attr,
- users_base, users_scope,
- roles, groups_base, groups_scope,
- binduid, bindpwd, use_cookies, REQUEST)
-
-
- def all_meta_types(self):
- """ What can you put inside me? """
- f = lambda x: x['name'] in ('DTML Method', 'DTML Document', 'Script (Python)')
- return filter(f, Products.meta_types)
-
-
- def objectItems(self, spec=None):
- return ObjectManager.objectItems(self, spec)
-
-
- def objectIds(self, spec=None):
- return ObjectManager.objectIds(self, spec)
-
-
- def _clearCaches(self):
- """ Clear all logs and caches for user-related information """
- self._v_cache = {} # Secondary cache for non-logged in users
- self._v_users = {} # this is the cache of logged-in users
- self._v_log = []
- self._v_userlist = []
- self._v_userlistexpire = 0
-
-
- def _connect(self):
- """ initialize an ldap server connection """
- try:
- connection = ldap.open(self.LDAP_server,self.LDAP_port)
- connection.simple_bind_s(self._binduid,self._bindpwd)
- self.verbose > 8 and self._logit(9,
- 'Opened connection to ldap server %s' %
- str(self.LDAP_server) + ':' + str(self.LDAP_port))
- return connection
-
- except:
- self.verbose > 0 and self._logit(1,
- 'Unable to open connection to ldap server %s' %
- str(self.LDAP_server) + ':' + str(self.LDAP_port))
-
- return None
-
-
- def _disconnect(self, connection):
- """ close the ldap connection """
- try:
- connection.unbind_s()
- self.verbose > 8 and self._logit(9,
- 'Closed connection to ldap server')
- except:
- self.verbose > 0 and self._logit(1,
- 'Failed to disconnect from LDAP server')
-
-
- def _formatException(self, e):
- """ Format exception output for use in a MessageDialog """
- infotuple = getattr(e, 'args', ())
- if infotuple:
- errordict = infotuple[0]
- msg = '<b>An Error occurred:<br>'
- msg = msg + 'Error Type: %s<br>Server Message: %s</b>' % (
- errordict.get('desc', 'Not Available'),
- errordict.get('info', 'Not Available'))
-
-
- def _searchResults(self, search_base, search_scope, search_string,
- attr=None, user=None, password=None):
- """ The main search engine """
-
- connection = self._connect()
- if connection is None:
- return '###Error###: Cannot connect to LDAP server!'
-
- if user is not None:
- try:
- connection.bind_s(user, password, ldap.AUTH_SIMPLE)
- except ldap.INVALID_CREDENTIALS:
- self.verbose > 3 and self._logit(4,
- 'Invalid credentials for user %s' % user)
- self._disconnect(connection)
- raise
-
- try:
- res = connection.search_s(search_base, search_scope,
- search_string, attr)
- except ldap.NO_SUCH_OBJECT:
- res = '###ERROR###: Cannot find %s under %s!' % (
- search_string, search_base)
- except ldap.SIZELIMIT_EXCEEDED:
- res = '###Error###: Too many records returned for query \
- %s under %s!' % (search_string, search_base)
- self.verbose > 1 and self._logit(2, '_searchResults: too many \
- records for %s under %s' % (search_string, search_base))
- except:
- res = '###Error###: %s, %s' % sys.exc_info()[:2]
- self.verbose > 1 and self._logit(2,
- 'Call to _searchResults returned ' + str(res))
-
- self._disconnect(connection)
- return res
-
-
- def encodeString(self, string):
- """
- A helper to encrypt a string so that it can be used as query
- string piece
- """
- return urllib.quote(string)
-
-
- def getUserDetails(self, dn):
- """
- Return all attributes for a given DN
- """
- lscope = ldap_scopes[self.users_scope]
-
- res = self._searchResults(dn, lscope, 'objectClass=*')
-
- if type(res) == type (''):
- result = (('Exception', res),)
- elif len(res) > 0:
- result = res[0][1].items()
- result.sort()
- else:
- result = ()
-
- return result
-
-
- def findUser(self, search_param, search_term):
- """ Look up matching user records based on attributes """
- lscope = ldap_scopes[self.users_scope]
- gscope = ldap_scopes[self.groups_scope]
- users = []
- groupusers = {}
-
- res = self._searchResults(self.groups_base,gscope,
- "(uniquemember=*)",['uniquemember'])
-
- if type(res) == type(''):
- return [{'dn': res }]
- elif len(res) > 0:
- for i in range(len(res)):
- for member in res[i][1]['uniqueMember']:
- groupusers[string.lower(member)] = None
-
- groupuser_list = groupusers.keys()
-
- if search_param == 'dn':
- users_base = search_term
- search_str = 'objectClass=*'
- else:
- users_base = self.users_base
- search_str = '(%s=*%s*)' % (search_param, search_term)
-
- res = self._searchResults(users_base, lscope, search_str)
-
- if type(res) == type(''):
- users = [{ 'dn' : res }]
- elif len(res) > 0:
- for i in range(len(res)):
- dn = res[i][0]
- if string.lower(dn) in groupuser_list:
- rec_dict = {}
- rec_dict['dn'] = dn
- rec_dict['sn'] = ''
-
- for key in res[i][1].keys():
- rec_dict[key] = res[i][1][key][0]
-
- users.append(rec_dict)
-
- return users
-
-
- def _lookupuser(self, uid, pwd=None):
- """
- returns a unique RID and the groups a uid belongs to
- as well as a dictionary containing user attributes
- """
- s = []
- unique = ''
- user_attrs = {}
-
- # make sure we translate 0/1/2 into the right codes..
- lscope = ldap_scopes[self.users_scope]
- gscope = ldap_scopes[self.groups_scope]
-
- if pwd is not None and string.strip(pwd) == '':
- pwd = '~'
-
- if self.login_attr == 'dn':
- users_base = uid
- search_str = 'objectClass=*'
- else:
- users_base = self.users_base
- search_str = '%s=%s' % (self.login_attr, uid)
-
- res = self._searchResults(users_base, lscope, search_str)
- if (type(res) == type('') or len(res) < 1):
- return None, None, None
- elif len(res) > 0:
- # gets a dn suitable for the next call for uid=userid
- unique = res[0][0]
- user_attrs = res[0][1]
-
- if pwd is not None:
- res = self._searchResults(self.groups_base,gscope,
- "(uniquemember=%s)" % (unique), attr = ['cn'],
- user=unique, password=pwd)
- else:
- res = self._searchResults(self.groups_base,gscope,
- "(uniquemember=%s)" % (unique), attr=['cn'])
-
- if type(res) == type(''):
- return None, res, {}
- elif len(res) > 0:
- for i in range(len(res)):
- for eachcn in range(len(res[i][1]['cn'])):
- c = res[i][1]['cn'][eachcn]
- s.append(c)
-
- return s, unique, user_attrs
-
-
- def getGroups(self, dn='*', attr=None):
- """
- returns a list of possible groups from the ldap tree.
- Used e.g. in showgroups.dtml
- """
- group_list = []
- gscope = ldap_scopes[self.groups_scope]
-
- res = self._searchResults(self.groups_base,gscope,
- "(uniquemember=%s)" % (dn), attr=['dn','cn'])
-
- if type(res) == type(''):
- group_list = (('', res),)
- elif len(res) > 0:
- for i in range(len(res)):
- if attr is None:
- group_list.append((res[i][1]['cn'][0], res[i][0]))
- elif attr == 'cn':
- group_list.append(res[i][1]['cn'][0])
- elif attr == 'dn':
- group_list.append(res[i][0])
-
- return group_list
-
-
- def getLog(self):
- """ Used by showlog.dtml: returns a list of log entries """
- return self._v_log
-
-
- def _logit(self, level, logline):
- """ Logs a single line and keeps log length at max. 500 lines.
-
- Level: 1 - Catastrophes
- 2 - Major Events
- 3 - Minor events
- 4 - Login failures
- 5 - Login Successes
- 7 - Login success from cache
- 9 - Debugging
- """
- self._v_log.append('(%d) %s: %s' % (level,
- time.strftime('%b %d %H:%M:%S',
- time.localtime(time.time())),logline))
-
- if len(self._v_log) > 500:
- self._v_log.pop(0)
-
-
- def manage_reinit(self, REQUEST=None):
- """ re-initialize and clear out users and log """
- self._clearCaches()
- self.verbose > 1 and self._logit(2,"Reinitialized")
-
- if REQUEST is not None:
- return MessageDialog(
- title ='Reinitialized',
- message='The LDAPLoginAdapter caches have been cleared',
- action ='manage_advanced')
-
-
- def manage_edit(self, title, LDAP_server, login_attr,
- users_base, users_scope, roles, groups_base,
- groups_scope, binduid, bindpwd, use_cookies, REQUEST=None):
- """ Edit the LDAPLoginAdapter Object """
- self.title = title
- self.login_attr = login_attr
- self.users_base = users_base
- self.users_scope = users_scope
-
- if groups_base == '':
- groups_base = users_base
-
- self.groups_base = groups_base
- self.groups_scope = groups_scope
-
- if string.find(LDAP_server, ':') != -1:
- self.LDAP_server = string.split(LDAP_server, ':')[0]
- self.LDAP_port = int(string.split(LDAP_server, ':')[1])
- else:
- self.LDAP_server = LDAP_server
- self.LDAP_port = 389
-
- self.roles = roles
- self._binduid = binduid
- self._bindpwd = bindpwd
- self.use_cookies = int(use_cookies)
-
- self._clearCaches()
- self.verbose > 1 and self._logit(2,'Properties changed')
- self.__roles__ = filter(None, map(string.strip,
- string.split(roles, ',')))
-
- connection = self._connect()
- if connection is None and REQUEST is not None:
- return MessageDialog(
- title = 'Cannot connect to LDAP!',
- message = '<b>Cannot connect to LDAP server %s port %s!<br>\
- Please check your connection settings! \
- </b>' % (self.LDAP_server, str(self.LDAP_port)),
- action = 'manage_main')
-
- self._disconnect(connection)
-
- if REQUEST is not None:
- return MessageDialog(
- title ='Properties Changed',
- message='The LDAPLoginAdapter has been edited',
- action ='manage_main')
-
-
- def manage_editLogVerbosity(self, verbose, REQUEST=None):
- """ Edit LDAPLoginAdapter advanced properties """
- self.verbose = verbose
-
- self.verbose > 1 and self._logit(2,'Log Verbosity changed')
-
- if REQUEST is not None:
- return MessageDialog(
- title ='Log Verbosity Changed',
- message='LDAPLoginAdapter Log Verbosity set to %d' % verbose,
- action ='manage_advanced')
-
-
- def getLDAPSchema(self):
- """ Retrieve the LDAP schema this product knows about """
- return self._ldapschema
-
-
- def manage_addLDAPSchemaItem(self, ldap_name, friendly_name='',
- REQUEST=None):
- """ Add a schema item to my list of known schema items """
- schema = self._ldapschema
- schema.append((ldap_name, friendly_name))
- self._ldapschema = schema
-
- if REQUEST is not None:
- return MessageDialog(
- title = 'Added schema item %s' % ldap_name,
- message = 'Schema item %s added!' % ldap_name,
- action = 'manage_ldapschema')
-
- def manage_deleteLDAPSchemaItems(self, ldap_names=[], REQUEST=None):
- """ Delete schema items from my list of known schema items """
- if len(ldap_names) < 1:
- if REQUEST is not None:
- return MessageDialog(
- title = 'No items selected',
- message = 'You did not select any items to delete',
- action = 'manage_ldapschema')
- else:
- return None
-
- schema = self._ldapschema
-
- for ldap_name in ldap_names:
- for schema_tuple in schema:
- if schema_tuple[0] == ldap_name:
- del schema[schema.index(schema_tuple)]
-
- self._ldapschema = schema
-
- if REQUEST is not None:
- return MessageDialog(
- title = 'Removed schema items',
- message = 'Schema items removed',
- action = 'manage_ldapschema')
-
- def getPublicUserAttrs(self):
- """ Return the public user attributes """
- return tuple(self._public_userattrs)
-
- def manage_deletePublicUserAttrs(self, public_attrs=[], REQUEST=None):
- """ Delete a public attribute for user objects """
- if len(public_attrs) < 1:
- if REQUEST is not None:
- return MessageDialog(
- title = 'Error deleting user attribute',
- message = 'You did not specify user attributes to delete!',
- action = 'manage_advanced')
- else:
- return None
-
- pubs = self._public_userattrs
-
- for public_attr in public_attrs:
- for pub in pubs:
- if pub[0] == public_attr:
- del pubs[pubs.index(pub)]
-
- self._public_userattrs = pubs
-
- # Need to clear caches so all user records get recreated
- self._clearCaches()
-
- if REQUEST is not None:
- return MessageDialog(
- title = 'Deleted user attributes',
- message = 'Public user attributes deleted',
- action = 'manage_advanced')
-
- def manage_addPublicUserAttrs(self, ldap_attribute,
- public_attribute='', REQUEST=None):
- """ Delete a public attribute for user objects """
- if len(public_attribute) < 1:
- if REQUEST is not None:
- return MessageDialog(
- title = 'Error adding user attribute',
- message = 'You did not specify a user attribute to add!',
- action = 'manage_advanced')
- else:
- return None
-
- pubs = self._public_userattrs
- pubs.append((public_attribute, ldap_attribute))
- self._public_userattrs = pubs
-
- # Need to clear caches so all user records get recreated
- self._clearCaches()
-
- if REQUEST is not None:
- return MessageDialog(
- title = 'Added user attribute',
- message = 'Public user attribute added',
- action = 'manage_advanced')
-
- def getUsers(self):
- """Return a list of *cached* user objects"""
- names = self._v_users.keys()
- names.sort()
- users = []
-
- for n in names:
- if self._v_users[n].notexpired(): # Show only the unexpired
- users.append(self._v_users[n])
-
- return users
-
-
- def getUserNames(self):
- """ Return a list of usernames """
- if not hasattr(self,'_v_userlistexpire'):
- self._v_userlistexpire = 0
-
- if self._v_userlistexpire > time.time():
- return self._v_userlist
-
- s = {}
- lscope = ldap_scopes[self.users_scope]
- login_attr = self.login_attr
-
- if login_attr == 'dn':
- res = self._searchResults(self.users_base,lscope,
- "(objectClass=*)")
- else:
- res = self._searchResults(self.users_base,lscope,
- "(objectClass=*)", attr=[login_attr])
-
- if type(res) == type(''):
- s[res] = None
- elif len(res) > 0:
- for i in range(len(res)):
- if login_attr != 'dn':
- name_list = res[i][1].get(login_attr, [])
- else:
- name_list = [res[i][0]]
-
- for name in name_list:
- s[name] = None
-
- self._v_userlist = s.keys()
- self._v_userlist.sort()
- self._v_userlistexpire = time.time() + 600 # Expire after 600 seconds
-
- return self._v_userlist
-
-
- def getUser(self, name):
- """Return the named user object or None"""
- if (self._v_cache.has_key(name) and
- self._v_cache[name].notexpired()):
- return self._v_cache.get(name)
-
- user_roles, user_dn, user_attrs = self._lookupuser(uid=name)
- if user_roles is not None:
- self.verbose > 8 and self._logit(9,
- '%s connect returned %s' % (name, user_dn))
- roles = string.join(user_roles, ',')
- user_obj = LDAPUser(name, 'undef', roles, [],
- user_attrs, self._public_userattrs)
- self._v_cache[name] = user_obj
- wrapped_user = user_obj.__of__(self)
- return wrapped_user
- else:
- self.verbose > 8 and self._logit(9,
- '%s not found in getUser' % name)
-
- return None
-
-
- def getUserById(self, id, default = _marker):
- """ Return a user object by ID (in this case by username) """
- try:
- if (self._v_cache.has_key(id) and
- self._v_cache.get(id).notexpired()):
- return self._v_cache.get(id, None)
-
- return self.getUser(id)
-
- except:
- if default is _marker: raise
- return default
-
-
- def _validate_from_cache(self,name,password):
- """ Check if the user is in cache, not expired and password matches. """
- tpass='undef'
-
- if self._v_users.has_key(name) and self._v_users[name].notexpired():
- newuser = self._v_users[name]
- self.verbose > 8 and self._logit(9,'%s found in user cache' % name)
-
- tpass = newuser._getPassword()
- if tpass == password:
- self.verbose > 6 and self._logit(7,
- '%s authenticated from cache' % name)
- newuser._updateActiveTime()
- return newuser
- else:
- self.verbose > 3 and self._logit(4,
- '%s password not matched in cache ' % name)
- del self._v_users[name]
- newuser = self.getUser(name)
-
- if newuser is not None:
- tpass = newuser._getPassword()
- if tpass == password:
- self.verbose > 6 and self._logit(7,
- '%s auth from cache AFTER LDAP lookup' % name)
- newuser._updateActiveTime()
- return newuser
- else:
- self.verbose > 3 and self._logit(4,
- '%s password not matched in cache and in LDAP' % name)
- return None
-
- self.verbose > 8 and self._logit(9,'%s not found in user cache' % name)
- return None
-
-
- def authenticate(self, name, password, request):
- super = self._emergency_user
-
- if name is None:
- return None
-
- if super and name == super.getUserName():
- user = super
- if self.use_cookies:
- token = '%s:%s' % (name, password)
- token = encodestring(token)
- token = urllib.quote(token)
-
- request['RESPONSE'].setCookie('__ac', token, path='/')
-
- else:
- # Check cached password
- self.verbose > 8 and self._logit(9,
- 'Checking cache for user %s' % (name))
- user = self._validate_from_cache(name, password)
-
- if user is None:
- try:
- uroles, uid, user_attrs = self._lookupuser(name, password)
- if uid > '':
- self.verbose > 8 and self._logit(9,
- '%s connect returned %s' % (name,uid))
- elif (uroles, uid, user_attrs) == (None, None, None):
- self.verbose > 8 and self._logit(9,
- 'Unknown user %s not validated' % name)
- return None
- except ldap.LDAPError, e:
- infotuple = getattr(e, 'args', ())
- if infotuple:
- errordict = infotuple[0]
- msg = 'Error Type: %s, Server Message: %s' % (
- errordict.get('desc', 'Not Available'),
- errordict.get('info', 'Not Available'))
- else:
- msg = 'Unknown LDAP Error'
-
- self.verbose > 0 and self._logit(1,
- 'Exception in _lookupuser looking up %s: %s' % (name, msg))
-
- return None
-
- except Exception, e:
- msg = getattr(e, 'args', ('Unknown Error',))[0]
-
- self.verbose > 0 and self._logit(1,
- 'Exception in _lookupuser looking up %s: %s' % (name, msg))
-
- return None
-
- if uroles is None:
- self.verbose > 8 and self._logit(9,
- '%s returned no roles' % name)
- return None
-
- r = string.split(self.roles,',')
- r = r + uroles
- newroles = string.join(r,',')
- user = LDAPUser(name, password, newroles, [],
- user_attrs, self._public_userattrs)
- self._v_users[name] = user
- self._v_cache[name] = user
-
- if self.use_cookies:
- token = '%s:%s' % (name, password)
- token = encodestring(token)
- token = urllib.quote(token)
-
- request['RESPONSE'].setCookie('__ac', token, path='/')
-
-
- if user is not None and user.authenticate(password, request):
- return user
- else:
- return None
-
-
-
- def validate(self, request, auth='', roles=_noroles):
- """
- The main engine
- """
- if getattr(self, 'use_cookies', 0):
- return self.cookie_validate(request, auth, roles)
- else:
- return self.basic_validate(request, auth, roles)
-
-
- def basic_validate(self, request, auth, roles):
- """
- this method performs identification, authentication, and
- authorization
- v is the object (value) we're validating access to
- n is the name used to access the object
- a is the object the object was accessed through
- c is the physical container of the object
-
- We allow the publishing machinery to defer to higher-level user
- folders or to raise an unauthorized by returning None from this
- method.
- """
- v = request['PUBLISHED'] # the published object
- a, c, n, v = self._getobcontext(v, request)
- name, password = self.identify(auth)
-
- user = self.authenticate(name, password, request)
-
- # user will be None if we can't authenticate him or if we can't find
- # his username in this user database.
- emergency = self._emergency_user
- if emergency and user is emergency:
- if self._isTop():
- # we do not need to authorize the emergency user against the
- # published object.
- return emergency.__of__(self)
- else:
- # we're not the top-level user folder
- return None
-
- elif user is None:
- # either we didn't find the username, or the user's password
- # was incorrect. try to authorize and return the anonymous user.
- if self._isTop() and self.authorize(self._nobody.__of__(self),a,
- c,n,v,roles):
- return self._nobody.__of__(self)
- else:
- # anonymous can't authorize or we're not top-level user folder
- return None
-
- else:
- # We found a user, his password was correct, and the user
- # wasn't the emergency user. We need to authorize the user
- # against the published object.
- if self.authorize(user.__of__(self), a, c, n, v, roles):
- return user.__of__(self)
- # That didn't work. Try to authorize the anonymous user.
- elif self._isTop() and self.authorize(self._nobody.__of__(self),
- a,c,n,v,roles):
- return self._nobody.__of__(self)
- else:
- # we can't authorize the user, and we either can't authorize
- # nobody against the published object or we're not top-level
- return None
-
-
- def cookie_validate(self, request, auth, roles):
- """
- Validation using Cookies
- """
- req_has = request.has_key
- resp = request['RESPONSE']
- login_doc = getattr(self, 'login', self.default_loginpage)
- v = request['PUBLISHED'] # the published object
- a, c, n, v = self._getobcontext(v, request)
-
- if req_has('__ac'): # Do we have the cookie?
- cookie = request['__ac']
- cookie = urllib.unquote(cookie)
-
- try:
- cookie = decodestring(cookie)
- name, password = tuple(string.split(cookie, ':'))
- except:
- resp.expireCookie('__ac', path='/')
- raise 'LoginRequired', login_doc(self, request)
-
- elif req_has('__ac_name') and req_has('__ac_password'):
- name = request['__ac_name']
- password = request['__ac_password']
-
- try:
- del request['__ac_name']
- del request['__ac_password']
- except:
- pass
-
- else:
- name, password = None, None
-
- user = self.authenticate(name, password, request)
-
- # user will be None if we can't authenticate him or if we can't find
- # his username in this user database.
- if user is not None:
- emergency = self._emergency_user
- if emergency and user is emergency:
- if self._isTop():
- # we do not need to authorize the emergency user against the
- # published object.
- return emergency.__of__(self)
- else:
- # we're not the top-level user folder
- return None
-
- else:
- # We found a user, his password was correct, and the user
- # wasn't the emergency user. We need to authorize the user
- # against the published object.
- if self.authorize(user.__of__(self), a, c, n, v, roles):
- return user.__of__(self)
- # That didn't work. Try to authorize the anonymous user.
- elif self._isTop() and self.authorize(self._nobody.__of__(self),
- a,c,n,v,roles):
- return self._nobody.__of__(self)
- elif not self._isTop():
- # we can't authorize the user, and we're not top-level
- return None
- else:
- # We cannot authorize the user and we are toplevel
- raise 'LoginRequired', login_doc(self, request)
-
- else:
- # either we didn't find the username, or the user's password
- # was incorrect. try to authorize and return the anonymous user.
- if self._isTop() and self.authorize(self._nobody.__of__(self),a,
- c,n,v,roles):
- return self._nobody.__of__(self)
- else:
- # anonymous can't authorize or we're not top-level user folder
- raise 'LoginRequired', login_doc(self, request)
-
-
- def getProperty(self, prop_name):
- """ Get at LDAPLoginAdapter properties """
- return getattr(self, prop_name, '')
-
-
-def manage_addLDAPLoginAdapter(self, title, LDAP_server, login_attr,
- users_base, users_scope, roles,
- groups_base, groups_scope,
- binduid, bindpwd, use_cookies, REQUEST=None):
- """ Called by Zope to create and install an LDAPLoginAdapter """
-
- n = LDAPLoginAdapter(title, LDAP_server, login_attr,
- users_base, users_scope,
- roles, groups_base, groups_scope,
- binduid, bindpwd, use_cookies, REQUEST)
-
- if hasattr(self.aq_base, 'acl_users') and REQUEST is not None:
- return MessageDialog(
- title ='Item Exists',
- message='This object already contains a User Folder',
- action ='%s/manage_main' % REQUEST['URL1'])
-
- self._setObject('acl_users', n)
- self.__allow_groups__=self.acl_users
-
- # return to the parent object's manage_main
- if REQUEST is not None:
- return self.manage_main(self,REQUEST)
diff --git a/LDAPUser.py b/LDAPUser.py
deleted file mode 100644
index 49dd310..0000000
--- a/LDAPUser.py
+++ /dev/null
@@ -1,103 +0,0 @@
-#####################################################################
-#
-# LDAPUser The User object for the LDAPLoginAdapter
-#
-# This software is governed by a license. See
-# LICENSE.txt for the terms of this license.
-#
-#####################################################################
-__version__='$Revision$'[11:-2]
-
-
-import string, time
-from AccessControl.User import BasicUser
-from DateTime import DateTime
-
-
-class LDAPUser(BasicUser):
- """ A user object for LDAP users """
-
- icon='misc_/UserDb/User_icon'
-
- __ac_permissions__ = (
- ( 'Manage users', ('getDatabasePath',)),
- ( 'View', ('getProperty',))
- )
-
- def __init__(self, name, password, roles, domains, user_attrs, public_attrs):
- self.name = name
- self.__ = password
- self.roles = filter(None, map(string.strip,string.split(roles, ',')))
- self.domains = None
- self.RID = ''
- self.groups = ''
- self.lastactivetime = time.time()
- self.expiration = self.lastactivetime + 600
- self.attr_dict = {}
-
- for key in user_attrs.keys():
- self.attr_dict[key] = user_attrs.get(key, [None])[0]
-
- for attr_name, mapped_name in public_attrs:
- setattr(self, attr_name, user_attrs.get(mapped_name, [''])[0])
-
-
- #################################################################################
- # BasicUser implementations that need overriding
- #################################################################################
-
- def getUserName(self):
- """ Return the user's login name """
- return self.name
-
-
- def getRoles(self):
- """ Return a tuple with the user's roles """
- return tuple(self.roles)
-
-
- def _getPassword(self):
- return self.__
-
-
- def getDatabasePath(self):
- """
- Return the location of the acl_users that gave birth to me
- """
- return self.aq_inner.aq_parent.absolute_url(1)
-
-
- #################################################################################
- # LDAPLoginAdapter-specific extensions
- #################################################################################
-
- def getProperty(self, prop_name):
- """
- Return the user property referred to by prop_name,
- if the attribute is indeed public.
- """
- return self.attr_dict.get(prop_name, None)
-
-
- def _updateActiveTime(self):
- self.lastactivetime=time.time()
-
-
- def getLastActiveTime(self):
- return DateTime(self.lastactivetime)
-
-
- def getExpireTime(self):
- return DateTime(self.expiration)
-
-
- def getDomains(self):
- return []
-
-
- def notexpired(self):
- """ Returns true if the user is not expired in the cache """
- if self.expiration > time.time():
- return 1
- else:
- return 0
diff --git a/LICENSE.txt b/LICENSE.txt
deleted file mode 100644
index 110b4ed..0000000
--- a/LICENSE.txt
+++ /dev/null
@@ -1,72 +0,0 @@
-##############################################################################
-#
-# License
-# -------
-#
-# Copyright (c) Jens Vagelpohl. All right reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-# 1. Redistributions in source code must retain the above copyright
-# notice, this list of conditions, and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions, and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-#
-# 3. Jens Vagelpohl requests that attribution be given to Zope
-# in any manner possible. A significant investment has been put
-# into Zope, and this effort will continue if the Zope community
-# continues to grow. This is one way to assure that growth.
-#
-# 4. All advertising materials and documentation mentioning
-# features derived from or use of this software must display
-# the following acknowledgement:
-#
-# "This product includes software developed by Jens Vagelpohl
-# for use in the Z Object Publishing Environment
-# (http://www.zope.org/)."
-#
-# 5. Names associated with Jens Vagelpohl must not be used to
-# endorse or promote products derived from this software without
-# prior written permission from Jens Vagelpohl.
-#
-# 6. Modified redistributions of any form whatsoever must retain
-# the following acknowledgment:
-#
-# "This product includes software developed by Jens Vagelpohl
-# for use in the Z Object Publishing Environment
-# (http://www.zope.org/)."
-#
-# 7. Modifications are encouraged but must be packaged separately as
-# patches to official software releases. Distributions that do not
-# clearly separate the patches from the original work must be clearly
-# labeled as unofficial distributions.
-#
-#
-# Disclaimer
-#
-# THIS SOFTWARE IS PROVIDED BY JENS VAGELPOHL ``AS IS'' AND ANY
-# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JENS VAGELPOHL OR HIS
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-#
-# This software consists of contributions made by Jens Vagelpohl and
-# many other individuals.
-# Special credits go to Ross lazarus and Soren Roug which provided the
-# basis for this code.
-#
-##############################################################################
-
diff --git a/README.txt b/README.txt
deleted file mode 100644
index 41bd4f8..0000000
--- a/README.txt
+++ /dev/null
@@ -1,156 +0,0 @@
-README for the Zope LDAPLoginAdapter Product
-
- This product is a replacement for a Zope user folder. It
- does not store its own user objects but builds them on the
- fly after authenticating a user against the LDAP database.
-
- The nature of the LDAPLoginAdapter is "read-only", meaning
- at present it does not allow you to create, edit or delete
- users in LDAP. You will need to populate the LDAP directory
- by other means.
-
-
- **How to upgrade**
-
- Upgrading entails not only unpacking the new code, you
- should also delete and recreate all LDAPLoginAdapter
- instances in your Zope installation.
-
-
- **Custom login page**
-
- Check out the code in the LDAPLoginAdapter install directory
- under dtml/login.dtml for what a login page has to do. You
- want to make sure that you have a *form* which posts at
- least 2 input fields named *__ac__name* (user name) and
- *__ac_password* (password) back.
-
- You can make your custom page the default page by simply
- instantiating it under the "Contents" tab of the
- LDAPLoginAdapter and giving it an id of *login*.
-
-
- **Help, I locked myself out of my own site!**
-
- This can happen if you create a custom login page within
- the LDAPLoginAdapter which does not do the right thing and
- the authentication method is set to use cookies.
-
- In order to authenticate you can force the usage of the
- default login page by going to:
-
- http://my.site.com/acl_users/default_loginpage
-
- Type in your name and password and hit the button. You
- will stay on the same page, even if the authentication
- succeeded, you can then type the desired address into your
- browser's navigation bar.
-
-
- **Why use LDAP to store user records?**
-
- LDAP as a source of Zope user records is an excellent
- choice in many cases, like...
-
- o You already have an existing LDAP setup that might store
- company employee data and you do not want to duplicate
- any data into a Zope user folder
-
- o You want to make the same user database available to
- other applications like mail, address book clients,
- operating system authenticators (PAM-LDAP) or other
- network services that allow authentication against
- LDAP
-
- o You have several Zope installations that need to share
- user records or a ZEO setup
-
- o You want to be able to store more than just user name
- and password in your Zope user folder
-
- o You want to manipulate user data outside of Zope
-
- ... the list continues.
-
-
- **Requirements**
-
- In order for this product to run you will need to provide the
- following items:
-
- * a working LDAP server (see http://www.openldap.org/)
-
- * the python-ldap module (see http://python-ldap.sourceforge.net/)
-
-
- **Tested Platforms**
-
- This version of the LDAPLoginAdapter has been written on and for
- Zope 2.3.0 and up. I am not going to support earlier versionds of
- Zope with my product.
-
- If you are looking for a similar solution for a pre-2.3.0-site
- see http://sourceforge.net/projects/zldapadapter/ for the
- LDAPAdapter. The LDAPAdapter, written by Ross Lazarus and Soren Roug,
- formed the basis for the LDAPLoginAdapter.
-
- This product is platform-independent except for its reliance on
- the python-ldap module. If you cannot compile or find a python-
- ldap module suitable for your platform the LDAPLoginAdapter
- will not work.
-
-
- **The LDAP Schema**
-
- Your LDAP server should contain records that can be used as user
- records. Any object types like person, organizationalPerson,
- or inetOrgPerson and any derivatives thereof should work. After a
- small code change records of type posixAccount should work
- correctly as well.
- The LDAPLoginAdapter expects your user records to have at least the
- following attributes, most of which are required for the
- abovementioned object classes, anyway:
-
- * cn (Canonical Name)
-
- * userPassword (the password field)
-
- * objectClass
-
- * whatever attribute you choose as the username attribute
-
- * typcial person-related attributes like sn (last name),
- givenName (first name), uid or mail (email address) will make
- working with the LDAPLoginAdapter nicer
-
- Zope users have certain roles associated with them, these roles
- determine what permissions the user have. In LDAPLoginAdapter-speak,
- roles are embodied in Groups.
-
- Group records can be of any object type that accepts multiple
- attributes of type "uniqueMember" and that has a "cn" attribute.
- One such type is "groupOfUniqueNames". The cn describes the
- group / role name while the uniqueMember attributes point back
- to all those user records that are part of this group.
-
- For examples of valid group- and user-records for LDAP please
- see the file SAMPLE_RECORDS.txt in this distribution. It has
- samples for a user- and a group record in LDIF format.
-
- It is outside of the scope of this documentation to describe the
- different object classes and attributes in detail, please see
- LDAP documentation for a better treatment.
-
-
- **Things to watch out for**
-
- Since a user folder is one of these items that can lock users out
- of your site if they break I suggest testing the settings in some
- inconspicuous location before replacing a site's main acl_users folder
- with a LDAPLoginAdapter.
-
- As a last resort you will always be able to log in and make changes
- as the superuser (or in newer Zope releases called "emergency user")
- who, as an added bonus, can delete and create user folders. This is
- a breach of the standard "the superuser cannot create / own anything"
- policy, but can save your skin in so many ways.
diff --git a/SAMPLE_RECORDS.txt b/SAMPLE_RECORDS.txt
deleted file mode 100644
index 48b51a5..0000000
--- a/SAMPLE_RECORDS.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-#
-# Sample Records: Examples for records that can be used with the
-# LDAPLoginAdapter and LDAPUserManager products.
-#
-# Assume you have a LDAP server with a root "dc=dataflake,dc=org".
-# Furthermore assume that you decide to store user records on the
-# branch "ou=people,dc=dataflake,dc=org".
-# You decide that group records go into "ou=groups,dc=dataflake,dc=org"
-#
-# The entries below would describe some valid entries for user
-# Jens Vagelpohl who is part of the "Manager" group, meaning in Zope
-# he has role "Manager".
-#
-
-
-# This is the user record for Jens:
-
-dn: cn=Jens Vagelpohl,ou=people,dc=dataflake,dc=org
-objectClass: top
-objectClass: organizationalPerson
-telephoneNumber: (800) 555-1212
-st: VA
-givenName: Jens
-title: Software Engineer
-mail: jens@digicool.com
-postalCode: 22401
-l: Fredericksburg
-url: http://www.dataflake.org
-c: United States of America
-mail: jens@dataflake.org
-street: 607 William Street
-company: Digital Creations, Inc
-cn: Jens Vagelpohl
-sn: Vagelpohl
-userPassword: {SHA}Ryx8UNCnNJgY7RkAOaBKt3K6JEo=
-
-
-# This is the group record for the "Manager" group:
-
-dn: cn=Manager,ou=groups,dc=dataflake,dc=org
-cn: Manager
-objectClass: top
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Jens Vagelpohl,ou=people,dc=dataflake,dc=org
diff --git a/VERSION.txt b/VERSION.txt
deleted file mode 100644
index b563cc4..0000000
--- a/VERSION.txt
+++ /dev/null
@@ -1 +0,0 @@
-LDAPLoginAdapter 1.2beta3
diff --git a/__init__.py b/__init__.py
deleted file mode 100644
index 348f12f..0000000
--- a/__init__.py
+++ /dev/null
@@ -1,24 +0,0 @@
-##############################################################################
-#
-# __init__.py Initialization code for the LDAPLoginAdapter
-#
-# This software is governed by a license. See
-# LICENSE.txt for the terms of this license.
-#
-##############################################################################
-
-__doc__ = """ LDAPLoginAdapter initialization module """
-__version__ = '$Revision$'[11:-2]
-
-import LDAPLoginAdapter
-
-def initialize(context):
- context.registerClass(
- LDAPLoginAdapter.LDAPLoginAdapter,
- permission='Add LDAPLoginAdapter Object',
- constructors=(LDAPLoginAdapter.addLDAPLoginAdapterForm,
- LDAPLoginAdapter.manage_addLDAPLoginAdapter),
- icon='www/ldaploginadapter.gif',
- )
-
- context.registerHelp()
diff --git a/dtml/addLDAPLoginAdapter.dtml b/dtml/addLDAPLoginAdapter.dtml
deleted file mode 100644
index 86da3af..0000000
--- a/dtml/addLDAPLoginAdapter.dtml
+++ /dev/null
@@ -1,78 +0,0 @@
-<dtml-var manage_page_header>
-
-<dtml-var "manage_form_title(this(), _,
- form_title='Add LDAPLoginAdapter',
- help_product='LDAPLoginAdapter',
- help_topic='LDAPLoginAdapter_Add.stx'
- )">
-
-<form action="manage_addLDAPLoginAdapter" method="POST">
-<table cellspacing="2">
- <tr>
- <td align="left" valign="top"><div class="form-optional">Title</div></td>
- <td align="left" valign="top"><input type="TEXT" name="title" size="50" /></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-label">LDAP Server[:port]</div></td>
- <td align="left" valign="top"><input type="TEXT" name="LDAP_server" size="50"
- value="my.ldap.server" /></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">Login Name Attribute</div></td>
- <td align="LEFT" valign="TOP">
- <select name="login_attr">
- <option value="cn">Canonical Name (cn)</option>
- <option value="sn">Surname (sn)</option>
- <option value="dn">Distinguished Name (dn)</option>
- </select>
- </td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-label">Search base DN for users</div></td>
- <td align="left" valign="top"><input type="TEXT" name="users_base" size="50"
- value="ou=people,o=Organization,c=US" /></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-label">Users Search Scope</div></td>
- <td align="left" valign="top">
- <select name="users_scope:int">
- <option value="0"> Search the base ONLY </option>
- <option value="1"> Search the base and one level of subtrees </option>
- <option value="2" selected> Search the base and all subtrees </option>
- </select></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-label">Search base DN for groups</div></td>
- <td align="left" valign="top"><input type="TEXT" name="groups_base" size="50"
- value="ou=groups,o=Organization,c=US" /></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-label">Groups Search Scope</div></td>
- <td align="left" valign="top">
- <select name="groups_scope:int">
- <option value="0"> Search the base ONLY </option>
- <option value="1"> Search the base and one level of subtrees </option>
- <option value="2" selected> Search the base and all subtrees </option>
- </select></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-optional">LDAP Bind UID (optional)</div></td>
- <td align="left" valign="top"><input type="TEXT" name="binduid:string" size="50"
- value="" /></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-optional">LDAP Bind Password (optional)</div></td>
- <td align="left" valign="top"><input type="TEXT" name="bindpwd:string" size="50"
- value="" /></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-label">Default User Roles (comma separated)</div></td>
- <td align="left" valign="top"><input type="TEXT" name="roles" size="50"
- value="Anonymous" /></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-label">Cookies</div></td>
- <td align="left" valign="top"><div class="form-text">
- <input type="radio" name="use_cookies" value="0" checked>
- No cookies&nbsp;
- <input type="radio" name="use_cookies" value="1">
- Cookies and login screens
- </div></td>
- </tr><tr>
- <td>&nbsp;</td>
- <td><br><input type="SUBMIT" value="Add"></td>
- </tr>
-</table>
-</form>
-
-<dtml-var manage_page_footer>
diff --git a/dtml/advancedProps.dtml b/dtml/advancedProps.dtml
deleted file mode 100644
index cc68911..0000000
--- a/dtml/advancedProps.dtml
+++ /dev/null
@@ -1,140 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-var manage_tabs>
-
-<p class="form-help">
-Use this form to change advanced settings.
-</p>
-
-
-<form action="manage_reinit" method="post">
-<table cellpadding="2" cellspacing="0" width="98%">
- <tr class="section-bar">
- <td colspan="2" align="left" valign="top"><div class="form-label">
- Purge all caches
- </div></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-text">
- Empty all caches and force reloading of users from LDAP.
- </div></td>
- <td align="left" valign="top"><div class="form-element">
- <input type="submit" value=" Purge all caches " />
- </div></td>
- </tr>
-</table>
-</form>
-
-<p>&nbsp;</p>
-
-<form action="manage_editLogVerbosity" method="POST">
-<table cellspacing="0" cellpadding="2" width="98%">
- <tr class="section-bar">
- <td align="left" valign="top" colspan="3"><div class="form-label">
- Log verbosity
- </div></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-text">
- Set the types of events being logged.
- </div></td>
- <td align="LEFT" valign="TOP">
- <select name="verbose:int">
- <option value="0" <dtml-if "verbose==0">selected</dtml-if>>No logging (0)</option>
- <option value="1" <dtml-if "verbose==1">selected</dtml-if>>Catastrophes (1)</option>
- <option value="2" <dtml-if "verbose==2">selected</dtml-if>>Major Events (2)</option>
- <option value="3" <dtml-if "verbose==3">selected</dtml-if>>Minor Events (3)</option>
- <option value="4" <dtml-if "verbose==4">selected</dtml-if>>Login Failures (4)</option>
- <option value="5" <dtml-if "verbose==5">selected</dtml-if>>Login Successes (5)</option>
- <option value="7" <dtml-if "verbose==7">selected</dtml-if>>Login From Cache (7)</option>
- <option value="9" <dtml-if "verbose==9">selected</dtml-if>>Debugging (9)</option>
- </select>
- </td>
- <td align="left" valign="top"><div class="form-element">
- <input class="form-element" type="SUBMIT" value=" Change " />
- </div></td>
- </tr>
-</table>
-</form>
-
-<p>&nbsp;</p>
-
-<form method="post" action="&dtml-URL1;">
-<table cellspacing="0" cellpadding="2">
- <tr class="section-bar">
- <td colspan="3" align="left" valign="top"><div class="form-label">
- Set special public user object attribute
- </div></td>
- </tr><tr>
- <td align="left" valign="top" colspan="3"><div class="form-text">
- In order to accomodate old code which expects attributes to be publicly accessible
- on the user object, such as "AUTHENTICATED_USER.email", you can use these fields to
- name attributes and map them to LDAP record attributes.
- </div><br /></td>
- </tr>
-
- <dtml-in expr="getPublicUserAttrs()">
- <dtml-if name="sequence-start">
- <tr class="list-header">
- <td align="left" valign="top" width="16">&nbsp;</td>
- <td><div class="form-label">Public Attribute</div></td>
- <td><div class="form-label">LDAP Attribute</div></td>
- </tr>
- </dtml-if>
-
- <dtml-if sequence-odd>
- <tr class="row-normal">
- <dtml-else>
- <tr class="row-hilite">
- </dtml-if>
- <td align="left" valign="top" width="16">
- <input type="checkbox" name="public_attrs:list" value="<dtml-var name="sequence-key">" />
- </td>
- <td><div class="list-item">
- <dtml-var name="sequence-key">
- </div></td>
- <td><div class="list-item">
- <dtml-var name="sequence-item">
- </div></td>
- </tr>
-
- <dtml-if name="sequence-end">
- <tr>
- <td align="left" valign="top" colspan="3"><div class="form-element">
- <br /><input class="form-element" type="SUBMIT" name="manage_deletePublicUserAttrs:method"
- value=" Delete selected Public User Attributes " />
- </div><br /></td>
- </tr>
- </dtml-if>
- </dtml-in>
-
- <tr>
- <td align="LEFT" valign="TOP" colspan="2"><div class="form-label">
- Public Attribute
- </div></td>
- <td align="left" valign="top"><input type="text" name="public_attribute" size="50" />
- </td>
- </tr><tr>
- <td align="LEFT" valign="TOP"colspan=2"><div class="form-label">
- LDAP Attribute
- </div></td>
- <td align="left" valign="top">
- <dtml-in expr="getLDAPSchema()">
- <dtml-if name="sequence-start">
- <select name="ldap_attribute">
- </dtml-if>
- <option value="&dtml-sequence-key;">&dtml-sequence-key; (&dtml-sequence-item;)</option>
- <dtml-if name="sequence-end">
- </select>
- </dtml-if>
- </dtml-in>
- </td>
- </tr>
-
- <tr>
- <td align="left" valign="top" colspan="3"><div class="form-element">
- <br /><input class="form-element" type="SUBMIT" name="manage_addPublicUserAttrs:method"
- value=" Add Public User Attribute " />
- </div></td>
- </tr>
-</table>
-
-<dtml-var manage_page_footer>
-
diff --git a/dtml/contents.dtml b/dtml/contents.dtml
deleted file mode 100644
index c8c164b..0000000
--- a/dtml/contents.dtml
+++ /dev/null
@@ -1,251 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-var manage_tabs>
-
-<script type="text/javascript">
-<!--
-
-isSelected = false;
-
-function toggleSelect() {
- if (isSelected == false) {
- for (i = 0; i < document.objectItems.length; i++)
- document.objectItems.elements[i].checked = true ;
- isSelected = true;
- document.objectItems.selectButton.value = "Deselect All";
- return isSelected;
- }
- else {
- for (i = 0; i < document.objectItems.length; i++)
- document.objectItems.elements[i].checked = false ;
- isSelected = false;
- document.objectItems.selectButton.value = "Select All";
- return isSelected;
- }
-}
-
-//-->
-</script>
-
-<dtml-unless skey><dtml-call expr="REQUEST.set('skey', 'id')"></dtml-unless>
-<dtml-unless rkey><dtml-call expr="REQUEST.set('rkey', '')"></dtml-unless>
-
-<!-- Add object widget -->
-<br />
-<dtml-if filtered_meta_types>
- <table width="100%" cellspacing="0" cellpadding="0" border="0">
- <tr>
- <td align="left" valign="top">&nbsp;</td>
- <td align="right" valign="top">
- <div class="form-element">
- <form action="&dtml-URL1;/" method="get">
- <dtml-if "_.len(filtered_meta_types) > 1">
- <select class="form-element" name=":action"
- onChange="location.href='&dtml-URL1;/'+this.options[this.selectedIndex].value" />
- <option value="manage_workspace" disabled />Select type to add...
- <dtml-in filtered_meta_types mapping sort=name>
- <option value="&dtml.url_quote-action;">&dtml-name;</option>
- </dtml-in>
- </select>
- <input class="form-element" type="submit" name="submit" value=" Add " />
- <dtml-else>
- <dtml-in filtered_meta_types mapping sort=name>
- <input type="hidden" name=":method" value="&dtml.url_quote-action;" />
- <input class="form-element" type="submit" name="submit" value=" Add &dtml-name;" />
- </dtml-in>
- </dtml-if>
- </form>
- </div>
- </td>
- </tr>
- </table>
-</dtml-if>
-
-<form action="&dtml-URL1;" name="objectItems" method="post">
-<dtml-if objectItems>
-<table width="100%" cellspacing="0" cellpadding="2" border="0">
-<tr class="list-header">
- <td width="5%" align="right" colspan="2"><div
- class="list-item"><a href="./manage_main?skey=meta_type<dtml-if
- "rkey == ''">&rkey=meta_type</dtml-if>"
- onMouseOver="window.status='Sort objects by type'; return true"
- onMouseOut="window.status=''; return true"><dtml-if
- "skey == 'meta_type' or rkey == 'meta_type'"
- ><strong>Type</strong><dtml-else>Type</dtml-if></a></div>
- </td>
- <td width="50%" align="left"><div class="list-item"><a
- href="./manage_main?skey=id<dtml-if
- "rkey == ''">&rkey=id</dtml-if>"
- onMouseOver="window.status='Sort objects by name'; return true"
- onMouseOut="window.status=''; return true"><dtml-if
- "skey == 'id' or rkey == 'id'"
- ><strong>Name</strong><dtml-else>Name</dtml-if></a></div>
- </td>
- <td width="15%" align="left"><div class="list-item"><a
- href="./manage_main?skey=get_size<dtml-if
- "rkey == ''">&rkey=get_size</dtml-if>"
- onMouseOver="window.status='Sort objects by size'; return true"
- onMouseOut="window.status=''; return true"><dtml-if
- "skey == 'get_size' or rkey == 'get_size'"
- ><strong>Size</strong><dtml-else>Size</dtml-if></a></div>
- </td>
- <td width="29%" align="left"><div class="list-item"><a
- href="./manage_main?skey=bobobase_modification_time<dtml-if
- "rkey == ''">&rkey=bobobase_modification_time</dtml-if
- >"
- onMouseOver="window.status='Sort objects by modification time'; return true"
- onMouseOut="window.status=''; return true"><dtml-if
- "skey == 'bobobase_modification_time' or rkey == 'bobobase_modification_time'"
- ><strong>Last Modified</strong><dtml-else>Last Modified</dtml-if></a></div>
- </td>
-</tr>
-<dtml-in objectItems sort_expr="skey" reverse_expr="rkey">
-<dtml-if sequence-odd>
-<tr class="row-normal">
-<dtml-else>
-<tr class="row-hilite">
-</dtml-if>
- <td align="left" valign="top" width="16">
- <input type="checkbox" name="ids:list" value="&dtml-sequence-key;" />
- </td>
- <td align="left" valign="top">
- <dtml-if icon>
- <a href="&dtml.url_quote-sequence-key;/manage_workspace">
- <img src="&dtml-BASEPATH1;/&dtml-icon;" alt="[&dtml-meta_type;]"
- border="0" /></a>
- <dtml-else>
- &nbsp;
- </dtml-if>
- </td>
- <td align="left" valign="top">
- <div class="list-item">
- <a href="&dtml.url_quote-sequence-key;/manage_workspace">
- &dtml-sequence-key; <dtml-if title>(&dtml-title;)</dtml-if>
- </a>
- <dtml-if locked_in_version>
- <dtml-if modified_in_version>
- <img src="&dtml-BASEPATH1;/p_/locked"
- alt="This item has been modified in this version" />
- <dtml-else>
- <img src="&dtml-BASEPATH1;/p_/lockedo"
- alt="This item has been modified in another version" />
- (<em>&dtml-locked_in_version;</em>)
- </dtml-if>
- </dtml-if>
- </div>
- </td>
-
- <dtml-with sequence-key>
- <td>
- <div class="list-item">
- <dtml-if get_size>
- <dtml-let ob_size=get_size>
- <dtml-if "ob_size < 1024">
- 1 Kb
- <dtml-elif "ob_size > 1048576">
- <dtml-var "ob_size / 1048576.0" fmt="%0.02f"> Mb
- <dtml-else>
- <dtml-var "_.int(ob_size / 1024)"> Kb
- </dtml-if>
- </dtml-let>
- <dtml-else>
- &nbsp;
- </dtml-if>
- </div>
- </td>
-
- <td>
- <div class="list-item">
- <dtml-var bobobase_modification_time fmt="%Y-%m-%d %I:%M %p">
- </div>
- </td>
- </dtml-with>
-</tr>
-</dtml-in>
-</table>
-
-<table cellspacing="0" cellpadding="2" border="0">
-<tr>
- <td align="left" valign="top" width="16"></td>
- <td align="left" valign="top">
- <div class="form-element">
- <dtml-unless dontAllowCopyAndPaste>
- <input class="form-element" type="submit" name="manage_renameForm:method"
- value="Rename" />
- <input class="form-element" type="submit" name="manage_cutObjects:method"
- value="Cut" />
- <input class="form-element" type="submit" name="manage_copyObjects:method"
- value="Copy" />
- <dtml-if cb_dataValid>
- <input class="form-element" type="submit" name="manage_pasteObjects:method"
- value="Paste" />
- </dtml-if>
- </dtml-unless>
- <dtml-if "_.SecurityCheckPermission('Delete objects',this())">
- <input class="form-element" type="submit" name="manage_delObjects:method"
- value="Delete" />
- </dtml-if>
- <dtml-if "_.SecurityCheckPermission('Import/Export objects', this())">
- <input class="form-element" type="submit"
- name="manage_importExportForm:method"
- value="Import/Export" />
- </dtml-if>
-<script type="text/javascript">
-<!--
-if (document.forms[0]) {
- document.write('<input class="form-element" type="submit" name="selectButton" value="Select All" onClick="toggleSelect(); return false">')
- }
-//-->
-</script>
- </div>
- </td>
-</tr>
-</table>
-
-<dtml-else>
-<table cellspacing="0" cellpadding="2" border="0">
-<tr>
-<td>
-<div class="std-text">
-There are currently no items in <em>&dtml-title_or_id;</em>
-<br /><br />
-</div>
-<dtml-unless dontAllowCopyAndPaste>
-<dtml-if cb_dataValid>
-<div class="form-element">
-<input class="form-element" type="submit" name="manage_pasteObjects:method"
- value="Paste" />
-</div>
-</dtml-if>
-</dtml-unless>
-<dtml-if "_.SecurityCheckPermission('Import/Export objects', this())">
-<input class="form-element" type="submit"
- name="manage_importExportForm:method" value="Import/Export" />
-</dtml-if>
-</td>
-</tr>
-</table>
-</dtml-if>
-</form>
-
-<dtml-if update_menu>
-<script type="text/javascript">
-<!--
-window.parent.update_menu();
-//-->
-</script>
-</dtml-if>
-
-<dtml-var manage_page_footer>
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dtml/finduser.dtml b/dtml/finduser.dtml
deleted file mode 100644
index 1678f0b..0000000
--- a/dtml/finduser.dtml
+++ /dev/null
@@ -1,181 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-var manage_tabs>
-
-<dtml-if name="find_button_pressed">
-
- <br />
- <dtml-in expr="findUser(search_param=search_param, search_term=search_term)" mapping sort="sn">
- <dtml-if name="sequence-start">
- <dtml-if expr="_['sequence-length'] > 15">
- <table border="0" cellpadding="2" cellspacing="0" width="100%">
- <tr class="section-bar">
- <td><div class="form-label"> Search Again</div></td>
- </tr>
- </table>
- <form action="<dtml-var name="URL0">" method="post" >
- <table cellpadding="2" cellspacing="0">
- <tr>
- <td><select name="search_param">
- <dtml-in expr="getLDAPSchema()">
- <option value="&dtml-sequence-key;">&dtml-sequence-key; (&dtml-sequence-item;)</option>
- </dtml-in>
- </select></td>
- <td><input type="text" name="search_term" size="30"></td>
- <td><input type="submit" name="find_button_pressed" value=" Search! "></td>
- </tr>
- </table>
- </form>
- </dtml-if>
-
- <form action="&dtml-URL1;" method="post" name="objectItems">
- <table cellpadding="2" cellspacing="0" border="0" width="100%">
- <tr class="list-header">
- <td><div class="form-label">SN</div></td>
- <td><div class="form-label">CN</div></td>
- <td><div class="form-label">Distinguished Name</div></td>
- </tr>
- </dtml-if>
-
- <dtml-if sequence-odd>
- <tr class="row-normal">
- <dtml-else>
- <tr class="row-hilite">
- </dtml-if>
- <td><div class="list-item">
- <dtml-var name="sn">
- </div></td>
- <td><div class="list-item">
- <dtml-var name="cn">
- </div></td>
- <td><div class="list-item">
- <a href="<dtml-var expr="URL0 + '?user_dn=' + encodeString(dn)">"><dtml-var name="dn"></a>
- </div></td>
- </tr>
-
- <dtml-if name="sequence-end">
- </table>
- </form>
- </dtml-if>
-
- <dtml-else>
- <p><b>No record match!</b></p>
- </dtml-in>
-
- <p><br></p>
-
- <table border="0" cellpadding="2" cellspacing="0" width="100%">
- <tr class="section-bar">
- <td><div class="form-label"> Search Again</div></td>
- </tr>
- </table>
- <form action="<dtml-var name="URL0">" method="post">
- <table cellpadding="2" cellspacing="0">
- <tr>
- <td><select name="search_param">
- <dtml-in expr="getLDAPSchema()">
- <option value="&dtml-sequence-key;">&dtml-sequence-key; (&dtml-sequence-item;)</option>
- </dtml-in>
- </select></td>
- <td><input type="text" name="search_term" size="30"></td>
- <td><input type="submit" name="find_button_pressed" value=" Search! "></td>
- </tr>
- </table>
- </form>
-
-<dtml-elif name="user_dn">
-
- <p class="form-help">
- This is the detailed record view for the selected user.
- </p>
-
- <table cellpadding"3" cellspacing="0" width="100%">
- <tr class="section-bar">
- <td align="left" valign="top"><div class="form-label">
- User Details for &dtml-user_dn;
- </div></td>
- </tr>
- </table>
-
- <dtml-in expr="getUserDetails(user_dn)">
- <dtml-if name="sequence-start">
- <br />
- <table border="1" cellpadding="3">
- <tr>
- <td><div class="form-label">Attribute</div></td>
- <td><div class="form-label">Value</div></td>
- </tr>
- </dtml-if>
-
- <tr>
- <td><div class="form-text">
- <dtml-var name="sequence-key">
- </div></td>
- <td><div class="form-text">
- <dtml-var expr="_.string.join(_['sequence-item'], ',')">
- </div></td>
- </tr>
-
- <dtml-if name="sequence-end">
- </table>
- </dtml-if>
-
- </dtml-in>
-
-<p>&nbsp;</p>
-
- <table cellpadding"3" cellspacing="0" width="100%">
- <tr class="section-bar">
- <td align="left" valign="top"><div class="form-label">
- Roles for &dtml-user_dn;
- </div></td>
- </tr>
- </table>
-
- <p><dtml-var expr="_.string.join(getGroups(dn=user_dn, attr='cn'), ', ') or
- 'This user is not in any group!'"></p>
-
- <p><br></p>
-
- <table border="0" cellpadding="2" cellspacing="0" width="100%">
- <tr class="section-bar">
- <td><div class="form-label"> Search Again</div></td>
- </tr>
- </table>
- <form action="<dtml-var name="URL0">" method="post">
- <table cellpadding="2" cellspacing="0">
- <tr>
- <td><select name="search_param">
- <dtml-in expr="getLDAPSchema()">
- <option value="&dtml-sequence-key;">&dtml-sequence-key; (&dtml-sequence-item;)</option>
- </dtml-in>
- </select></td>
- <td><input type="text" name="search_term" size="30"></td>
- <td><input type="submit" name="find_button_pressed" value=" Search! "></td>
- </tr>
- </table>
- </form>
-
-<dtml-else>
-
- <p class="form-help">
- Use this form to find user records on the LDAP server and
- view their details.
- </p>
-
- <form action="<dtml-var name="URL0">" method="post">
- <table cellpadding="2" cellspacing="0">
- <tr>
- <td><select name="search_param">
- <dtml-in expr="getLDAPSchema()">
- <option value="&dtml-sequence-key;">&dtml-sequence-key; (&dtml-sequence-item;)</option>
- </dtml-in>
- </select></td>
- <td><input type="text" name="search_term" size="30"></td>
- <td><input type="submit" name="find_button_pressed" value=" Search! "></td>
- </tr>
- </table>
- </form>
-
-</dtml-if>
-
-<dtml-var manage_page_footer>
diff --git a/dtml/ldapschema.dtml b/dtml/ldapschema.dtml
deleted file mode 100644
index 24011b6..0000000
--- a/dtml/ldapschema.dtml
+++ /dev/null
@@ -1,86 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-var manage_tabs>
-
-<p class="form-help">
-This form is used to input the attributes for user records as defined by
-your LDAP schema. The attributes you define here drive all the select boxes
-that deal with user attributes in the management interface, like the attribute
-to search by on the "Search" tab, the attributes you can choose as the
-Login Name on the "Properties" tab or the attributes you can map to special
-user object attributes on the "Advanced" tab.
-</p>
-<p class="form-help">
-Adding or removing attributes on this page does not affect your LDAP schema in any
-way, it will only affect what the LDAPLoginAdapter knows about your schema.
-</p>
-
-<form method="post" action="&dtml-URL1;">
-<table cellspacing="0" cellpadding="2" width="98%">
- <dtml-in expr="getLDAPSchema()">
- <dtml-if name="sequence-start">
- <tr class="list-header">
- <td align="left" valign="top" width="16">&nbsp;</td>
- <td><div class="form-label">LDAP Attribute Name</div></td>
- <td><div class="form-label">Friendly Name</div></td>
- </tr>
- </dtml-if>
-
- <dtml-if sequence-odd>
- <tr class="row-normal">
- <dtml-else>
- <tr class="row-hilite">
- </dtml-if>
- <td align="left" valign="top" width="16">
- <input type="checkbox" name="ldap_names:list" value="&dtml-sequence-key;" />
- </td>
- <td><div class="list-item">
- <dtml-var name="sequence-key">
- </div></td>
- <td><div class="list-item">
- <dtml-var name="sequence-item">
- </div></td>
- </tr>
-
- <dtml-if name="sequence-end">
- <tr>
- <td align="left" valign="top" colspan="3"><div class="form-element">
- <br /><input class="form-element" type="SUBMIT" name="manage_deleteLDAPSchemaItems:method"
- value=" Delete " />
- </div><br /></td>
- </tr>
- </dtml-if>
- </dtml-in>
-</table>
-</form>
-
-<p><br></p>
-
-<form action="manage_addLDAPSchemaItem" method="post">
-<table cellspacing="0" cellpadding="2" width="98%">
- <tr class="list-header">
- <td colspan="2"><div class="form-label">
- Add LDAP schema item
- </div></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">
- LDAP Attribute Name
- </div></td>
- <td align="left" valign="top"><input type="text" name="ldap_name" size="50" />
- </td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">
- Friendly Name
- </div></td>
- <td align="left" valign="top"><input type="text" name="friendly_name" size="50" />
- </td>
- </tr>
-
- <tr>
- <td align="left" valign="top" colspan="2"><div class="form-element">
- <br /><input class="form-element" type="SUBMIT" value=" Add " />
- </div></td>
- </tr>
-</table>
-
-<dtml-var manage_page_footer>
-
diff --git a/dtml/login.dtml b/dtml/login.dtml
deleted file mode 100644
index 359373f..0000000
--- a/dtml/login.dtml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-<h2>Please provide username and password</h2>
-
-<form action="&dtml-URL0;<dtml-if name="QUERY_STRING">?&dtml-QUERY_STRING;</dtml-if>" method="post">
- <table border="0" cellpadding="3">
- <tr>
- <td><b>Name:</b></td>
- <td><input type="text" name="__ac_name" size="20"></td>
- </tr><tr>
- <td><b>Password:</b></td>
- <td><input type="password" name="__ac_password" size="20"></td>
- </tr><tr>
- <td colspan="2"><br /><input type="submit" value=" Log In "></td>
- </tr>
- </table>
-</form>
-
-
diff --git a/dtml/logout.dtml b/dtml/logout.dtml
deleted file mode 100644
index 49371e8..0000000
--- a/dtml/logout.dtml
+++ /dev/null
@@ -1,7 +0,0 @@
-<dtml-var name="standard_html_header">
-
-<h2>You have been logged out.</h2>
-
-<dtml-var name="REQUEST">
-
-<dtml-var name="standard_html_footer">
diff --git a/dtml/properties.dtml b/dtml/properties.dtml
deleted file mode 100644
index d101258..0000000
--- a/dtml/properties.dtml
+++ /dev/null
@@ -1,80 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-var manage_tabs>
-
-<p class="form-help">Change the basic properties of your LDAPLoginAdapter
-on this form.</p>
-
-<form action="manage_edit" method="POST">
-<table cellspacing="0" cellpadding="3">
- <tr>
- <td align="LEFT" valign="TOP"><div class="form-optional">Title</div></td>
- <td align="LEFT" valign="TOP"><input type="TEXT" name="title" size="50"
- value="<dtml-var name="title">" /></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">LDAP Server[:port]</div></td>
- <td align="LEFT" valign="TOP"><input type="TEXT" name="LDAP_server" size="50"
- value="&dtml-LDAP_server;<dtml-if expr="_.int(LDAP_port) != 389">:&dtml-LDAP_port;</dtml-if>" /></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">Login Name Attribute</div></td>
- <td align="LEFT" valign="TOP">
- <select name="login_attr">
- <dtml-in expr="getLDAPSchema()">
- <option value="&dtml-sequence-key;" <dtml-if expr="login_attr == _['sequence-key']">selected</dtml-if>>
- &dtml-sequence-key; (&dtml-sequence-item;)</option>
- </dtml-in>
- </select></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">Users Base DN</div></td>
- <td align="LEFT" valign="TOP"><input type="TEXT" name="users_base" size="50"
- value="<dtml-var name="users_base">"></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">Users Search Scope</div></td>
- <td align="LEFT" valign="TOP">
- <select name="users_scope:int">
- <option value="0" <dtml-if "users_scope==0">selected</dtml-if>>Search base ONLY</option>
- <option value="1" <dtml-if "users_scope==1">selected</dtml-if>>Search base and one level below</option>
- <option value="2"<dtml-if "users_scope==2">selected</dtml-if>>Search base and below</options>
- </select></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">Groups Base DN</div></td>
- <td align="LEFT" valign="TOP"><input type="TEXT" name="groups_base" size="50"
- value="<dtml-var name="groups_base">"></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">Groups Search Scope</div></td>
- <td align="LEFT" valign="TOP">
- <select name="groups_scope:int">
- <option value="0" <dtml-if "groups_scope==0">selected</dtml-if>>Search base ONLY</option>
- <option value="1" <dtml-if "groups_scope==1">selected</dtml-if>>Search base and one level below</option>
- <option value="2" <dtml-if "groups_scope==2">selected</dtml-if>>Search base and below</option>
- </select></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-optional">LDAP Bind UID (optional)</div></td>
- <td align="LEFT" valign="TOP"><input type="TEXT" name="binduid:string" size="50"
- value="<dtml-var expr="getProperty('_binduid')">" /></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-optional">LDAP Bind Password (optional)</div></td>
- <td align="LEFT" valign="TOP"><input type="password" name="bindpwd:string" size="50"
- value="<dtml-var expr="getProperty('_bindpwd')">"></td>
- </tr><tr>
- <td align="LEFT" valign="TOP"><div class="form-label">Default User Roles</div></td>
- <td align="LEFT" valign="TOP"><input type="TEXT" name="roles" size="50"
- value="<dtml-var name="roles">" /></td>
- </tr><tr>
- <td align="left" valign="top"><div class="form-label">Cookies</div></td>
- <td align="left" valign="top"><div class="form-text">
- <input type="radio" name="use_cookies" value="0"
- <dtml-if expr="use_cookies == 0">checked</dtml-if>>
- No cookies&nbsp;
- <input type="radio" name="use_cookies" value="1"
- <dtml-if expr="use_cookies == 1">checked</dtml-if>>
- Cookies and login screens
- </div></td>
- </tr><tr>
- <td>&nbsp;</td>
- <td><br><input type="SUBMIT" value=" Apply Changes "></td>
- </tr>
-</table>
-</form>
-
-<dtml-var manage_page_footer>
-
diff --git a/dtml/showcache.dtml b/dtml/showcache.dtml
deleted file mode 100644
index fc03c30..0000000
--- a/dtml/showcache.dtml
+++ /dev/null
@@ -1,89 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-var manage_tabs>
-
-<p class="form-help">
-This view shows all available groups exposed by the LDAP server
-as well as all non-anonymous logged-in users in the cache
-at this moment. The caches can be flushed on the "Advanced" tab.
-</p>
-
-<table cellpadding"3" cellspacing="0" width="95%">
- <tr class="section-bar">
- <td align="left" valign="top"><div class="form-label">
- Available Groups
- </div></td>
- </tr>
-</table>
-
-<dtml-in expr="getGroups()">
-
- <dtml-if name="sequence-start">
- <br />
- <table border="1" cellpadding="2" cellspacing="0" width="95%">
- <tr>
- <td><div class="form-label">Friendly Name</div></td>
- <td><div class="form-label">Distinguished Name</div></td>
- </tr>
- </dtml-if>
-
- <tr>
- <td><div class="form-text"><dtml-var name="sequence-key"></div></td>
- <td><div class="form-text"><dtml-var name="sequence-item"></div></td>
- </tr>
-
- <dtml-if name="sequence-end">
- </table>
- </dtml-if>
-
-<dtml-else>
- <br />
- <div class="form-label">No groups found. Please check the settings "Group base DN" and "Groups search scope"
- and make sure your LDAP tree contains suitable group records.</div>
-
-</dtml-in>
-
-<p>&nbsp;</p>
-
-<table cellpadding"3" cellspacing="0" width="95%">
- <tr class="section-bar">
- <td align="left" valign="top"><div class="form-label">
- Cached users
- </div></td>
- </tr>
-</table>
-
-<dtml-in expr="getUsers()">
-
- <dtml-if name="sequence-start">
- <br />
- <table border="1" cellpadding="2">
- <tr>
- <td><div class="form-label">UserID</div></td>
- <td><div class="form-label">Roles</div></td>
- <td><div class="form-label">Last Access time</div></td>
- <td><div class="form-label">Cache Expires</div></td>
- </tr>
- </dtml-if>
-
- <tr>
- <td valign="top"><div class="form-text"><dtml-var expr="getUserName()"></div></td>
- <td valign="top"><div class="form-text">
- <dtml-in expr="getRoles()">
- <dtml-var name="sequence-item"><br>
- </dtml-in>
- </div></td>
- <td valign="top"><div class="form-text"><dtml-var expr="getLastActiveTime()" fmt=Time></div></td>
- <td valign="top"><div class="form-text"><dtml-var expr="getExpireTime()" fmt=Time></div></td>
- </tr>
-
- <dtml-if name="sequence-end">
- </table>
- </dtml-if>
-
-<dtml-else>
- <br />
- <div class="form-text">No users in cache (superuser is never cached)</div>
-
-</dtml-in>
-
-<dtml-var manage_page_footer>
diff --git a/dtml/showlog.dtml b/dtml/showlog.dtml
deleted file mode 100644
index 50713eb..0000000
--- a/dtml/showlog.dtml
+++ /dev/null
@@ -1,20 +0,0 @@
-<dtml-var manage_page_header>
-<dtml-var manage_tabs>
-
-<p class="form-help">
-These events were logged by the LDAPUserAdapter. To specify what is
-being logged please see the "Advanced" manage tab and set the log
-level. At present, the log level is &dtml-verbose;.
-</p>
-
-<p class="form-text">
-<dtml-in expr="getLog()" reverse>
- <dtml-var name="sequence-item"><br>
-
-<dtml-else>
- Nothing was logged at this log level!
-
-</dtml-in>
-</p>
-
-<dtml-var manage_page_footer>
diff --git a/help/LDAPLoginAdapter.py b/help/LDAPLoginAdapter.py
deleted file mode 100644
index ef50b42..0000000
--- a/help/LDAPLoginAdapter.py
+++ /dev/null
@@ -1,107 +0,0 @@
-#####################################################################
-#
-# LDAPLoginAdapter Interface: The interface for the LDAPLoginAdapter
-#
-# This software is governed by a license. See
-# LICENSE.txt for the terms of this license.
-#
-#####################################################################
-
-class LDAPLoginAdapter:
- """
- This interface file lists methods available for scripting
- LDAPLoginAdapter objects.
-
- Some others are accessible given the correct permissions but since
- they are used only in the internal workings of the LDAPLoginAdapter
- they are not listed here.
- """
-
-
- def getUsers():
- """
-
- Return all user objects. Since the number of user records in
- an LDAP database is potentially very large this method will
- only return those user objects that are in the internal cache
- of the LDAPLoginAdapter and not expired.
-
- This interface is supposed to go away at some point.
-
- Permission - Always available
-
- """
-
- def getUserNames():
- """
-
- Return a list of user IDs for all users that can be found
- given the selected user search base and search scope.
-
- This method will return a simple error message if the
- number of users exceeds the limit of search hits that is
- built into the python-ldap module.
-
- Permission - Always available
-
- """
-
- def getUser(name):
- """
-
- Return the user object for the user "name". if the user
- cannot be found, None will be returned.
-
- Permission - Always available
-
- """
-
- def getUserById(id):
- """
-
- Return the user object with the id "id". Currently this
- is equivalent to calling getUser. It is more useful in a
- context where there are separate IDs and names for
- user objects. This is not the case in this implementation.
-
- Permission - Always available
-
- """
-
- def getGroups(self):
- """
-
- Return a list of tuples consisting of the group name
- (the CN attribute) and the complete group DN of all
- those groups found within the search scope and search base
- for groups as specified in the LDAPLoginAdapter basic
- settings.
-
- Permission - From python only
-
- """
-
- def validate(REQUEST, auth_info, roles):
- """
-
- This method is not called from any DTML or python product
- code, but it is the heart of any user folder. Do not use
- it in your code, this explanation is just for understandings
- sake.
-
- This method is called by the Zope security machinery. Its
- arguments are the current REQUEST dictionary, the username
- and password pair returned by a basic auth login box
- (concatenated with a colon into the auth_info argument), and
- the roles that are given to any user by specifying "Default
- Roles" in the LDAPAdapter setup.
-
- If successful, a new LDAPUser object is created and returned.
- If not, None is returned, which will cause the Zope security
- machinery to throw an exception indicating that the user is
- not authenticated to access the resource.
-
- Permission - From python only
-
- """
-
diff --git a/help/LDAPLoginAdapter_Add.stx b/help/LDAPLoginAdapter_Add.stx
deleted file mode 100644
index d37e557..0000000
--- a/help/LDAPLoginAdapter_Add.stx
+++ /dev/null
@@ -1,73 +0,0 @@
-LDAPLoginAdapter - Add: Create a new link to an LDAP Directory
-
- Description
-
- LDAPLoginAdapter works just like a user folder. When you create an
- LDAPLoginAdapter object, its id will always be set to 'acl_users'.
- There is one important difference between LDAPLoginAdapters and User
- Folders: LDAPLoginAdapters *do not* contain users (That's why they're
- not called LDAPUserFolders), rather, LDAPLoginAdapters authenticate
- *against* an LDAP server. This can confuse some Zope users who
- think they must add a Zope user in order to allow someone to
- access a part of Zope. All you need to do is ensure that the user
- has an LDAP database entry, and Zope will let them see the branch
- of the object database that the LDAPLoginAdapter authenticates for.
- This is not a weakness in security, if a user can't authenticate
- against LDAP, they will not be allowed to log into Zope.
- When you add a LDAPLoginAdapter object it will ask you for the following:
-
- Controls
-
- 'Title' -- The (optional) title for this adapter
-
- 'LDAP Server' -- Specify the server name or IP address, optionally followed by
- a colon and a port number. If no port number is given a default of 389, which
- is the standard port LDAP servers listen on, will be assumed. The server name
- must not contain any prefixes like "ldap://".
-
- The LDAPLoginAdapter does not support secure LDAP connections via SSL.
-
- 'Login Name Attribute' -- The LDAP record attribute used as the username. The list
- of default choices can be changed in the Advanced settings after instantiating
- the LDAPLoginAdapter.
-
- 'Search base DN for users' -- The DN for the branch of your LDAP database that
- contains user records.
-
- 'User Search Scope' -- Choose the depth for all searches from the user search base dn
-
- 'Search base DN for groups' -- The DN for the branch of your LDAP database that
- contains group records. These group records are of the LDAP class
- "groupOfUniqueNames" and the entry CN attribute constitutes the group name.
- Groups embody Zope roles. A user which is part of a "Manager" group will
- have the "Manager" role after authenticating through the LDAPLoginAdapter.
-
- 'Group Search Scope' -- Choose the depth for all searches from the group search base dn
-
- 'LDAP bind UID and password' -- These are optional for
- situations where authentication is needed to
- bind to your LDAP server.
-
- 'Default User Roles' -- All users authenticated from your ldap tree
- will be given the roles you put in this comma-delimited list.
- Zope expects all users - anonymous as well as authenticated - to
- have the role Anonymous.
-
- 'Cookies' -- This setting toggles the authentication method. With "No Cookies"
- you will get the standard basic authentication with popup boxes for username
- and password. Using "Cookies and login screens" Zope will gather
- authentication information from cookies it sets on the user's browser. This
- also replaces the popup boxes with a login screen.
-
- The login screen can be customized by dropping a DTML Method named "login"
- in the LDAPLoginAdapter under the "Contents" tab. *Please* check out the
- default login page code in the LDAPLoginAdapter installation directory on
- your machine's file system, it is under dtml/login.dtml. Your custom login
- page *must be* a form that posts at least two form fields back to Zope,
- namely "__ac_name" containing the user name and "__ac_password" with the
- password.
-
- See README.txt in the LDAPLoginAdapter install directory about what to do
- if your custom login page locks you out of your own Zope installation.
-
- 'Add' -- Instantiate the LDAPLoginAdapter.
diff --git a/help/LDAPLoginAdapter_Advanced.stx b/help/LDAPLoginAdapter_Advanced.stx
deleted file mode 100644
index a03ed3f..0000000
--- a/help/LDAPLoginAdapter_Advanced.stx
+++ /dev/null
@@ -1,60 +0,0 @@
-LDAPLoginAdapter - Advanced: Edit Advanced Properties
-
- Description
-
- This view allows you to manage the advanced attributes of the LDAPLoginAdapter.
-
- Controls
-
- 'Purge All caches' -- This will purge all caches inside the LDAPLoginAdapter.
- This includes the cache of currently authenticated users, the log and any cached
- username lists.
-
- 'Log verbosity' -- This setting influences how much gets logged to the
- LDAPUserAdapter's internal log. This setting is cumulative, meaning
- a specific log level setting will log all events at the same or lower
- log level. The different log levels are:
-
- o 0: No logging entries will be made
-
- o 1: Catastrophes, like failures to connect to the LDAP server
-
- o 2: Major Events, like LDAPLoginAdapter property changes
-
- o 3: Minor Events, like initialization after Zope is restarted
-
- o 4: Authentication failures
-
- o 5: Successful authentications
-
- o 7: Authentication from cache
-
- o 9: Debugging, includes extra debugging info
-
- 'Change' -- Save changes to the log verbosity setting.
-
- 'Set special public user object attributes' -- This part of the form allows the
- manager to set attributes and map them to LDAP attributes that will be publicly
- available on the user object. This feature was added to allow suport for DTML code
- that uses notations like *AUTHENTICATED_USER.email* to access attributes on the
- user objects without going through any method.
-
- 'Delete selected Public User Attributes' -- If any public user attributes have been
- set they will be shown and the manager can select them using a checkbox. Pressing
- this delete button will remove the selected attributes from the user object. This
- removal has no bearing on the underlying LDAP record and all properties are still
- available through the *getProperty* call on the user object.
-
- 'Public Attribute' -- This field is for specifying the name of an attribute that
- you want to make available on the user object.
-
- 'LDAP Attribute' -- This select widget will give you a choice of LDAP attributes
- to map to your new public attribute. When a user object gets created all public
- attributes you specified are initialized to the value stored in the LDAP attribute
- you select on this select list, or an empty string if the attribute is not available.
-
- The contents of this select list are driven by the comma-separated list of
- allowable username attributes specified on the advanced properties form.
-
- 'Add Public user Attribute' -- Commits your new public user attribute and its mapping
- to the LDAPLoginAdapter.
diff --git a/help/LDAPLoginAdapter_Caches.stx b/help/LDAPLoginAdapter_Caches.stx
deleted file mode 100644
index d982ae9..0000000
--- a/help/LDAPLoginAdapter_Caches.stx
+++ /dev/null
@@ -1,29 +0,0 @@
-LDAPLoginAdapter - Caches: View Available Groups and Cached Users
-
- Description
-
- This view shows the cache of currently authenticated users and the
- groups exposed by your LDAP server for authentication purposes.
-
- Elements
-
- 'Available Groups' -- These are the groups found underneath the
- DN specified as group search base in the basic LDAPLoginAdapter
- settings. If you see no groups make sure that the group search
- base setting is correct and that your LDAP tree contains valid
- group records underneath the group search base DN.
-
- 'Cached users' -- These are the users in the cache of currently
- authenticated users. Anonymous users will not show up in this view.
-
- Every time an authenticated user makes a request to Zope,
- the username and password are verified. Depending on site traffic
- and number of users that log in through the LDAPLoginAdapter this
- process can happen several times a second. Since a lookup on the
- LDAP Server can be quite slow, the product will cache the user
- information for 15 minutes. This is the duration of a typical session.
-
- If a user's group membership is changed in the LDAP directory, then
- it may take up to 15 minutes before the LDAPLoginAdapter notices.
- Purging the cache (see the "Advanced" tab) will force any changes
- immediately.
diff --git a/help/LDAPLoginAdapter_Configure.stx b/help/LDAPLoginAdapter_Configure.stx
deleted file mode 100644
index 3d28b78..0000000
--- a/help/LDAPLoginAdapter_Configure.stx
+++ /dev/null
@@ -1,60 +0,0 @@
-LDAPLoginAdapter - Configure: Set the basic configuration for the LDAPLoginAdapter
-
- Description
-
- This view is used to change the basic settings of a LDAPLoginAdapter.
-
- Controls
-
- 'Title' -- The (optional) title for this adapter
-
- 'LDAP Server' -- Specify the server name or IP address, optionally followed by
- a colon and a port number. If no port number is given a default of 389, which
- is the standard port LDAP servers listen on, will be assumed. The server name
- must not contain any prefixes like "ldap://".
-
- The LDAPLoginAdapter does not support secure LDAP connections via SSL.
-
- 'Login Name Attribute' -- The LDAP record attribute used as the username. The list
- of default choices can be changed in the Advanced settings.
-
- 'Search base DN for users' -- The DN for the branch of your LDAP database that
- contains user records.
-
- 'User Search Scope' -- Choose the depth for all searches from the user search base dn
-
- 'Search base DN for groups' -- The DN for the branch of your LDAP database that
- contains group records. These group records are of the LDAP class
- "groupOfUniqueNames" and the entry CN attribute constitutes the group name.
- Groups embody Zope roles. A user which is part of a "Manager" group will
- have the "Manager" role after authenticating through the LDAPLoginAdapter.
-
- 'Group Search Scope' -- Choose the depth for all searches from the group search base dn
-
- 'LDAP bind UID and password' -- These are optional for
- situations where authentication is needed to
- bind to your ldap server.
-
- 'Default User Roles' -- All users authenticated from your ldap tree
- will be given the roles you put into this comma-delimited list.
- Zope expects all users - anonymous as well as authenticated - to
- have the role Anonymous.
-
- 'Cookies' -- This setting toggles the authentication method. With "No Cookies"
- you will get the standard basic authentication with popup boxes for username
- and password. Using "Cookies and login screens" Zope will gather
- authentication information from cookies it sets on the user's browser. This
- also replaces the popup boxes with a login screen.
-
- The login screen can be customized by dropping a DTML Method named "login"
- in the LDAPLoginAdapter under the "Contents" tab. *Please* check out the
- default login page code in the LDAPLoginAdapter installation directory on
- your machine's file system, it is under dtml/login.dtml. Your custom login
- page *must be* a form that posts at least two form fields back to Zope,
- namely "__ac_name" containing the user name and "__ac_password" with the
- password.
-
- See README.txt in the LDAPLoginAdapter install directory about what to do
- if your custom login page locks you out of your own Zope installation.
-
- 'Apply Changes' -- Save your configuration changes.
diff --git a/help/LDAPLoginAdapter_Contents.stx b/help/LDAPLoginAdapter_Contents.stx
deleted file mode 100644
index 279d3c8..0000000
--- a/help/LDAPLoginAdapter_Contents.stx
+++ /dev/null
@@ -1,39 +0,0 @@
-LDAPLoginAdapter - Contents: Place to store custom login pages
-
- Description
-
- This is where you instantiate a custom login page. Simply
- select DTML Method from the Add list and fill in the contents.
-
- **Warning**
-
- It is *very easy* to lock yourself out of your own site if you
- do the following:
-
- o Enable cookie-based authentication
-
- o Instantiate a login page that does not do the right thing
-
-
- Check out the code in the LDAPLoginAdapter install directory
- under dtml/login.dtml for what a login page has to do. You
- want to make sure that you have a *form* which posts at
- least 2 input fields named *__ac__name* (user name) and
- *__ac_password* (password) back.
-
-
- **Help, I locked myself out of my own site!**
-
- This can happen if you create a custom login page within
- the LDAPLoginAdapter which does not do the right thing and
- the authentication method is set to use cookies.
-
- In order to authenticate you can force the usage of the
- default login page by going to:
-
- http://my.site.com/acl_users/default_loginpage
-
- Type in your name and password and hit the button. You
- will stay on the same page, even if the authentication
- succeeded, you can then type the desired address into your
- browser's navigation bar.
diff --git a/help/LDAPLoginAdapter_Log.stx b/help/LDAPLoginAdapter_Log.stx
deleted file mode 100644
index 622ad7b..0000000
--- a/help/LDAPLoginAdapter_Log.stx
+++ /dev/null
@@ -1,32 +0,0 @@
-LDAPLoginAdapter - Log: View log information
-
- Description
-
- This screen shows the log kept by the LDAPLoginAdapter. A basic
- log entry has the following elements:
-
- o The log level that produced this entry
-
- o The entry timestamp
-
- o The log message
-
- You can specify what kinds of events get logged using the
- "Log verbosity" setting in the "Advanced" management tab. The
- different log levels are:
-
- o 0: No logging entries will be made
-
- o 1: Catastrophes, like failures to connect to the LDAP server
-
- o 2: Major Events, like LDAPLoginAdapter property changes
-
- o 3: Minor Events, like initialization after Zope is restarted
-
- o 4: Authentication failures
-
- o 5: Successful authentications
-
- o 7: Authentication from cache
-
- o 9: Debugging, includes extra debugging info
diff --git a/help/LDAPLoginAdapter_Schema.stx b/help/LDAPLoginAdapter_Schema.stx
deleted file mode 100644
index 1b16b19..0000000
--- a/help/LDAPLoginAdapter_Schema.stx
+++ /dev/null
@@ -1,30 +0,0 @@
-LDAPLoginAdapter - LDAP Schema: Improve the LDAPLoginAdapter's knowledge
- about your LDAP Schema
-
- Description
-
- Use this view to describe the schema in use for your LDAP user records.
- Adding or removing entries will not change your LDAP server schema or
- your records, it will only improve the LDAPLoginAdapter's knowledge
- about the schema you use for user records.
-
- The list of attributes you define is used to populate select boxes in
- other management views, such as the select box for the LDAP attribute
- to search on in the "Search" tab or the list of available attributes
- that can be selected for the user name in the "Configure" tab.
-
- Controls
-
- 'Delete' -- In order to remove items from the list of LDAP attributes
- known to the LDAPLoginAdapter you can select one or more checkboxes
- and hit "Delete" to remove them from the list.
-
- 'LDAP Attribute Name' -- Enter the name of an LDAP attribute as defined
- in your LDAP schema
-
- 'Friendly Name' -- LDAP attributes oftentimes have very cryptic names.
- Use this field to give the LDAP attribute you entered in "LDAP Attribute
- Name" a descriptive name.
-
- 'Add' -- Add the attribute and its descriptive name to the list of LDAP
- attributes known by the LDAPLoginAdapter.
diff --git a/help/LDAPLoginAdapter_Search.stx b/help/LDAPLoginAdapter_Search.stx
deleted file mode 100644
index 8f45b1e..0000000
--- a/help/LDAPLoginAdapter_Search.stx
+++ /dev/null
@@ -1,18 +0,0 @@
-LDAPLoginAdapter - Search: Search for Users
-
- Description
-
- This view allows the user to search for user records. Only those
- records will be returned that are underneath the user search base
- as specified in the basic settings.
-
- Select the LDAP record attribute to use as search parameter and
- type a value into the text input field. Searches by DN require the
- exact DN value while all other searches will return any record where
- the attribute searched on contains the value given in the input field.
-
- After hitting the "Search" button the user will receive a listing of
- matching records or a message if no records matched.
-
- In order to see a record's details simply press on the "View Details"
- button next to the record you are interested in.
diff --git a/help/LDAPUser.py b/help/LDAPUser.py
deleted file mode 100644
index 8da4a13..0000000
--- a/help/LDAPUser.py
+++ /dev/null
@@ -1,86 +0,0 @@
-#####################################################################
-#
-# LDAPUser Interface: The User object interface for the LDAPLoginAdapter
-#
-# This software is governed by a license. See
-# LICENSE.txt for the terms of this license.
-#
-#####################################################################
-
-class LDAPUser:
- """
- This interface is supported by user objects which
- are returned by user validation through the LDAPLoginAdapter
- product and used for access control.
-
- Some implementations are inherited from the base class
- AccessControl.User.BasicUser, so if you don't find a method
- in this listing in the LDAPUser module, look there.
- """
-
-
- def getUserName():
- """
-
- Return the name of a user
-
- Permission - Always available
-
- """
-
- def hasRole(object, roles):
- """
-
- Return a value that is true if the user has the given roles on
- the given object and return false otherwise.
-
- Permission - Always available
-
- """
-
- def getRoles(object):
- """
-
- Returns a list of the roles the user has on the given object
- (in the current context?)
-
- Permission - Always available
-
- """
-
- def getId():
- """
-
- Get the ID of the user. The ID can be used, at least from
- Python, to get the user from the user's UserDatabase.
-
- Permission - Python only
-
- """
-
- def getDatabasePath():
- """
-
- Get a physical path to the user's UserDatabase. A Traversal
- facility can be used to get the user database from the path
- returned by this method.
-
- Permission - Python only
-
- """
-
- def getProperty(name):
- """
-
- Retrieve the value of a property of name "name". If this
- property does not exist, None is returned.
-
- Properties can be any public attributes that are part of the
- user record in LDAP. Refer to them by their LDAP attribute
- name.
-
- Permission - Always available
-
- """
-
-
diff --git a/version.txt b/version.txt
deleted file mode 100644
index b563cc4..0000000
--- a/version.txt
+++ /dev/null
@@ -1 +0,0 @@
-LDAPLoginAdapter 1.2beta3
diff --git a/www/ldaploginadapter.gif b/www/ldaploginadapter.gif
deleted file mode 100644
index 6f90bdd..0000000
--- a/www/ldaploginadapter.gif
+++ /dev/null
Binary files differ