Application Information
| Title | Non-AT membrane, a new plone authentication scheme and ldap |
|---|---|
| Student | Florian Friesdorf |
| Mentor | Jens W. Klein |
| Abstract | |
|
Plone's built-in authentication system uses source_users and source_groups inside
the PlonePAS_ acl_users folder to store special user and group objects and portal_memberdata and portal_groupdata for their properties. They are not regular plone content. Membrane_ is a set of PAS plugins and adapters that enable archetype content objects as sources for users, groups and their properties. The objects may reside anywhere inside the plone instance, they may undergo workflow and whatever else that can be done with plone's content. However, currently membrane is limited to archetypes, support for non-AT content is desirable. PloneLDAP_ is state of the art for ldap integration. It provides a set of PAS plugins that allow to integrate and manage users and groups in an ldap directory. However, in contrast to plone's builtin scheme and ldap's possibilities, it does not support groups as members of groups and only users defined in ldap may be members of groups. Further, the integration of ldap is limited to users and groups, while a lot more might be useful to store in ldap (address books, email aliases, ...); the combination of PloneLDAP with content-based user management (membrane) is difficult to impossible for end users and multiple ldap servers are not properly supported. The goal of the project are: - a successor to membrane which is based on pure zope3 only, i.e. no archetypes dependency; - a set of content types that reflect ldap's understanding of users and groups; - a system that allows end-users to connect plone with multiple ldap authentication sources and enables plone as administrative front-end for ldap directories in general, i.e. PloneUI not ZMI. By that, the project will also build the base for other non-AT authentication schemes, for synchronization with ldap content other than users and groups, and for synchronization with further external storage in a likewise manner. .. _PlonePAS: http://plone.org/products/plonepas .. _membrane: http://plone.org/products/membrane .. _PloneLDAP: http://plone.org/products/ploneldap |
|