[Mailman-Developers] MemberAdaptor... trouble with API?

Steve Spicklemire steve@spvi.com
Sat, 17 Aug 2002 11:58:07 -0500

Hi Mailman folks,

I've started poking around in mailman, trying to help out some folks, 
and I've come across something I'm not sure how to handle. I'd like to 
get Mailman working with LDAP, and the first order of business is to 
simply allow folks to use their LDAP passwords as an option when 
authenticating with Mailman. Here was my first crack at it:

from checkLDAP import checkLDAP
import string

def makefunc(oldAuth):
     def new_authenticateMember( member, response, oldAuth=oldAuth, 
debug=0 ):

         l_r = string.split(member, '@')

         if len(l_r) == 2:
             if l_r[1] == 'our.domain':
                 if checkLDAP( None, member, response):
                     return response

         return oldAuth( member, response)

     return new_authenticateMember

def extend(mlist):
     oldfunc = mlist.authenticateMember
     mlist.authenticateMember = makefunc(oldfunc)

I expected that all I needed to do was to replace "authenticateMember' 
in extend.py and I would be set. Unfortunately, my code never gets 
called! Snooping through the SecurityManager class, I see that instead, 
it uses 'getMemberPassword', and never calls 'authenticateMember' at 
all! The problem is that we don't have any unencrypted passwords to 
"get". So do I need to override "Authenticate" of SecurityManger to call 
authenticateMember rather then 'getMemberPassword'? This seems a little 
wierd. Would it be better to have SecurityManager call 
'authenticateMember'? Is the cleartext password really required? If it 
*is* actually required, couldn't the code just call 
'authenticateMember', and if successful, use 'response', rather than 
asking for the cleartext password from the member adaptor?