OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
579 Commits
13 Branches
0 Tags
45 MiB
Tree: 3f451ad1f3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3f451ad1f3'
${ noResults }
server-tools/users_ldap_groups/users_ldap_groups.py

106 lines
4.1 KiB
Raw Normal View History

Therp's modules to sync OpenERP with LDAP directories
12 years ago
porting to v8
9 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
[PEP8] users_ldap_groups
11 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
porting to v8
9 years ago
[PEP8] users_ldap_groups
11 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
porting to v8
9 years ago
[PEP8] users_ldap_groups
11 years ago
fix pep8 W503
10 years ago
[PEP8] users_ldap_groups
11 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
porting to v8
9 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
[PEP8] users_ldap_groups
11 years ago
porting to v8
9 years ago
[PEP8] users_ldap_groups
11 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
porting to v8
9 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
[PEP8] users_ldap_groups
11 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
move to new apis
9 years ago
porting to v8
9 years ago
move to new apis
9 years ago
[PEP8] users_ldap_groups
11 years ago
move to new apis
9 years ago
[PEP8] users_ldap_groups
11 years ago
move to new apis
9 years ago
[PEP8] users_ldap_groups
11 years ago
fix missing new api call
9 years ago
Therp's modules to sync OpenERP with LDAP directories
12 years ago
move to new apis
9 years ago
[PEP8] users_ldap_groups
11 years ago
move to new apis
9 years ago
[PEP8] users_ldap_groups
11 years ago
  1. # -*- coding: utf-8 -*-
  2. ##############################################################################
  3. #
  4. # OpenERP, Open Source Management Solution
  5. # This module copyright (C) 2012 Therp BV (<http://therp.nl>).
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU Affero General Public License as
  9. # published by the Free Software Foundation, either version 3 of the
  10. # License, or (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU Affero General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU Affero General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. ##############################################################################
  22. from openerp import models
  23. from openerp import fields
  24. from openerp import api
  25. import logging
  26. import users_ldap_groups_operators
  27. import inspect
  30. class CompanyLDAPGroupMapping(models.Model):
  31. _name = 'res.company.ldap.group_mapping'
  32. _rec_name = 'ldap_attribute'
  33. _order = 'ldap_attribute'
  35. def _get_operators(self):
  36. operators = []
  37. members = inspect.getmembers(
  38. users_ldap_groups_operators,
  39. lambda cls:
  40. inspect.isclass(cls) and
  41. cls != users_ldap_groups_operators.LDAPOperator)
  42. for name, operator in members:
  43. operators.append((name, name))
  44. return tuple(operators)
  46. ldap_id = fields.Many2one('res.company.ldap', 'LDAP server', required=True)
  47. ldap_attribute = fields.Char(
  48. 'LDAP attribute', size=64,
  49. help='The LDAP attribute to check.\n'
  50. 'For active directory, use memberOf.')
  51. operator = fields.Selection(
  52. _get_operators, 'Operator',
  53. help='The operator to check the attribute against the value\n'
  54. 'For active directory, use \'contains\'', required=True)
  55. value = fields.Char(
  56. 'Value', size=1024,
  57. help='The value to check the attribute against.\n'
  58. 'For active directory, use the dn of the desired group',
  59. required=True)
  60. group = fields.Many2one(
  61. 'res.groups', 'OpenERP group',
  62. help='The OpenERP group to assign', required=True)
  65. class CompanyLDAP(models.Model):
  66. _inherit = 'res.company.ldap'
  68. group_mappings = fields.One2many(
  69. 'res.company.ldap.group_mapping',
  70. 'ldap_id', 'Group mappings',
  71. help='Define how OpenERP groups are assigned to ldap users')
  72. only_ldap_groups = fields.Boolean(
  73. 'Only ldap groups',
  74. help='If this is checked, manual changes to group membership are '
  75. 'undone on every login (so OpenERP groups are always synchronous '
  76. 'with LDAP groups). If not, manually added groups are preserved.')
  78. _default = {
  79. 'only_ldap_groups': False,
  80. }
  82. @api.model
  83. def get_or_create_user(self, conf, login, ldap_entry):
  84. id_ = conf['id']
  85. this = self.browse(id_)
  86. user_id = super(CompanyLDAP, self).get_or_create_user(
  87. conf, login, ldap_entry)
  88. if not user_id:
  89. return user_id
  90. userobj = self.env['res.users']
  91. user = userobj.browse(user_id)
  92. logger = logging.getLogger('users_ldap_groups')
  93. if self.only_ldap_groups:
  94. logger.debug('deleting all groups from user %d' % user_id)
  95. user.write({'groups_id': [(5, )]})
  97. for mapping in this.group_mappings:
  98. operator = mapping.operator
  99. operator = getattr(users_ldap_groups_operators, mapping.operator)()
  100. logger.debug('checking mapping %s' % mapping)
  101. if operator.check_value(ldap_entry, mapping['ldap_attribute'],
  102. mapping['value'], conf, self, logger):
  103. logger.debug('adding user %d to group %s' %
  104. (user_id, mapping.group.name))
  105. user.write({'groups_id': [(4, mapping.group.id)]})
  106. return user_id