OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1409 Commits
13 Branches
0 Tags
45 MiB
Tree: 4404271682
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4404271682'
${ noResults }
server-tools/users_ldap_push/models/res_users.py

180 lines
6.8 KiB
Raw Normal View History

[ADD] users_ldap_push
9 years ago
[FIX] users_ldap_push: Protect imports
9 years ago
[ADD] users_ldap_push
9 years ago
[FIX] users_ldap_push: Protect imports
9 years ago
[ADD] users_ldap_push
9 years ago
  1. # -*- coding: utf-8 -*-
  2. ##############################################################################
  3. #
  4. # This module copyright (C) 2015 Therp BV (<http://therp.nl>).
  5. #
  6. # This program is free software: you can redistribute it and/or modify
  7. # it under the terms of the GNU Affero General Public License as
  8. # published by the Free Software Foundation, either version 3 of the
  9. # License, or (at your option) any later version.
  10. #
  11. # This program is distributed in the hope that it will be useful,
  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. # GNU Affero General Public License for more details.
  15. #
  16. # You should have received a copy of the GNU Affero General Public License
  17. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. #
  19. ##############################################################################
  20. from openerp import _, models, fields, api, exceptions
  21. import logging
  23. _logger = logging.getLogger(__name__)
  25. try:
  26. import ldap
  27. import ldap.modlist
  28. except ImportError:
  29. _logger.debug('Can not `from ldap.filter import filter_format`.')
  32. class ResUsers(models.Model):
  33. _inherit = 'res.users'
  35. ldap_entry_dn = fields.Char('LDAP DN', readonly=True)
  36. is_ldap_user = fields.Boolean(
  37. 'LDAP user', compute='_compute_is_ldap_user', default=True)
  39. @api.model
  40. @api.returns('self', lambda record: record.id)
  41. def create(self, values):
  42. result = super(ResUsers, self).create(values)
  43. result.push_to_ldap(values)
  44. return result
  46. @api.multi
  47. def write(self, values):
  48. result = super(ResUsers, self).write(values)
  49. self.push_to_ldap(values)
  50. return result
  52. @api.multi
  53. def _push_to_ldap_possible(self, values):
  54. return bool(self._get_ldap_configuration())
  56. @api.multi
  57. def _get_ldap_configuration(self):
  58. self.ensure_one()
  59. return self.sudo().company_id.ldaps.filtered('create_ldap_entry')[:1]
  61. @api.multi
  62. def _get_ldap_values(self, values):
  63. self.ensure_one()
  64. conf = self._get_ldap_configuration()
  65. result = {}
  66. for mapping in conf.create_ldap_entry_field_mappings:
  67. field_name = mapping.field_id.name
  68. if field_name not in values or not values[field_name]:
  69. continue
  70. result[mapping.attribute] = [str(values[field_name])]
  71. if result:
  72. result['objectClass'] = conf.create_ldap_entry_objectclass\
  73. .encode('utf-8').split(',')
  74. return result
  76. @api.multi
  77. def _get_ldap_dn(self, values):
  78. self.ensure_one()
  79. conf = self._get_ldap_configuration()
  80. dn = conf.create_ldap_entry_field_mappings.filtered('use_for_dn')
  81. assert dn, 'No DN attribute mapping given!'
  82. assert self[dn.field_id.name], 'DN attribute empty!'
  83. return '%s=%s,%s' % (
  84. dn.attribute,
  85. ldap.dn.escape_dn_chars(self[dn.field_id.name].encode('utf-8')),
  86. conf.create_ldap_entry_base or conf.ldap_base)
  88. @api.multi
  89. def push_to_ldap(self, values):
  90. for this in self:
  91. if not values.get('is_ldap_user') and not this.is_ldap_user:
  92. continue
  93. if not this._push_to_ldap_possible(values):
  94. continue
  95. ldap_values = this._get_ldap_values(values)
  96. if not ldap_values:
  97. continue
  98. ldap_configuration = this._get_ldap_configuration()
  99. ldap_connection = ldap_configuration.connect(
  100. ldap_configuration.read()[0])
  101. ldap_connection.simple_bind_s(
  102. (ldap_configuration.ldap_binddn or '').encode('utf-8'),
  103. (ldap_configuration.ldap_password or '').encode('utf-8'))
  105. try:
  106. if not this.ldap_entry_dn:
  107. this._push_to_ldap_create(
  108. ldap_connection, ldap_configuration, values,
  109. ldap_values)
  110. if this.ldap_entry_dn:
  111. this._push_to_ldap_write(
  112. ldap_connection, ldap_configuration, values,
  113. ldap_values)
  114. except ldap.LDAPError as e:
  115. _logger.exception(e)
  116. raise exceptions.Warning(_('Error'), e.message)
  117. finally:
  118. ldap_connection.unbind_s()
  120. @api.multi
  121. def _push_to_ldap_create(self, ldap_connection, ldap_configuration, values,
  122. ldap_values):
  123. self.ensure_one()
  124. dn = self._get_ldap_dn(values)
  125. ldap_connection.add_s(
  126. dn,
  127. ldap.modlist.addModlist(ldap_values))
  128. self.write({'ldap_entry_dn': dn})
  130. @api.multi
  131. def _push_to_ldap_write(self, ldap_connection, ldap_configuration, values,
  132. ldap_values):
  133. self.ensure_one()
  134. dn = self.ldap_entry_dn.encode('utf-8')
  135. dn_mapping = ldap_configuration.create_ldap_entry_field_mappings\
  136. .filtered('use_for_dn')
  137. if dn_mapping.attribute in ldap_values:
  138. ldap_values.pop(dn_mapping.attribute)
  139. ldap_entry = ldap_connection.search_s(
  140. dn, ldap.SCOPE_BASE, '(objectClass=*)',
  141. map(lambda x: x.encode('utf-8'), ldap_values.keys()))
  142. assert ldap_entry, '%s not found!' % self.ldap_entry_dn
  143. ldap_entry = ldap_entry[0][1]
  144. ldap_connection.modify_s(
  145. dn,
  146. ldap.modlist.modifyModlist(ldap_entry, ldap_values))
  148. @api.one
  149. @api.depends('ldap_entry_dn')
  150. def _compute_is_ldap_user(self):
  151. self.is_ldap_user = bool(self.ldap_entry_dn)
  153. @api.one
  154. def _change_ldap_password(self, new_passwd, auth_dn=None,
  155. auth_passwd=None):
  156. ldap_configuration = self.env.user.sudo()._get_ldap_configuration()
  157. ldap_connection = ldap_configuration.connect(
  158. ldap_configuration.read()[0])
  159. dn = auth_dn or ldap_configuration.ldap_binddn
  160. old_passwd = auth_passwd or ldap_configuration.ldap_password
  161. ldap_connection.simple_bind_s(
  162. dn.encode('utf-8'), old_passwd.encode('utf-8'))
  163. self.env['ir.model.access'].check('res.users', 'write')
  164. self.env.user.check_access_rule('write')
  165. try:
  166. ldap_connection.passwd_s(
  167. self.ldap_entry_dn, None, new_passwd.encode('utf-8'))
  168. except ldap.LDAPError, e:
  169. raise exceptions.Warning(_('Error'), e.message)
  170. finally:
  171. ldap_connection.unbind_s()
  172. return True
  174. @api.model
  175. def change_password(self, old_passwd, new_passwd):
  176. if self.env.user.is_ldap_user:
  177. return self.env.user._change_ldap_password(
  178. new_passwd, auth_dn=self.env.user.ldap_entry_dn,
  179. auth_passwd=old_passwd)
  180. return super(ResUsers, self).change_password(old_passwd, new_passwd)