diff --git a/users_ldap_push/README.rst b/users_ldap_push/README.rst new file mode 100644 index 000000000..f6127f3e4 --- /dev/null +++ b/users_ldap_push/README.rst @@ -0,0 +1,84 @@ +.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg + :alt: License: AGPL-3 + +================== +Push users to LDAP +================== + +This module was written in order to use Odoo as a frontend for creating LDAP +entries by creating user records. Updates to the user record will be propagated +to the linked LDAP entry afterwards. + +When users change their passwords, they will be updated in the LDAP directory +too. + +Configuration +============= + +On the LDAP parameters of your company, check *Create ldap entry* in order to +activate this functionality. Be sure to configure a bind DN that has +appropriate permissions to create and modify entries. + +Fill in the object classes newly created entries should contain, separated by +colons. Those classes will determine which mappings from Odoo fields to LDAP +attributes you need. This is highly dependent on your LDAP setup. + +For a standard slapd setup, you might want to use object classes +`inetOrgPerson,shadowAccount` and the following mapping: + +========== ============== == +Odoo field LDAP attribute DN +========== ============== == +Login userid X +Name cn +Name sn +========== ============== == + +Matching is done by the new field *ldap_entry_dn*, so after installing this +module, you'll probably want to set this field. The module will write it when +a user logs in via Odoo. + +Usage +===== + +When you create or update users, their corresponding LDAP entries will be +updated too. + +When creating users, there's a checkbox 'LDAP user' which allows you to push +the new user to your LDAP directory. This of course only works if you have +field mappings for all mandatory fields in your schema. + +.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas + :alt: Try me on Runbot + :target: https://runbot.odoo-community.org/runbot/149/8.0 + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us smashing it by providing a detailed and welcomed feedback +`here `_. + +Credits +======= + +Contributors +------------ + +* Holger Brunn + +Maintainer +---------- + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +This module is maintained by the OCA. + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +To contribute to this module, please visit http://odoo-community.org. diff --git a/users_ldap_push/__init__.py b/users_ldap_push/__init__.py new file mode 100644 index 000000000..b5779b484 --- /dev/null +++ b/users_ldap_push/__init__.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV . +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from . import models +from . import wizards diff --git a/users_ldap_push/__openerp__.py b/users_ldap_push/__openerp__.py new file mode 100644 index 000000000..6331ee36b --- /dev/null +++ b/users_ldap_push/__openerp__.py @@ -0,0 +1,44 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV . +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +{ + "name": "Push users to LDAP", + "version": "8.0.1.0.0", + "author": "Therp BV,Odoo Community Association (OCA)", + "license": "AGPL-3", + "category": "Authentication", + "summary": "Creates a ldap entry when you create a user in Odoo", + "depends": [ + 'auth_ldap', + 'mail', + ], + "data": [ + "views/res_users.xml", + "views/res_company.xml", + 'security/ir.model.access.csv', + ], + "qweb": [ + ], + "test": [ + ], + "installable": True, + "external_dependencies": { + 'python': ['ldap'], + }, +} diff --git a/users_ldap_push/models/__init__.py b/users_ldap_push/models/__init__.py new file mode 100644 index 000000000..32839eb64 --- /dev/null +++ b/users_ldap_push/models/__init__.py @@ -0,0 +1,23 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV . +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from . import res_company_ldap +from . import res_company_ldap_field_mapping +from . import res_users +from . import res_partner diff --git a/users_ldap_push/models/res_company_ldap.py b/users_ldap_push/models/res_company_ldap.py new file mode 100644 index 000000000..f5782193f --- /dev/null +++ b/users_ldap_push/models/res_company_ldap.py @@ -0,0 +1,64 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from openerp import _, models, fields, api, exceptions + + +class ResCompanyLdap(models.Model): + _inherit = 'res.company.ldap' + + @api.model + def _create_ldap_entry_field_mappings_default(self): + return [ + (0, 0, { + 'field_id': + self.env.ref('base.field_res_users_login').id, + 'attribute': 'userid', + 'use_for_dn': True, + }), + ] + + create_ldap_entry = fields.Boolean('Create ldap entry', default=True) + create_ldap_entry_base = fields.Char( + 'Create ldap entry in subtree', + help='Leave empty to use your LDAP base') + create_ldap_entry_objectclass = fields.Char( + 'Object class', default='account', + help='Separate object classes by comma if you need more than one') + create_ldap_entry_field_mappings = fields.One2many( + 'res.company.ldap.field_mapping', 'ldap_id', string='Field mappings', + default=_create_ldap_entry_field_mappings_default) + + @api.model + def get_or_create_user(self, conf, login, ldap_entry): + user_id = super(ResCompanyLdap, self).get_or_create_user( + conf, login, ldap_entry) + if user_id: + self.env['res.users'].browse(user_id).write({ + 'ldap_entry_dn': ldap_entry[0], + }) + return user_id + + @api.constrains('create_ldap_entry_field_mappings') + def _constrain_create_ldap_entry_field_mappings(self): + for this in self: + if len(this.create_ldap_entry_field_mappings + .filtered('use_for_dn')) != 1: + raise exceptions.ValidationError( + _('You need to set exactly one mapping as DN')) diff --git a/users_ldap_push/models/res_company_ldap_field_mapping.py b/users_ldap_push/models/res_company_ldap_field_mapping.py new file mode 100644 index 000000000..99835cf5f --- /dev/null +++ b/users_ldap_push/models/res_company_ldap_field_mapping.py @@ -0,0 +1,40 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from openerp import models, fields, api + + +class ResCompanyLdapFieldMapping(models.Model): + _name = 'res.company.ldap.field_mapping' + _description = 'Mapping from Odoo fields to ldap attributes' + + field_id = fields.Many2one( + 'ir.model.fields', string='Odoo field', required=True, + domain=lambda self: self._field_id_domain()) + attribute = fields.Char('LDAP attribute', required=True) + use_for_dn = fields.Boolean('DN') + ldap_id = fields.Many2one( + 'res.company.ldap', string='LDAP configuration', required=True) + + @api.model + def _field_id_domain(self): + return [ + ('model_id', '=', self.env.ref('base.model_res_users').id), + ('ttype', 'in', ['selection', 'char', 'text', 'integer', 'float']), + ] diff --git a/users_ldap_push/models/res_partner.py b/users_ldap_push/models/res_partner.py new file mode 100644 index 000000000..7a87c56de --- /dev/null +++ b/users_ldap_push/models/res_partner.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from openerp import models, api + + +class ResPartner(models.Model): + _inherit = 'res.partner' + + @api.multi + def write(self, vals): + result = super(ResPartner, self).write(vals) + self.filtered('user_ids.is_ldap_user').mapped('user_ids')\ + .push_to_ldap(vals) + return result diff --git a/users_ldap_push/models/res_users.py b/users_ldap_push/models/res_users.py new file mode 100644 index 000000000..e163a453d --- /dev/null +++ b/users_ldap_push/models/res_users.py @@ -0,0 +1,175 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +import ldap +import ldap.modlist +import logging +from openerp import _, models, fields, api, exceptions +_logger = logging.getLogger(__name__) + + +class ResUsers(models.Model): + _inherit = 'res.users' + + ldap_entry_dn = fields.Char('LDAP DN', readonly=True) + is_ldap_user = fields.Boolean( + 'LDAP user', compute='_compute_is_ldap_user', default=True) + + @api.model + @api.returns('self', lambda record: record.id) + def create(self, values): + result = super(ResUsers, self).create(values) + result.push_to_ldap(values) + return result + + @api.multi + def write(self, values): + result = super(ResUsers, self).write(values) + self.push_to_ldap(values) + return result + + @api.multi + def _push_to_ldap_possible(self, values): + return bool(self._get_ldap_configuration()) + + @api.multi + def _get_ldap_configuration(self): + self.ensure_one() + return self.sudo().company_id.ldaps.filtered('create_ldap_entry')[:1] + + @api.multi + def _get_ldap_values(self, values): + self.ensure_one() + conf = self._get_ldap_configuration() + result = {} + for mapping in conf.create_ldap_entry_field_mappings: + field_name = mapping.field_id.name + if field_name not in values or not values[field_name]: + continue + result[mapping.attribute] = [str(values[field_name])] + if result: + result['objectClass'] = conf.create_ldap_entry_objectclass\ + .encode('utf-8').split(',') + return result + + @api.multi + def _get_ldap_dn(self, values): + self.ensure_one() + conf = self._get_ldap_configuration() + dn = conf.create_ldap_entry_field_mappings.filtered('use_for_dn') + assert dn, 'No DN attribute mapping given!' + assert self[dn.field_id.name], 'DN attribute empty!' + return '%s=%s,%s' % ( + dn.attribute, + ldap.dn.escape_dn_chars(self[dn.field_id.name].encode('utf-8')), + conf.create_ldap_entry_base or conf.ldap_base) + + @api.multi + def push_to_ldap(self, values): + for this in self: + if not values.get('is_ldap_user') and not this.is_ldap_user: + continue + if not this._push_to_ldap_possible(values): + continue + ldap_values = this._get_ldap_values(values) + if not ldap_values: + continue + ldap_configuration = this._get_ldap_configuration() + ldap_connection = ldap_configuration.connect( + ldap_configuration.read()[0]) + ldap_connection.simple_bind_s( + (ldap_configuration.ldap_binddn or '').encode('utf-8'), + (ldap_configuration.ldap_password or '').encode('utf-8')) + + try: + if not this.ldap_entry_dn: + this._push_to_ldap_create( + ldap_connection, ldap_configuration, values, + ldap_values) + if this.ldap_entry_dn: + this._push_to_ldap_write( + ldap_connection, ldap_configuration, values, + ldap_values) + except ldap.LDAPError as e: + _logger.exception(e) + raise exceptions.Warning(_('Error'), e.message) + finally: + ldap_connection.unbind_s() + + @api.multi + def _push_to_ldap_create(self, ldap_connection, ldap_configuration, values, + ldap_values): + self.ensure_one() + dn = self._get_ldap_dn(values) + ldap_connection.add_s( + dn, + ldap.modlist.addModlist(ldap_values)) + self.write({'ldap_entry_dn': dn}) + + @api.multi + def _push_to_ldap_write(self, ldap_connection, ldap_configuration, values, + ldap_values): + self.ensure_one() + dn = self.ldap_entry_dn.encode('utf-8') + dn_mapping = ldap_configuration.create_ldap_entry_field_mappings\ + .filtered('use_for_dn') + if dn_mapping.attribute in ldap_values: + ldap_values.pop(dn_mapping.attribute) + ldap_entry = ldap_connection.search_s( + dn, ldap.SCOPE_BASE, '(objectClass=*)', + map(lambda x: x.encode('utf-8'), ldap_values.keys())) + assert ldap_entry, '%s not found!' % self.ldap_entry_dn + ldap_entry = ldap_entry[0][1] + ldap_connection.modify_s( + dn, + ldap.modlist.modifyModlist(ldap_entry, ldap_values)) + + @api.one + @api.depends('ldap_entry_dn') + def _compute_is_ldap_user(self): + self.is_ldap_user = bool(self.ldap_entry_dn) + + @api.one + def _change_ldap_password(self, new_passwd, auth_dn=None, + auth_passwd=None): + ldap_configuration = self.env.user.sudo()._get_ldap_configuration() + ldap_connection = ldap_configuration.connect( + ldap_configuration.read()[0]) + dn = auth_dn or ldap_configuration.ldap_binddn + old_passwd = auth_passwd or ldap_configuration.ldap_password + ldap_connection.simple_bind_s( + dn.encode('utf-8'), old_passwd.encode('utf-8')) + self.env['ir.model.access'].check('res.users', 'write') + self.env.user.check_access_rule('write') + try: + ldap_connection.passwd_s( + self.ldap_entry_dn, None, new_passwd.encode('utf-8')) + except ldap.LDAPError, e: + raise exceptions.Warning(_('Error'), e.message) + finally: + ldap_connection.unbind_s() + return True + + @api.model + def change_password(self, old_passwd, new_passwd): + if self.env.user.is_ldap_user: + return self.env.user._change_ldap_password( + new_passwd, auth_dn=self.env.user.ldap_entry_dn, + auth_passwd=old_passwd) + return super(ResUsers, self).change_password(old_passwd, new_passwd) diff --git a/users_ldap_push/security/ir.model.access.csv b/users_ldap_push/security/ir.model.access.csv new file mode 100644 index 000000000..06b3350c2 --- /dev/null +++ b/users_ldap_push/security/ir.model.access.csv @@ -0,0 +1,3 @@ +"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink" +read_field_mappings,Read field mappings,model_res_company_ldap_field_mapping,,1,0,0,0 +crud_field_mappings,CRUD field mappings,model_res_company_ldap_field_mapping,base.group_system,1,1,1,1 diff --git a/users_ldap_push/static/description/icon.png b/users_ldap_push/static/description/icon.png new file mode 100644 index 000000000..3a0328b51 Binary files /dev/null and b/users_ldap_push/static/description/icon.png differ diff --git a/users_ldap_push/tests/__init__.py b/users_ldap_push/tests/__init__.py new file mode 100644 index 000000000..e72d7ea8d --- /dev/null +++ b/users_ldap_push/tests/__init__.py @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV . +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from . import test_users_ldap_push diff --git a/users_ldap_push/tests/test_users_ldap_push.py b/users_ldap_push/tests/test_users_ldap_push.py new file mode 100644 index 000000000..cf2c0685e --- /dev/null +++ b/users_ldap_push/tests/test_users_ldap_push.py @@ -0,0 +1,104 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV . +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +import ldap +from openerp.tests.common import TransactionCase + + +class FakeLdapConnection(object): + def __init__(self): + self.entries = {} + + def simple_bind_s(self, dn, passwd): + pass + + def add_s(self, dn, modlist): + self.entries[dn] = modlist + + def search_s(self, dn, scope, ldap_filter, attributes): + if dn in self.entries: + return [(dn, dict(self.entries[dn]))] + return None + + def modify_s(self, dn, modlist): + if dn not in self.entries: + raise ldap.NO_SUCH_OBJECT() + for operation, attribute, value in modlist: + if operation == ldap.MOD_ADD: + self.entries[dn].append((attribute, value)) + continue + + def unbind_s(self): + pass + + +class TestUsersLdapPush(TransactionCase): + def test_users_ldap_push(self): + company = self.env['res.company'].create({ + 'name': 'testcompany', + 'ldaps': [(0, 0, { + 'ldap_base': 'dc=test', + 'ldap_filter': '(uid=%s)', + 'create_ldap_entry_field_mappings': [ + ( + 0, 0, { + 'field_id': + self.env.ref('base.field_res_users_login').id, + 'attribute': 'userid', + 'use_for_dn': True, + }, + ), + ( + 0, 0, { + 'field_id': + self.env.ref('base.field_res_users_name').id, + 'attribute': 'sn', + }, + ), + ], + })], + }) + fake_ldap = FakeLdapConnection() + self.env['res.company.ldap']._patch_method( + 'connect', lambda x, y: fake_ldap) + user = self.env['res.users'].create({ + 'name': 'testuser', + 'login': 'testuser', + 'company_ids': [(6, 0, company.ids)], + 'company_id': company.id, + 'is_ldap_user': False, + }) + self.assertFalse(user.ldap_entry_dn) + user.unlink() + user = self.env['res.users'].create({ + 'name': 'testuser', + 'login': 'testuser', + 'company_ids': [(6, 0, company.ids)], + 'company_id': company.id, + 'is_ldap_user': True, + }) + self.assertTrue(fake_ldap.entries[user.ldap_entry_dn]) + self.assertEqual( + dict(fake_ldap.entries[user.ldap_entry_dn])['userid'], + [user.login]) + user.partner_id.write({'name': 'testuser2'}) + self.assertTrue([ + v for a, v in fake_ldap.entries[user.ldap_entry_dn] + if v == ['testuser2'] + ]) diff --git a/users_ldap_push/views/res_company.xml b/users_ldap_push/views/res_company.xml new file mode 100644 index 000000000..51eb56e72 --- /dev/null +++ b/users_ldap_push/views/res_company.xml @@ -0,0 +1,27 @@ + + + + + res.company + + + + + + + + + + + + + + + + + + + + + + diff --git a/users_ldap_push/views/res_users.xml b/users_ldap_push/views/res_users.xml new file mode 100644 index 000000000..efc6716d3 --- /dev/null +++ b/users_ldap_push/views/res_users.xml @@ -0,0 +1,44 @@ + + + + + res.users + + + + + + + + + res.users + + + + + + + + + + res.users + + + + + + 0 + + + + + res.users + + + + + + + + + diff --git a/users_ldap_push/wizards/__init__.py b/users_ldap_push/wizards/__init__.py new file mode 100644 index 000000000..5d1c231c5 --- /dev/null +++ b/users_ldap_push/wizards/__init__.py @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV . +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from . import change_password_user diff --git a/users_ldap_push/wizards/change_password_user.py b/users_ldap_push/wizards/change_password_user.py new file mode 100644 index 000000000..20f6b1065 --- /dev/null +++ b/users_ldap_push/wizards/change_password_user.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +############################################################################## +# +# This module copyright (C) 2015 Therp BV (). +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +############################################################################## +from openerp import models, api + + +class ChangePasswordUser(models.TransientModel): + _inherit = 'change.password.user' + + @api.multi + def change_password_button(self): + for user_line in self.filtered('user_id.is_ldap_user'): + user_line.user_id._change_ldap_password(user_line.new_passwd) + user_line.new_passwd = False + return super(ChangePasswordUser, self.filtered( + lambda x: not x.user_id.is_ldap_user)).change_password_button()