Holger Brunn
9 years ago
16 changed files with 732 additions and 0 deletions
-
84users_ldap_push/README.rst
-
21users_ldap_push/__init__.py
-
44users_ldap_push/__openerp__.py
-
23users_ldap_push/models/__init__.py
-
64users_ldap_push/models/res_company_ldap.py
-
40users_ldap_push/models/res_company_ldap_field_mapping.py
-
31users_ldap_push/models/res_partner.py
-
175users_ldap_push/models/res_users.py
-
3users_ldap_push/security/ir.model.access.csv
-
BINusers_ldap_push/static/description/icon.png
-
20users_ldap_push/tests/__init__.py
-
104users_ldap_push/tests/test_users_ldap_push.py
-
27users_ldap_push/views/res_company.xml
-
44users_ldap_push/views/res_users.xml
-
20users_ldap_push/wizards/__init__.py
-
32users_ldap_push/wizards/change_password_user.py
@ -0,0 +1,84 @@ |
|||||
|
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg |
||||
|
:alt: License: AGPL-3 |
||||
|
|
||||
|
================== |
||||
|
Push users to LDAP |
||||
|
================== |
||||
|
|
||||
|
This module was written in order to use Odoo as a frontend for creating LDAP |
||||
|
entries by creating user records. Updates to the user record will be propagated |
||||
|
to the linked LDAP entry afterwards. |
||||
|
|
||||
|
When users change their passwords, they will be updated in the LDAP directory |
||||
|
too. |
||||
|
|
||||
|
Configuration |
||||
|
============= |
||||
|
|
||||
|
On the LDAP parameters of your company, check *Create ldap entry* in order to |
||||
|
activate this functionality. Be sure to configure a bind DN that has |
||||
|
appropriate permissions to create and modify entries. |
||||
|
|
||||
|
Fill in the object classes newly created entries should contain, separated by |
||||
|
colons. Those classes will determine which mappings from Odoo fields to LDAP |
||||
|
attributes you need. This is highly dependent on your LDAP setup. |
||||
|
|
||||
|
For a standard slapd setup, you might want to use object classes |
||||
|
`inetOrgPerson,shadowAccount` and the following mapping: |
||||
|
|
||||
|
========== ============== == |
||||
|
Odoo field LDAP attribute DN |
||||
|
========== ============== == |
||||
|
Login userid X |
||||
|
Name cn |
||||
|
Name sn |
||||
|
========== ============== == |
||||
|
|
||||
|
Matching is done by the new field *ldap_entry_dn*, so after installing this |
||||
|
module, you'll probably want to set this field. The module will write it when |
||||
|
a user logs in via Odoo. |
||||
|
|
||||
|
Usage |
||||
|
===== |
||||
|
|
||||
|
When you create or update users, their corresponding LDAP entries will be |
||||
|
updated too. |
||||
|
|
||||
|
When creating users, there's a checkbox 'LDAP user' which allows you to push |
||||
|
the new user to your LDAP directory. This of course only works if you have |
||||
|
field mappings for all mandatory fields in your schema. |
||||
|
|
||||
|
.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas |
||||
|
:alt: Try me on Runbot |
||||
|
:target: https://runbot.odoo-community.org/runbot/149/8.0 |
||||
|
|
||||
|
Bug Tracker |
||||
|
=========== |
||||
|
|
||||
|
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_. |
||||
|
In case of trouble, please check there if your issue has already been reported. |
||||
|
If you spotted it first, help us smashing it by providing a detailed and welcomed feedback |
||||
|
`here <https://github.com/OCA/server-tools/issues/new?body=module:%20users_ldap_push%0Aversion:%208.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. |
||||
|
|
||||
|
Credits |
||||
|
======= |
||||
|
|
||||
|
Contributors |
||||
|
------------ |
||||
|
|
||||
|
* Holger Brunn <hbrunn@therp.nl> |
||||
|
|
||||
|
Maintainer |
||||
|
---------- |
||||
|
|
||||
|
.. image:: https://odoo-community.org/logo.png |
||||
|
:alt: Odoo Community Association |
||||
|
:target: https://odoo-community.org |
||||
|
|
||||
|
This module is maintained by the OCA. |
||||
|
|
||||
|
OCA, or the Odoo Community Association, is a nonprofit organization whose |
||||
|
mission is to support the collaborative development of Odoo features and |
||||
|
promote its widespread use. |
||||
|
|
||||
|
To contribute to this module, please visit http://odoo-community.org. |
@ -0,0 +1,21 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV <http://therp.nl>. |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
from . import models |
||||
|
from . import wizards |
@ -0,0 +1,44 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV <http://therp.nl>. |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
{ |
||||
|
"name": "Push users to LDAP", |
||||
|
"version": "8.0.1.0.0", |
||||
|
"author": "Therp BV,Odoo Community Association (OCA)", |
||||
|
"license": "AGPL-3", |
||||
|
"category": "Authentication", |
||||
|
"summary": "Creates a ldap entry when you create a user in Odoo", |
||||
|
"depends": [ |
||||
|
'auth_ldap', |
||||
|
'mail', |
||||
|
], |
||||
|
"data": [ |
||||
|
"views/res_users.xml", |
||||
|
"views/res_company.xml", |
||||
|
'security/ir.model.access.csv', |
||||
|
], |
||||
|
"qweb": [ |
||||
|
], |
||||
|
"test": [ |
||||
|
], |
||||
|
"installable": True, |
||||
|
"external_dependencies": { |
||||
|
'python': ['ldap'], |
||||
|
}, |
||||
|
} |
@ -0,0 +1,23 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV <http://therp.nl>. |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
from . import res_company_ldap |
||||
|
from . import res_company_ldap_field_mapping |
||||
|
from . import res_users |
||||
|
from . import res_partner |
@ -0,0 +1,64 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV (<http://therp.nl>). |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
from openerp import _, models, fields, api, exceptions |
||||
|
|
||||
|
|
||||
|
class ResCompanyLdap(models.Model): |
||||
|
_inherit = 'res.company.ldap' |
||||
|
|
||||
|
@api.model |
||||
|
def _create_ldap_entry_field_mappings_default(self): |
||||
|
return [ |
||||
|
(0, 0, { |
||||
|
'field_id': |
||||
|
self.env.ref('base.field_res_users_login').id, |
||||
|
'attribute': 'userid', |
||||
|
'use_for_dn': True, |
||||
|
}), |
||||
|
] |
||||
|
|
||||
|
create_ldap_entry = fields.Boolean('Create ldap entry', default=True) |
||||
|
create_ldap_entry_base = fields.Char( |
||||
|
'Create ldap entry in subtree', |
||||
|
help='Leave empty to use your LDAP base') |
||||
|
create_ldap_entry_objectclass = fields.Char( |
||||
|
'Object class', default='account', |
||||
|
help='Separate object classes by comma if you need more than one') |
||||
|
create_ldap_entry_field_mappings = fields.One2many( |
||||
|
'res.company.ldap.field_mapping', 'ldap_id', string='Field mappings', |
||||
|
default=_create_ldap_entry_field_mappings_default) |
||||
|
|
||||
|
@api.model |
||||
|
def get_or_create_user(self, conf, login, ldap_entry): |
||||
|
user_id = super(ResCompanyLdap, self).get_or_create_user( |
||||
|
conf, login, ldap_entry) |
||||
|
if user_id: |
||||
|
self.env['res.users'].browse(user_id).write({ |
||||
|
'ldap_entry_dn': ldap_entry[0], |
||||
|
}) |
||||
|
return user_id |
||||
|
|
||||
|
@api.constrains('create_ldap_entry_field_mappings') |
||||
|
def _constrain_create_ldap_entry_field_mappings(self): |
||||
|
for this in self: |
||||
|
if len(this.create_ldap_entry_field_mappings |
||||
|
.filtered('use_for_dn')) != 1: |
||||
|
raise exceptions.ValidationError( |
||||
|
_('You need to set exactly one mapping as DN')) |
@ -0,0 +1,40 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV (<http://therp.nl>). |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
from openerp import models, fields, api |
||||
|
|
||||
|
|
||||
|
class ResCompanyLdapFieldMapping(models.Model): |
||||
|
_name = 'res.company.ldap.field_mapping' |
||||
|
_description = 'Mapping from Odoo fields to ldap attributes' |
||||
|
|
||||
|
field_id = fields.Many2one( |
||||
|
'ir.model.fields', string='Odoo field', required=True, |
||||
|
domain=lambda self: self._field_id_domain()) |
||||
|
attribute = fields.Char('LDAP attribute', required=True) |
||||
|
use_for_dn = fields.Boolean('DN') |
||||
|
ldap_id = fields.Many2one( |
||||
|
'res.company.ldap', string='LDAP configuration', required=True) |
||||
|
|
||||
|
@api.model |
||||
|
def _field_id_domain(self): |
||||
|
return [ |
||||
|
('model_id', '=', self.env.ref('base.model_res_users').id), |
||||
|
('ttype', 'in', ['selection', 'char', 'text', 'integer', 'float']), |
||||
|
] |
@ -0,0 +1,31 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV (<http://therp.nl>). |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
from openerp import models, api |
||||
|
|
||||
|
|
||||
|
class ResPartner(models.Model): |
||||
|
_inherit = 'res.partner' |
||||
|
|
||||
|
@api.multi |
||||
|
def write(self, vals): |
||||
|
result = super(ResPartner, self).write(vals) |
||||
|
self.filtered('user_ids.is_ldap_user').mapped('user_ids')\ |
||||
|
.push_to_ldap(vals) |
||||
|
return result |
@ -0,0 +1,175 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV (<http://therp.nl>). |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
import ldap |
||||
|
import ldap.modlist |
||||
|
import logging |
||||
|
from openerp import _, models, fields, api, exceptions |
||||
|
_logger = logging.getLogger(__name__) |
||||
|
|
||||
|
|
||||
|
class ResUsers(models.Model): |
||||
|
_inherit = 'res.users' |
||||
|
|
||||
|
ldap_entry_dn = fields.Char('LDAP DN', readonly=True) |
||||
|
is_ldap_user = fields.Boolean( |
||||
|
'LDAP user', compute='_compute_is_ldap_user', default=True) |
||||
|
|
||||
|
@api.model |
||||
|
@api.returns('self', lambda record: record.id) |
||||
|
def create(self, values): |
||||
|
result = super(ResUsers, self).create(values) |
||||
|
result.push_to_ldap(values) |
||||
|
return result |
||||
|
|
||||
|
@api.multi |
||||
|
def write(self, values): |
||||
|
result = super(ResUsers, self).write(values) |
||||
|
self.push_to_ldap(values) |
||||
|
return result |
||||
|
|
||||
|
@api.multi |
||||
|
def _push_to_ldap_possible(self, values): |
||||
|
return bool(self._get_ldap_configuration()) |
||||
|
|
||||
|
@api.multi |
||||
|
def _get_ldap_configuration(self): |
||||
|
self.ensure_one() |
||||
|
return self.sudo().company_id.ldaps.filtered('create_ldap_entry')[:1] |
||||
|
|
||||
|
@api.multi |
||||
|
def _get_ldap_values(self, values): |
||||
|
self.ensure_one() |
||||
|
conf = self._get_ldap_configuration() |
||||
|
result = {} |
||||
|
for mapping in conf.create_ldap_entry_field_mappings: |
||||
|
field_name = mapping.field_id.name |
||||
|
if field_name not in values or not values[field_name]: |
||||
|
continue |
||||
|
result[mapping.attribute] = [str(values[field_name])] |
||||
|
if result: |
||||
|
result['objectClass'] = conf.create_ldap_entry_objectclass\ |
||||
|
.encode('utf-8').split(',') |
||||
|
return result |
||||
|
|
||||
|
@api.multi |
||||
|
def _get_ldap_dn(self, values): |
||||
|
self.ensure_one() |
||||
|
conf = self._get_ldap_configuration() |
||||
|
dn = conf.create_ldap_entry_field_mappings.filtered('use_for_dn') |
||||
|
assert dn, 'No DN attribute mapping given!' |
||||
|
assert self[dn.field_id.name], 'DN attribute empty!' |
||||
|
return '%s=%s,%s' % ( |
||||
|
dn.attribute, |
||||
|
ldap.dn.escape_dn_chars(self[dn.field_id.name].encode('utf-8')), |
||||
|
conf.create_ldap_entry_base or conf.ldap_base) |
||||
|
|
||||
|
@api.multi |
||||
|
def push_to_ldap(self, values): |
||||
|
for this in self: |
||||
|
if not values.get('is_ldap_user') and not this.is_ldap_user: |
||||
|
continue |
||||
|
if not this._push_to_ldap_possible(values): |
||||
|
continue |
||||
|
ldap_values = this._get_ldap_values(values) |
||||
|
if not ldap_values: |
||||
|
continue |
||||
|
ldap_configuration = this._get_ldap_configuration() |
||||
|
ldap_connection = ldap_configuration.connect( |
||||
|
ldap_configuration.read()[0]) |
||||
|
ldap_connection.simple_bind_s( |
||||
|
(ldap_configuration.ldap_binddn or '').encode('utf-8'), |
||||
|
(ldap_configuration.ldap_password or '').encode('utf-8')) |
||||
|
|
||||
|
try: |
||||
|
if not this.ldap_entry_dn: |
||||
|
this._push_to_ldap_create( |
||||
|
ldap_connection, ldap_configuration, values, |
||||
|
ldap_values) |
||||
|
if this.ldap_entry_dn: |
||||
|
this._push_to_ldap_write( |
||||
|
ldap_connection, ldap_configuration, values, |
||||
|
ldap_values) |
||||
|
except ldap.LDAPError as e: |
||||
|
_logger.exception(e) |
||||
|
raise exceptions.Warning(_('Error'), e.message) |
||||
|
finally: |
||||
|
ldap_connection.unbind_s() |
||||
|
|
||||
|
@api.multi |
||||
|
def _push_to_ldap_create(self, ldap_connection, ldap_configuration, values, |
||||
|
ldap_values): |
||||
|
self.ensure_one() |
||||
|
dn = self._get_ldap_dn(values) |
||||
|
ldap_connection.add_s( |
||||
|
dn, |
||||
|
ldap.modlist.addModlist(ldap_values)) |
||||
|
self.write({'ldap_entry_dn': dn}) |
||||
|
|
||||
|
@api.multi |
||||
|
def _push_to_ldap_write(self, ldap_connection, ldap_configuration, values, |
||||
|
ldap_values): |
||||
|
self.ensure_one() |
||||
|
dn = self.ldap_entry_dn.encode('utf-8') |
||||
|
dn_mapping = ldap_configuration.create_ldap_entry_field_mappings\ |
||||
|
.filtered('use_for_dn') |
||||
|
if dn_mapping.attribute in ldap_values: |
||||
|
ldap_values.pop(dn_mapping.attribute) |
||||
|
ldap_entry = ldap_connection.search_s( |
||||
|
dn, ldap.SCOPE_BASE, '(objectClass=*)', |
||||
|
map(lambda x: x.encode('utf-8'), ldap_values.keys())) |
||||
|
assert ldap_entry, '%s not found!' % self.ldap_entry_dn |
||||
|
ldap_entry = ldap_entry[0][1] |
||||
|
ldap_connection.modify_s( |
||||
|
dn, |
||||
|
ldap.modlist.modifyModlist(ldap_entry, ldap_values)) |
||||
|
|
||||
|
@api.one |
||||
|
@api.depends('ldap_entry_dn') |
||||
|
def _compute_is_ldap_user(self): |
||||
|
self.is_ldap_user = bool(self.ldap_entry_dn) |
||||
|
|
||||
|
@api.one |
||||
|
def _change_ldap_password(self, new_passwd, auth_dn=None, |
||||
|
auth_passwd=None): |
||||
|
ldap_configuration = self.env.user.sudo()._get_ldap_configuration() |
||||
|
ldap_connection = ldap_configuration.connect( |
||||
|
ldap_configuration.read()[0]) |
||||
|
dn = auth_dn or ldap_configuration.ldap_binddn |
||||
|
old_passwd = auth_passwd or ldap_configuration.ldap_password |
||||
|
ldap_connection.simple_bind_s( |
||||
|
dn.encode('utf-8'), old_passwd.encode('utf-8')) |
||||
|
self.env['ir.model.access'].check('res.users', 'write') |
||||
|
self.env.user.check_access_rule('write') |
||||
|
try: |
||||
|
ldap_connection.passwd_s( |
||||
|
self.ldap_entry_dn, None, new_passwd.encode('utf-8')) |
||||
|
except ldap.LDAPError, e: |
||||
|
raise exceptions.Warning(_('Error'), e.message) |
||||
|
finally: |
||||
|
ldap_connection.unbind_s() |
||||
|
return True |
||||
|
|
||||
|
@api.model |
||||
|
def change_password(self, old_passwd, new_passwd): |
||||
|
if self.env.user.is_ldap_user: |
||||
|
return self.env.user._change_ldap_password( |
||||
|
new_passwd, auth_dn=self.env.user.ldap_entry_dn, |
||||
|
auth_passwd=old_passwd) |
||||
|
return super(ResUsers, self).change_password(old_passwd, new_passwd) |
@ -0,0 +1,3 @@ |
|||||
|
"id","name","model_id:id","group_id:id","perm_read","perm_write","perm_create","perm_unlink" |
||||
|
read_field_mappings,Read field mappings,model_res_company_ldap_field_mapping,,1,0,0,0 |
||||
|
crud_field_mappings,CRUD field mappings,model_res_company_ldap_field_mapping,base.group_system,1,1,1,1 |
After Width: 128 | Height: 128 | Size: 9.2 KiB |
@ -0,0 +1,20 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV <http://therp.nl>. |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
from . import test_users_ldap_push |
@ -0,0 +1,104 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV <http://therp.nl>. |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
import ldap |
||||
|
from openerp.tests.common import TransactionCase |
||||
|
|
||||
|
|
||||
|
class FakeLdapConnection(object): |
||||
|
def __init__(self): |
||||
|
self.entries = {} |
||||
|
|
||||
|
def simple_bind_s(self, dn, passwd): |
||||
|
pass |
||||
|
|
||||
|
def add_s(self, dn, modlist): |
||||
|
self.entries[dn] = modlist |
||||
|
|
||||
|
def search_s(self, dn, scope, ldap_filter, attributes): |
||||
|
if dn in self.entries: |
||||
|
return [(dn, dict(self.entries[dn]))] |
||||
|
return None |
||||
|
|
||||
|
def modify_s(self, dn, modlist): |
||||
|
if dn not in self.entries: |
||||
|
raise ldap.NO_SUCH_OBJECT() |
||||
|
for operation, attribute, value in modlist: |
||||
|
if operation == ldap.MOD_ADD: |
||||
|
self.entries[dn].append((attribute, value)) |
||||
|
continue |
||||
|
|
||||
|
def unbind_s(self): |
||||
|
pass |
||||
|
|
||||
|
|
||||
|
class TestUsersLdapPush(TransactionCase): |
||||
|
def test_users_ldap_push(self): |
||||
|
company = self.env['res.company'].create({ |
||||
|
'name': 'testcompany', |
||||
|
'ldaps': [(0, 0, { |
||||
|
'ldap_base': 'dc=test', |
||||
|
'ldap_filter': '(uid=%s)', |
||||
|
'create_ldap_entry_field_mappings': [ |
||||
|
( |
||||
|
0, 0, { |
||||
|
'field_id': |
||||
|
self.env.ref('base.field_res_users_login').id, |
||||
|
'attribute': 'userid', |
||||
|
'use_for_dn': True, |
||||
|
}, |
||||
|
), |
||||
|
( |
||||
|
0, 0, { |
||||
|
'field_id': |
||||
|
self.env.ref('base.field_res_users_name').id, |
||||
|
'attribute': 'sn', |
||||
|
}, |
||||
|
), |
||||
|
], |
||||
|
})], |
||||
|
}) |
||||
|
fake_ldap = FakeLdapConnection() |
||||
|
self.env['res.company.ldap']._patch_method( |
||||
|
'connect', lambda x, y: fake_ldap) |
||||
|
user = self.env['res.users'].create({ |
||||
|
'name': 'testuser', |
||||
|
'login': 'testuser', |
||||
|
'company_ids': [(6, 0, company.ids)], |
||||
|
'company_id': company.id, |
||||
|
'is_ldap_user': False, |
||||
|
}) |
||||
|
self.assertFalse(user.ldap_entry_dn) |
||||
|
user.unlink() |
||||
|
user = self.env['res.users'].create({ |
||||
|
'name': 'testuser', |
||||
|
'login': 'testuser', |
||||
|
'company_ids': [(6, 0, company.ids)], |
||||
|
'company_id': company.id, |
||||
|
'is_ldap_user': True, |
||||
|
}) |
||||
|
self.assertTrue(fake_ldap.entries[user.ldap_entry_dn]) |
||||
|
self.assertEqual( |
||||
|
dict(fake_ldap.entries[user.ldap_entry_dn])['userid'], |
||||
|
[user.login]) |
||||
|
user.partner_id.write({'name': 'testuser2'}) |
||||
|
self.assertTrue([ |
||||
|
v for a, v in fake_ldap.entries[user.ldap_entry_dn] |
||||
|
if v == ['testuser2'] |
||||
|
]) |
@ -0,0 +1,27 @@ |
|||||
|
<?xml version="1.0" encoding="UTF-8"?> |
||||
|
<openerp> |
||||
|
<data> |
||||
|
<record id="company_form_view" model="ir.ui.view"> |
||||
|
<field name="model">res.company</field> |
||||
|
<field name="inherit_id" ref="auth_ldap.company_form_view" /> |
||||
|
<field name="arch" type="xml"> |
||||
|
<xpath expr="//field[@name='ldaps']/form//field[@name='create_user']" position="after"> |
||||
|
<field name="create_ldap_entry" /> |
||||
|
</xpath> |
||||
|
<xpath expr="//field[@name='ldaps']/form/group" position="after"> |
||||
|
<group name="users_ldap_push" attrs="{'invisible': [('create_ldap_entry', '!=', True)]}"> |
||||
|
<field name="create_ldap_entry_base" /> |
||||
|
<field name="create_ldap_entry_objectclass" attrs="{'required': [('create_ldap_entry', '=', True)]}"/> |
||||
|
<field name="create_ldap_entry_field_mappings" attrs="{'required': [('create_ldap_entry', '=', True)]}"> |
||||
|
<tree editable="bottom"> |
||||
|
<field name="field_id" /> |
||||
|
<field name="attribute" /> |
||||
|
<field name="use_for_dn" /> |
||||
|
</tree> |
||||
|
</field> |
||||
|
</group> |
||||
|
</xpath> |
||||
|
</field> |
||||
|
</record> |
||||
|
</data> |
||||
|
</openerp> |
@ -0,0 +1,44 @@ |
|||||
|
<?xml version="1.0" encoding="UTF-8"?> |
||||
|
<openerp> |
||||
|
<data> |
||||
|
<record id="view_users_simple_form" model="ir.ui.view"> |
||||
|
<field name="model">res.users</field> |
||||
|
<field name="inherit_id" ref="base.view_users_simple_form" /> |
||||
|
<field name="arch" type="xml"> |
||||
|
<field name="email" position="after"> |
||||
|
<field name="is_ldap_user" invisible="1" readonly="0" /> |
||||
|
</field> |
||||
|
</field> |
||||
|
</record> |
||||
|
<record id="view_users_form" model="ir.ui.view"> |
||||
|
<field name="model">res.users</field> |
||||
|
<field name="inherit_id" ref="base.view_users_form" /> |
||||
|
<field name="arch" type="xml"> |
||||
|
<field name="active" position="after"> |
||||
|
<field name="is_ldap_user" attrs="{'readonly': [('id', '!=', False)], 'invisible': [('id', '!=', False)]}" /> |
||||
|
<field name="ldap_entry_dn" attrs="{'invisible': [('ldap_entry_dn', '=', False)]}" /> |
||||
|
</field> |
||||
|
</field> |
||||
|
</record> |
||||
|
<record id="view_users_form_technical" model="ir.ui.view"> |
||||
|
<field name="model">res.users</field> |
||||
|
<field name="inherit_id" ref="users_ldap_push.view_users_form" /> |
||||
|
<field name="groups_id" eval="[(4, ref('base.group_no_one'))]" /> |
||||
|
<field name="arch" type="xml"> |
||||
|
<field name="ldap_entry_dn" position="attributes"> |
||||
|
<attribute name="attrs" /> |
||||
|
<attribute name="readonly">0</attribute> |
||||
|
</field> |
||||
|
</field> |
||||
|
</record> |
||||
|
<record id="view_users_search" model="ir.ui.view"> |
||||
|
<field name="model">res.users</field> |
||||
|
<field name="inherit_id" ref="base.view_users_search" /> |
||||
|
<field name="arch" type="xml"> |
||||
|
<search position="inside"> |
||||
|
<filter name="is_ldap_user" string="LDAP users" domain="[('ldap_entry_dn', '!=', False)]" /> |
||||
|
</search> |
||||
|
</field> |
||||
|
</record> |
||||
|
</data> |
||||
|
</openerp> |
@ -0,0 +1,20 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV <http://therp.nl>. |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
from . import change_password_user |
@ -0,0 +1,32 @@ |
|||||
|
# -*- coding: utf-8 -*- |
||||
|
############################################################################## |
||||
|
# |
||||
|
# This module copyright (C) 2015 Therp BV (<http://therp.nl>). |
||||
|
# |
||||
|
# This program is free software: you can redistribute it and/or modify |
||||
|
# it under the terms of the GNU Affero General Public License as |
||||
|
# published by the Free Software Foundation, either version 3 of the |
||||
|
# License, or (at your option) any later version. |
||||
|
# |
||||
|
# This program is distributed in the hope that it will be useful, |
||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
|
# GNU Affero General Public License for more details. |
||||
|
# |
||||
|
# You should have received a copy of the GNU Affero General Public License |
||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
||||
|
# |
||||
|
############################################################################## |
||||
|
from openerp import models, api |
||||
|
|
||||
|
|
||||
|
class ChangePasswordUser(models.TransientModel): |
||||
|
_inherit = 'change.password.user' |
||||
|
|
||||
|
@api.multi |
||||
|
def change_password_button(self): |
||||
|
for user_line in self.filtered('user_id.is_ldap_user'): |
||||
|
user_line.user_id._change_ldap_password(user_line.new_passwd) |
||||
|
user_line.new_passwd = False |
||||
|
return super(ChangePasswordUser, self.filtered( |
||||
|
lambda x: not x.user_id.is_ldap_user)).change_password_button() |
Write
Preview
Loading…
Cancel
Save
Reference in new issue