Browse Source
some makeup and change the ldap operators from plain python objects to a transientmodel
pull/207/head
some makeup and change the ldap operators from plain python objects to a transientmodel
pull/207/head
Giacomo Spettoli
10 years ago
5 changed files with 103 additions and 92 deletions
-
64users_ldap_groups/README.rst
-
2users_ldap_groups/__init__.py
-
22users_ldap_groups/__openerp__.py
-
54users_ldap_groups/users_ldap_groups.py
-
53users_ldap_groups/users_ldap_groups_operators.py
@ -0,0 +1,64 @@ |
|||
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg |
|||
:alt: License: AGPL-3 |
|||
|
|||
users_ldap_groups |
|||
================= |
|||
|
|||
Adds user accounts to groups based on rules defined by the administrator. |
|||
|
|||
|
|||
Usage |
|||
===== |
|||
|
|||
Define mappings in Settings->Companies->[your company]->tab configuration->[ |
|||
your ldap server]. |
|||
|
|||
Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a |
|||
mix of manually set groups and ldap groups (Only ldap groups=n). Setting this |
|||
to 'no' will result in users never losing privileges when you remove them from |
|||
a ldap group, so that's a potential security issue. It is still the default to |
|||
prevent losing group information by accident. |
|||
|
|||
For active directory, use LDAP attribute 'memberOf' and operator 'contains'. |
|||
Fill in the DN of the windows group as value and choose an OpenERP group users |
|||
with this windows group are to be assigned to. |
|||
|
|||
For posix accounts, use operator 'query' and a value like |
|||
(&(cn=bzr)(objectClass=posixGroup)(memberUid=$uid)) |
|||
|
|||
The operator query matches if the filter in value returns something, and value |
|||
can contain $[attribute] which will be replaced by the first value of the |
|||
user's ldap record's attribute named [attribute]. |
|||
|
|||
Bug Tracker |
|||
=========== |
|||
|
|||
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_. |
|||
In case of trouble, please check there if your issue has already been reported. |
|||
If you spotted it first, help us smashing it by providing a detailed and welcomed feedback |
|||
`here <https://github.com/OCA/server-tools/issues/new?body=module:%20{module_name}%0Aversion:%20{version}%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. |
|||
|
|||
|
|||
Credits |
|||
======= |
|||
|
|||
Contributors |
|||
------------ |
|||
|
|||
* Therp BV <info@therp.nl> |
|||
* Giacomo Spettoli <giacomo.spettoli@gmail.com> |
|||
|
|||
Maintainer |
|||
---------- |
|||
|
|||
.. image:: https://odoo-community.org/logo.png |
|||
:alt: Odoo Community Association |
|||
:target: https://odoo-community.org |
|||
|
|||
This module is maintained by the OCA. |
|||
|
|||
OCA, or the Odoo Community Association, is a nonprofit organization whose |
|||
mission is to support the collaborative development of Odoo features and |
|||
promote its widespread use. |
|||
|
|||
To contribute to this module, please visit http://odoo-community.org. |
@ -1,53 +0,0 @@ |
|||
# -*- coding: utf-8 -*- |
|||
############################################################################## |
|||
# |
|||
# OpenERP, Open Source Management Solution |
|||
# This module copyright (C) 2012 Therp BV (<http://therp.nl>). |
|||
# |
|||
# This program is free software: you can redistribute it and/or modify |
|||
# it under the terms of the GNU Affero General Public License as |
|||
# published by the Free Software Foundation, either version 3 of the |
|||
# License, or (at your option) any later version. |
|||
# |
|||
# This program is distributed in the hope that it will be useful, |
|||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|||
# GNU Affero General Public License for more details. |
|||
# |
|||
# You should have received a copy of the GNU Affero General Public License |
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|||
# |
|||
############################################################################## |
|||
from string import Template |
|||
|
|||
|
|||
class LDAPOperator: |
|||
pass |
|||
|
|||
|
|||
class contains(LDAPOperator): |
|||
def check_value(self, ldap_entry, attribute, value, ldap_config, company, |
|||
logger): |
|||
return (attribute in ldap_entry[1]) and \ |
|||
(value in ldap_entry[1][attribute]) |
|||
|
|||
|
|||
class equals(LDAPOperator): |
|||
def check_value(self, ldap_entry, attribute, value, ldap_config, company, |
|||
logger): |
|||
return attribute in ldap_entry[1] and \ |
|||
unicode(value) == unicode(ldap_entry[1][attribute]) |
|||
|
|||
|
|||
class query(LDAPOperator): |
|||
def check_value(self, ldap_entry, attribute, value, ldap_config, company, |
|||
logger): |
|||
query_string = Template(value).safe_substitute(dict( |
|||
[(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]] |
|||
) |
|||
) |
|||
logger.debug('evaluating query group mapping, filter: %s' % |
|||
query_string) |
|||
results = company.query(ldap_config, query_string) |
|||
logger.debug(results) |
|||
return bool(results) |
Write
Preview
Loading…
Cancel
Save
Reference in new issue