Browse Source
some makeup and change the ldap operators from plain python objects to a transientmodel
pull/207/head
some makeup and change the ldap operators from plain python objects to a transientmodel
pull/207/head
Giacomo Spettoli
10 years ago
5 changed files with 103 additions and 92 deletions
-
64users_ldap_groups/README.rst
-
2users_ldap_groups/__init__.py
-
22users_ldap_groups/__openerp__.py
-
54users_ldap_groups/users_ldap_groups.py
-
53users_ldap_groups/users_ldap_groups_operators.py
@ -0,0 +1,64 @@ |
|||||
|
.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg |
||||
|
:alt: License: AGPL-3 |
||||
|
|
||||
|
users_ldap_groups |
||||
|
================= |
||||
|
|
||||
|
Adds user accounts to groups based on rules defined by the administrator. |
||||
|
|
||||
|
|
||||
|
Usage |
||||
|
===== |
||||
|
|
||||
|
Define mappings in Settings->Companies->[your company]->tab configuration->[ |
||||
|
your ldap server]. |
||||
|
|
||||
|
Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a |
||||
|
mix of manually set groups and ldap groups (Only ldap groups=n). Setting this |
||||
|
to 'no' will result in users never losing privileges when you remove them from |
||||
|
a ldap group, so that's a potential security issue. It is still the default to |
||||
|
prevent losing group information by accident. |
||||
|
|
||||
|
For active directory, use LDAP attribute 'memberOf' and operator 'contains'. |
||||
|
Fill in the DN of the windows group as value and choose an OpenERP group users |
||||
|
with this windows group are to be assigned to. |
||||
|
|
||||
|
For posix accounts, use operator 'query' and a value like |
||||
|
(&(cn=bzr)(objectClass=posixGroup)(memberUid=$uid)) |
||||
|
|
||||
|
The operator query matches if the filter in value returns something, and value |
||||
|
can contain $[attribute] which will be replaced by the first value of the |
||||
|
user's ldap record's attribute named [attribute]. |
||||
|
|
||||
|
Bug Tracker |
||||
|
=========== |
||||
|
|
||||
|
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_. |
||||
|
In case of trouble, please check there if your issue has already been reported. |
||||
|
If you spotted it first, help us smashing it by providing a detailed and welcomed feedback |
||||
|
`here <https://github.com/OCA/server-tools/issues/new?body=module:%20{module_name}%0Aversion:%20{version}%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. |
||||
|
|
||||
|
|
||||
|
Credits |
||||
|
======= |
||||
|
|
||||
|
Contributors |
||||
|
------------ |
||||
|
|
||||
|
* Therp BV <info@therp.nl> |
||||
|
* Giacomo Spettoli <giacomo.spettoli@gmail.com> |
||||
|
|
||||
|
Maintainer |
||||
|
---------- |
||||
|
|
||||
|
.. image:: https://odoo-community.org/logo.png |
||||
|
:alt: Odoo Community Association |
||||
|
:target: https://odoo-community.org |
||||
|
|
||||
|
This module is maintained by the OCA. |
||||
|
|
||||
|
OCA, or the Odoo Community Association, is a nonprofit organization whose |
||||
|
mission is to support the collaborative development of Odoo features and |
||||
|
promote its widespread use. |
||||
|
|
||||
|
To contribute to this module, please visit http://odoo-community.org. |
@ -1,53 +0,0 @@ |
|||||
# -*- coding: utf-8 -*- |
|
||||
############################################################################## |
|
||||
# |
|
||||
# OpenERP, Open Source Management Solution |
|
||||
# This module copyright (C) 2012 Therp BV (<http://therp.nl>). |
|
||||
# |
|
||||
# This program is free software: you can redistribute it and/or modify |
|
||||
# it under the terms of the GNU Affero General Public License as |
|
||||
# published by the Free Software Foundation, either version 3 of the |
|
||||
# License, or (at your option) any later version. |
|
||||
# |
|
||||
# This program is distributed in the hope that it will be useful, |
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
||||
# GNU Affero General Public License for more details. |
|
||||
# |
|
||||
# You should have received a copy of the GNU Affero General Public License |
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
||||
# |
|
||||
############################################################################## |
|
||||
from string import Template |
|
||||
|
|
||||
|
|
||||
class LDAPOperator: |
|
||||
pass |
|
||||
|
|
||||
|
|
||||
class contains(LDAPOperator): |
|
||||
def check_value(self, ldap_entry, attribute, value, ldap_config, company, |
|
||||
logger): |
|
||||
return (attribute in ldap_entry[1]) and \ |
|
||||
(value in ldap_entry[1][attribute]) |
|
||||
|
|
||||
|
|
||||
class equals(LDAPOperator): |
|
||||
def check_value(self, ldap_entry, attribute, value, ldap_config, company, |
|
||||
logger): |
|
||||
return attribute in ldap_entry[1] and \ |
|
||||
unicode(value) == unicode(ldap_entry[1][attribute]) |
|
||||
|
|
||||
|
|
||||
class query(LDAPOperator): |
|
||||
def check_value(self, ldap_entry, attribute, value, ldap_config, company, |
|
||||
logger): |
|
||||
query_string = Template(value).safe_substitute(dict( |
|
||||
[(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]] |
|
||||
) |
|
||||
) |
|
||||
logger.debug('evaluating query group mapping, filter: %s' % |
|
||||
query_string) |
|
||||
results = company.query(ldap_config, query_string) |
|
||||
logger.debug(results) |
|
||||
return bool(results) |
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue