|
|
@ -9,7 +9,7 @@ from openerp.exceptions import UserError |
|
|
import logging |
|
|
import logging |
|
|
import ldap |
|
|
import ldap |
|
|
|
|
|
|
|
|
_logger = logging.getLogger(__name__) |
|
|
|
|
|
|
|
|
_logger = logging.getLogger('orm.ldap') |
|
|
|
|
|
|
|
|
try: |
|
|
try: |
|
|
from ldap.filter import filter_format |
|
|
from ldap.filter import filter_format |
|
|
@ -45,16 +45,13 @@ class CompanyLDAP(models.Model): |
|
|
|
|
|
|
|
|
Return the number of users created (as far as we can tell). |
|
|
Return the number of users created (as far as we can tell). |
|
|
""" |
|
|
""" |
|
|
logger = logging.getLogger('orm.ldap') |
|
|
|
|
|
logger.debug( |
|
|
|
|
|
|
|
|
_logger.debug( |
|
|
"action_populate called on res.company.ldap ids %s", self.ids) |
|
|
"action_populate called on res.company.ldap ids %s", self.ids) |
|
|
|
|
|
|
|
|
users_model = self.env['res.users'] |
|
|
users_model = self.env['res.users'] |
|
|
users_count_before = users_model.search_count([]) |
|
|
users_count_before = users_model.search_count([]) |
|
|
|
|
|
|
|
|
deactivate_unknown, known_user_ids = self._check_users() |
|
|
deactivate_unknown, known_user_ids = self._check_users() |
|
|
if deactivate_unknown: |
|
|
if deactivate_unknown: |
|
|
logger.debug("will deactivate unknown users") |
|
|
|
|
|
|
|
|
_logger.debug("will deactivate unknown users") |
|
|
for conf in self.get_ldap_dicts(): |
|
|
for conf in self.get_ldap_dicts(): |
|
|
if not conf['create_user']: |
|
|
if not conf['create_user']: |
|
|
continue |
|
|
continue |
|
|
@ -81,18 +78,19 @@ class CompanyLDAP(models.Model): |
|
|
"WHERE lower(login)=%s", |
|
|
"WHERE lower(login)=%s", |
|
|
(login,)) |
|
|
(login,)) |
|
|
res = self.env.cr.fetchone() |
|
|
res = self.env.cr.fetchone() |
|
|
|
|
|
_logger.debug('unarchiving user %s', login) |
|
|
if res: |
|
|
if res: |
|
|
self.env['res.users'].sudo().browse( |
|
|
self.env['res.users'].sudo().browse( |
|
|
res[0] |
|
|
res[0] |
|
|
).write( |
|
|
).write( |
|
|
{'active': True} |
|
|
{'active': True} |
|
|
) |
|
|
) |
|
|
|
|
|
user_id = res[0] |
|
|
else: |
|
|
else: |
|
|
raise UserError( |
|
|
raise UserError( |
|
|
_('Unable to process user with login %s' % login) |
|
|
_('Unable to process user with login %s' % login) |
|
|
) |
|
|
) |
|
|
known_user_ids.append(user_id) |
|
|
known_user_ids.append(user_id) |
|
|
|
|
|
|
|
|
users_created = users_model.search_count([]) - users_count_before |
|
|
users_created = users_model.search_count([]) - users_count_before |
|
|
|
|
|
|
|
|
deactivated_users_count = 0 |
|
|
deactivated_users_count = 0 |
|
|
@ -100,14 +98,16 @@ class CompanyLDAP(models.Model): |
|
|
deactivated_users_count = \ |
|
|
deactivated_users_count = \ |
|
|
self.do_deactivate_unknown_users(known_user_ids) |
|
|
self.do_deactivate_unknown_users(known_user_ids) |
|
|
|
|
|
|
|
|
logger.debug("%d users created", users_created) |
|
|
|
|
|
logger.debug("%d users deactivated", deactivated_users_count) |
|
|
|
|
|
|
|
|
_logger.debug("%d users created", users_created) |
|
|
|
|
|
_logger.debug("%d users deactivated", deactivated_users_count) |
|
|
return users_created, deactivated_users_count |
|
|
return users_created, deactivated_users_count |
|
|
|
|
|
|
|
|
def _check_users(self): |
|
|
def _check_users(self): |
|
|
|
|
|
ldap_config = self.search([]) |
|
|
deactivate_unknown = None |
|
|
deactivate_unknown = None |
|
|
known_user_ids = [self.env.user.id] |
|
|
known_user_ids = [self.env.user.id] |
|
|
for item in self.read(['no_deactivate_user_ids', |
|
|
|
|
|
|
|
|
for item in ldap_config.read( |
|
|
|
|
|
['no_deactivate_user_ids', |
|
|
'deactivate_unknown_users'], |
|
|
'deactivate_unknown_users'], |
|
|
load='_classic_write'): |
|
|
load='_classic_write'): |
|
|
if deactivate_unknown is None: |
|
|
if deactivate_unknown is None: |
|
|
@ -116,7 +116,7 @@ class CompanyLDAP(models.Model): |
|
|
deactivate_unknown &= item['deactivate_unknown_users'] |
|
|
deactivate_unknown &= item['deactivate_unknown_users'] |
|
|
return deactivate_unknown, known_user_ids |
|
|
return deactivate_unknown, known_user_ids |
|
|
|
|
|
|
|
|
def get_ldap_entry_dicts(self, conf, user_name='*'): |
|
|
|
|
|
|
|
|
def get_ldap_entry_dicts(self, conf, user_name='*', timeout=60): |
|
|
"""Execute ldap query as defined in conf. |
|
|
"""Execute ldap query as defined in conf. |
|
|
|
|
|
|
|
|
Don't call self.query because it supresses possible exceptions |
|
|
Don't call self.query because it supresses possible exceptions |
|
|
@ -127,21 +127,29 @@ class CompanyLDAP(models.Model): |
|
|
conf['ldap_password'] or '') |
|
|
conf['ldap_password'] or '') |
|
|
results = conn.search_st(conf['ldap_base'], ldap.SCOPE_SUBTREE, |
|
|
results = conn.search_st(conf['ldap_base'], ldap.SCOPE_SUBTREE, |
|
|
ldap_filter.encode('utf8'), None, |
|
|
ldap_filter.encode('utf8'), None, |
|
|
timeout=60) |
|
|
|
|
|
|
|
|
timeout=timeout) |
|
|
conn.unbind() |
|
|
conn.unbind() |
|
|
return results |
|
|
return results |
|
|
|
|
|
|
|
|
def do_deactivate_unknown_users(self, known_user_ids): |
|
|
def do_deactivate_unknown_users(self, known_user_ids): |
|
|
"""Deactivate users not found in last populate run.""" |
|
|
"""Deactivate users not found in last populate run.""" |
|
|
unknown_user_ids = [] |
|
|
unknown_user_ids = [] |
|
|
users = self.env['res.users'].search( |
|
|
|
|
|
[('id', 'not in', known_user_ids)]) |
|
|
|
|
|
|
|
|
known_user_ids = list(set(known_user_ids)) |
|
|
|
|
|
users = self.env['res.users'].sudo().search( |
|
|
|
|
|
[('id', 'not in', known_user_ids)], order='login') |
|
|
|
|
|
ldap_confs = self.get_ldap_dicts() |
|
|
for unknown_user in users: |
|
|
for unknown_user in users: |
|
|
present_in_ldap = False |
|
|
|
|
|
for conf in self.get_ldap_dicts(): |
|
|
|
|
|
present_in_ldap |= bool(self.get_ldap_entry_dicts( |
|
|
|
|
|
conf, user_name=unknown_user.login)) |
|
|
|
|
|
|
|
|
_logger.debug('checking user %s', unknown_user.login) |
|
|
|
|
|
present_in_ldap = any( |
|
|
|
|
|
bool( |
|
|
|
|
|
self.get_ldap_entry_dicts( |
|
|
|
|
|
conf, |
|
|
|
|
|
user_name=unknown_user.login, |
|
|
|
|
|
)) |
|
|
|
|
|
for conf in ldap_confs |
|
|
|
|
|
) |
|
|
if not present_in_ldap: |
|
|
if not present_in_ldap: |
|
|
|
|
|
_logger.debug('archiving user %s', unknown_user.login) |
|
|
unknown_user.active = False |
|
|
unknown_user.active = False |
|
|
unknown_user_ids.append(unknown_user.id) |
|
|
unknown_user_ids.append(unknown_user.id) |
|
|
return len(unknown_user_ids) |
|
|
return len(unknown_user_ids) |
|
|
|
Guewen Baconnier
6 years ago
GitHub