From a509c71228f1ce7c305ffacfef598e246fd81aa2 Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 11:43:51 +0200
Subject: [PATCH 01/14] start moving the users_ldap_groups outside the
 __unported__ folder

---
 {__unported__/users_ldap_groups => users_ldap_groups}/__init__.py | 0
 .../users_ldap_groups => users_ldap_groups}/__openerp__.py        | 0
 .../i18n/users_ldap_groups.pot                                    | 0
 .../security/ir.model.access.csv                                  | 0
 .../users_ldap_groups => users_ldap_groups}/users_ldap_groups.py  | 0
 .../users_ldap_groups => users_ldap_groups}/users_ldap_groups.xml | 0
 .../users_ldap_groups_operators.py                                | 0
 7 files changed, 0 insertions(+), 0 deletions(-)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/__init__.py (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/__openerp__.py (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/i18n/users_ldap_groups.pot (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/security/ir.model.access.csv (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/users_ldap_groups.py (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/users_ldap_groups.xml (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/users_ldap_groups_operators.py (100%)

diff --git a/__unported__/users_ldap_groups/__init__.py b/users_ldap_groups/__init__.py
similarity index 100%
rename from __unported__/users_ldap_groups/__init__.py
rename to users_ldap_groups/__init__.py
diff --git a/__unported__/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
similarity index 100%
rename from __unported__/users_ldap_groups/__openerp__.py
rename to users_ldap_groups/__openerp__.py
diff --git a/__unported__/users_ldap_groups/i18n/users_ldap_groups.pot b/users_ldap_groups/i18n/users_ldap_groups.pot
similarity index 100%
rename from __unported__/users_ldap_groups/i18n/users_ldap_groups.pot
rename to users_ldap_groups/i18n/users_ldap_groups.pot
diff --git a/__unported__/users_ldap_groups/security/ir.model.access.csv b/users_ldap_groups/security/ir.model.access.csv
similarity index 100%
rename from __unported__/users_ldap_groups/security/ir.model.access.csv
rename to users_ldap_groups/security/ir.model.access.csv
diff --git a/__unported__/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
similarity index 100%
rename from __unported__/users_ldap_groups/users_ldap_groups.py
rename to users_ldap_groups/users_ldap_groups.py
diff --git a/__unported__/users_ldap_groups/users_ldap_groups.xml b/users_ldap_groups/users_ldap_groups.xml
similarity index 100%
rename from __unported__/users_ldap_groups/users_ldap_groups.xml
rename to users_ldap_groups/users_ldap_groups.xml
diff --git a/__unported__/users_ldap_groups/users_ldap_groups_operators.py b/users_ldap_groups/users_ldap_groups_operators.py
similarity index 100%
rename from __unported__/users_ldap_groups/users_ldap_groups_operators.py
rename to users_ldap_groups/users_ldap_groups_operators.py

From b1b6d965a25d9df7f986b9aa557c55dc5a317661 Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 13:41:38 +0200
Subject: [PATCH 02/14] porting to v8

---
 users_ldap_groups/__init__.py                 |  2 +-
 users_ldap_groups/__openerp__.py              | 10 +--
 users_ldap_groups/users_ldap_groups.py        | 80 ++++++++++---------
 .../users_ldap_groups_operators.py            | 18 +++--
 4 files changed, 59 insertions(+), 51 deletions(-)

diff --git a/users_ldap_groups/__init__.py b/users_ldap_groups/__init__.py
index d359182a2..4db4e4cb2 100644
--- a/users_ldap_groups/__init__.py
+++ b/users_ldap_groups/__init__.py
@@ -19,4 +19,4 @@
 #
 ##############################################################################
 
-import users_ldap_groups
+import users_ldap_groups  # noqa
diff --git a/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
index 190917a88..9b63fec86 100644
--- a/users_ldap_groups/__openerp__.py
+++ b/users_ldap_groups/__openerp__.py
@@ -30,13 +30,13 @@ Adds user accounts to groups based on rules defined by the administrator.
 
 Usage:
 
-Define mappings in Settings->Companies->[your company]->tab configuration->[your
-ldap server].
+Define mappings in Settings->Companies->[your company]->tab configuration->[
+your ldap server].
 
 Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
-mix of manually set groups and ldap groups (Only ldap groups=n). Setting this to
-'no' will result in users never losing privileges when you remove them from a
-ldap group, so that's a potential security issue. It is still the default to
+mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
+to 'no' will result in users never losing privileges when you remove them from
+a ldap group, so that's a potential security issue. It is still the default to
 prevent losing group information by accident.
 
 For active directory, use LDAP attribute 'memberOf' and operator 'contains'.
diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index bca79a05a..5dcdaed31 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -19,18 +19,20 @@
 #
 ##############################################################################
 
-from openerp.osv import fields, orm
+from openerp import models
+from openerp import fields
+from openerp import api
 import logging
 import users_ldap_groups_operators
 import inspect
 
 
-class CompanyLDAPGroupMapping(orm.Model):
+class CompanyLDAPGroupMapping(models.Model):
     _name = 'res.company.ldap.group_mapping'
     _rec_name = 'ldap_attribute'
     _order = 'ldap_attribute'
 
-    def _get_operators(self, cr, uid, context=None):
+    def _get_operators(self):
         operators = []
         members = inspect.getmembers(
             users_ldap_groups_operators,
@@ -41,49 +43,47 @@ class CompanyLDAPGroupMapping(orm.Model):
             operators.append((name, name))
         return tuple(operators)
 
-    _columns = {
-        'ldap_id': fields.many2one('res.company.ldap', 'LDAP server', required=True),
-        'ldap_attribute': fields.char(
-            'LDAP attribute', size=64,
-            help='The LDAP attribute to check.\n'
-                 'For active directory, use memberOf.'),
-        'operator': fields.selection(
-            _get_operators, 'Operator',
-            help='The operator to check the attribute against the value\n'
-            'For active directory, use \'contains\'', required=True),
-        'value': fields.char(
-            'Value', size=1024,
-            help='The value to check the attribute against.\n'
-            'For active directory, use the dn of the desired group',
-            required=True),
-        'group': fields.many2one(
-            'res.groups', 'OpenERP group',
-            help='The OpenERP group to assign', required=True),
-        }
+    ldap_id = fields.Many2one('res.company.ldap', 'LDAP server', required=True)
+    ldap_attribute = fields.Char(
+        'LDAP attribute', size=64,
+        help='The LDAP attribute to check.\n'
+             'For active directory, use memberOf.')
+    operator = fields.Selection(
+        _get_operators, 'Operator',
+        help='The operator to check the attribute against the value\n'
+        'For active directory, use \'contains\'', required=True)
+    value = fields.Char(
+        'Value', size=1024,
+        help='The value to check the attribute against.\n'
+        'For active directory, use the dn of the desired group',
+        required=True)
+    group = fields.Many2one(
+        'res.groups', 'OpenERP group',
+        help='The OpenERP group to assign', required=True)
 
 
-class CompanyLDAP(orm.Model):
+class CompanyLDAP(models.Model):
     _inherit = 'res.company.ldap'
 
-    _columns = {
-        'group_mappings': fields.one2many(
-            'res.company.ldap.group_mapping',
-            'ldap_id', 'Group mappings',
-            help='Define how OpenERP groups are assigned to ldap users'),
-        'only_ldap_groups': fields.boolean(
-            'Only ldap groups',
-            help='If this is checked, manual changes to group membership are '
-                 'undone on every login (so OpenERP groups are always synchronous '
-                 'with LDAP groups). If not, manually added groups are preserved.')
-    }
+    group_mappings = fields.One2many(
+        'res.company.ldap.group_mapping',
+        'ldap_id', 'Group mappings',
+        help='Define how OpenERP groups are assigned to ldap users')
+    only_ldap_groups = fields.Boolean(
+        'Only ldap groups',
+        help='If this is checked, manual changes to group membership are '
+             'undone on every login (so OpenERP groups are always synchronous '
+             'with LDAP groups). If not, manually added groups are preserved.')
 
     _default = {
         'only_ldap_groups': False,
     }
 
-    def get_or_create_user(self, cr, uid, conf, login, ldap_entry, context=None):
-        user_id = super(CompanyLDAP, self).get_or_create_user(cr, uid, conf, login,
-                                                              ldap_entry, context)
+    @api.multi
+    def get_or_create_user(self, cr, uid, conf, login, ldap_entry,
+                           context=None):
+        user_id = super(CompanyLDAP, self).get_or_create_user(
+            cr, uid, conf, login, ldap_entry, context)
         if not user_id:
             return user_id
         logger = logging.getLogger('users_ldap_groups')
@@ -92,11 +92,13 @@ class CompanyLDAP(orm.Model):
         conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
         if(conf_all['only_ldap_groups']):
             logger.debug('deleting all groups from user %d' % user_id)
-            userobj.write(cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
+            userobj.write(
+                cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
 
         for mapping in mappingobj.read(cr, uid, mappingobj.search(
                 cr, uid, [('ldap_id', '=', conf['id'])]), []):
-            operator = getattr(users_ldap_groups_operators, mapping['operator'])()
+            operator = getattr(users_ldap_groups_operators,
+                               mapping['operator'])()
             logger.debug('checking mapping %s' % mapping)
             if operator.check_value(ldap_entry, mapping['ldap_attribute'],
                                     mapping['value'], conf, self, logger):
diff --git a/users_ldap_groups/users_ldap_groups_operators.py b/users_ldap_groups/users_ldap_groups_operators.py
index 4de745fbf..e4354a825 100644
--- a/users_ldap_groups/users_ldap_groups_operators.py
+++ b/users_ldap_groups/users_ldap_groups_operators.py
@@ -26,22 +26,28 @@ class LDAPOperator:
 
 
 class contains(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
-        return (attribute in ldap_entry[1]) and (value in ldap_entry[1][attribute])
+    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
+                    logger):
+        return (attribute in ldap_entry[1]) and \
+            (value in ldap_entry[1][attribute])
 
 
 class equals(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
-        return attribute in ldap_entry[1] and unicode(value) == unicode(ldap_entry[1][attribute])
+    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
+                    logger):
+        return attribute in ldap_entry[1] and \
+            unicode(value) == unicode(ldap_entry[1][attribute])
 
 
 class query(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
+    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
+                    logger):
         query_string = Template(value).safe_substitute(dict(
             [(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
             )
         )
-        logger.debug('evaluating query group mapping, filter: %s' % query_string)
+        logger.debug('evaluating query group mapping, filter: %s' %
+                     query_string)
         results = company.query(ldap_config, query_string)
         logger.debug(results)
         return bool(results)

From 497eaf8caf357f375793b7ddb4dc4c43c7c096aa Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 15:52:59 +0200
Subject: [PATCH 03/14] move to new apis

---
 users_ldap_groups/users_ldap_groups.py | 32 +++++++++++---------------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index 5dcdaed31..6aec46d32 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -79,32 +79,28 @@ class CompanyLDAP(models.Model):
         'only_ldap_groups': False,
     }
 
-    @api.multi
-    def get_or_create_user(self, cr, uid, conf, login, ldap_entry,
-                           context=None):
+    @api.model
+    def get_or_create_user(self, conf, login, ldap_entry):
+        id_ = conf['id']
+        this = self.browse(id_)
         user_id = super(CompanyLDAP, self).get_or_create_user(
-            cr, uid, conf, login, ldap_entry, context)
+            conf, login, ldap_entry)
         if not user_id:
             return user_id
+        userobj = self.env['res.users']
+        user = userobj.browse(user_id)
         logger = logging.getLogger('users_ldap_groups')
-        mappingobj = self.pool.get('res.company.ldap.group_mapping')
-        userobj = self.pool.get('res.users')
-        conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
-        if(conf_all['only_ldap_groups']):
+        if self.only_ldap_groups:
             logger.debug('deleting all groups from user %d' % user_id)
-            userobj.write(
-                cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
+            userobj.write([user_id], {'groups_id': [(5, )]})
 
-        for mapping in mappingobj.read(cr, uid, mappingobj.search(
-                cr, uid, [('ldap_id', '=', conf['id'])]), []):
-            operator = getattr(users_ldap_groups_operators,
-                               mapping['operator'])()
+        for mapping in this.group_mappings:
+            operator = mapping.operator
+            operator = getattr(users_ldap_groups_operators, mapping.operator)()
             logger.debug('checking mapping %s' % mapping)
             if operator.check_value(ldap_entry, mapping['ldap_attribute'],
                                     mapping['value'], conf, self, logger):
                 logger.debug('adding user %d to group %s' %
-                             (user_id, mapping['group'][1]))
-                userobj.write(cr, uid, [user_id],
-                              {'groups_id': [(4, mapping['group'][0])]},
-                              context=context)
+                             (user_id, mapping.group.name))
+                user.write({'groups_id': [(4, mapping.group.id)]})
         return user_id

From 3f451ad1f35ceb09d5f401822f4be72e2fbcb7cd Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 16:00:39 +0200
Subject: [PATCH 04/14] fix missing new api call

---
 users_ldap_groups/users_ldap_groups.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index 6aec46d32..68b925c67 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -92,7 +92,7 @@ class CompanyLDAP(models.Model):
         logger = logging.getLogger('users_ldap_groups')
         if self.only_ldap_groups:
             logger.debug('deleting all groups from user %d' % user_id)
-            userobj.write([user_id], {'groups_id': [(5, )]})
+            user.write({'groups_id': [(5, )]})
 
         for mapping in this.group_mappings:
             operator = mapping.operator

From 912cdb8e16c0692669260a9fcbf89278c0982a3c Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 20:49:16 +0200
Subject: [PATCH 05/14] some makeup and change the ldap operators from plain
 python objects to a transientmodel

---
 users_ldap_groups/README.rst                  | 64 +++++++++++++++++++
 users_ldap_groups/__init__.py                 |  2 +-
 users_ldap_groups/__openerp__.py              | 22 -------
 users_ldap_groups/users_ldap_groups.py        | 54 +++++++++++-----
 .../users_ldap_groups_operators.py            | 53 ---------------
 5 files changed, 103 insertions(+), 92 deletions(-)
 create mode 100644 users_ldap_groups/README.rst
 delete mode 100644 users_ldap_groups/users_ldap_groups_operators.py

diff --git a/users_ldap_groups/README.rst b/users_ldap_groups/README.rst
new file mode 100644
index 000000000..2dbc81de3
--- /dev/null
+++ b/users_ldap_groups/README.rst
@@ -0,0 +1,64 @@
+.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
+    :alt: License: AGPL-3
+
+users_ldap_groups
+=================
+
+Adds user accounts to groups based on rules defined by the administrator.
+
+
+Usage
+=====
+
+Define mappings in Settings->Companies->[your company]->tab configuration->[
+your ldap server].
+
+Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
+mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
+to 'no' will result in users never losing privileges when you remove them from
+a ldap group, so that's a potential security issue. It is still the default to
+prevent losing group information by accident.
+
+For active directory, use LDAP attribute 'memberOf' and operator 'contains'.
+Fill in the DN of the windows group as value and choose an OpenERP group users
+with this windows group are to be assigned to.
+
+For posix accounts, use operator 'query' and a value like
+(&(cn=bzr)(objectClass=posixGroup)(memberUid=$uid))
+
+The operator query matches if the filter in value returns something, and value
+can contain $[attribute] which will be replaced by the first value of the
+user's ldap record's attribute named [attribute].
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed feedback
+`here <https://github.com/OCA/server-tools/issues/new?body=module:%20{module_name}%0Aversion:%20{version}%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+
+Credits
+=======
+
+Contributors
+------------
+
+* Therp BV <info@therp.nl>
+* Giacomo Spettoli <giacomo.spettoli@gmail.com>
+
+Maintainer
+----------
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+This module is maintained by the OCA.
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+To contribute to this module, please visit http://odoo-community.org.
diff --git a/users_ldap_groups/__init__.py b/users_ldap_groups/__init__.py
index 4db4e4cb2..d1066f41b 100644
--- a/users_ldap_groups/__init__.py
+++ b/users_ldap_groups/__init__.py
@@ -19,4 +19,4 @@
 #
 ##############################################################################
 
-import users_ldap_groups  # noqa
+from . import users_ldap_groups
diff --git a/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
index 9b63fec86..6014447dc 100644
--- a/users_ldap_groups/__openerp__.py
+++ b/users_ldap_groups/__openerp__.py
@@ -27,28 +27,6 @@
     "license": "AGPL-3",
     "description": """
 Adds user accounts to groups based on rules defined by the administrator.
-
-Usage:
-
-Define mappings in Settings->Companies->[your company]->tab configuration->[
-your ldap server].
-
-Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
-mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
-to 'no' will result in users never losing privileges when you remove them from
-a ldap group, so that's a potential security issue. It is still the default to
-prevent losing group information by accident.
-
-For active directory, use LDAP attribute 'memberOf' and operator 'contains'.
-Fill in the DN of the windows group as value and choose an OpenERP group users
-with this windows group are to be assigned to.
-
-For posix accounts, use operator 'query' and a value like
-(&(cn=bzr)(objectClass=posixGroup)(memberUid=$uid))
-
-The operator query matches if the filter in value returns something, and value
-can contain $[attribute] which will be replaced by the first value of the
-user's ldap record's attribute named [attribute].
 """,
     "category": "Tools",
     "data": [
diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index 68b925c67..b99ae0fea 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -23,8 +23,36 @@ from openerp import models
 from openerp import fields
 from openerp import api
 import logging
-import users_ldap_groups_operators
-import inspect
+from string import Template
+
+
+class LDAPOperator(models.TransientModel):
+    _name = "res.company.ldap.operator"
+
+    def operators(self):
+        return ('contains', 'equals', 'query')
+
+    def contains(self, ldap_entry, attribute, value, ldap_config, company,
+                 logger):
+        return (attribute in ldap_entry[1]) and \
+            (value in ldap_entry[1][attribute])
+
+    def equals(self, ldap_entry, attribute, value, ldap_config, company,
+               logger):
+        return attribute in ldap_entry[1] and \
+            unicode(value) == unicode(ldap_entry[1][attribute])
+
+    def query(self, ldap_entry, attribute, value, ldap_config, company,
+              logger):
+        query_string = Template(value).safe_substitute(dict(
+            [(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
+            )
+        )
+        logger.debug('evaluating query group mapping, filter: %s' %
+                     query_string)
+        results = company.query(ldap_config, query_string)
+        logger.debug(results)
+        return bool(results)
 
 
 class CompanyLDAPGroupMapping(models.Model):
@@ -33,19 +61,13 @@ class CompanyLDAPGroupMapping(models.Model):
     _order = 'ldap_attribute'
 
     def _get_operators(self):
-        operators = []
-        members = inspect.getmembers(
-            users_ldap_groups_operators,
-            lambda cls:
-            inspect.isclass(cls) and
-            cls != users_ldap_groups_operators.LDAPOperator)
-        for name, operator in members:
-            operators.append((name, name))
+        op_obj = self.env['res.company.ldap.operator']
+        operators = [(op, op) for op in op_obj.operators()]
         return tuple(operators)
 
     ldap_id = fields.Many2one('res.company.ldap', 'LDAP server', required=True)
     ldap_attribute = fields.Char(
-        'LDAP attribute', size=64,
+        'LDAP attribute',
         help='The LDAP attribute to check.\n'
              'For active directory, use memberOf.')
     operator = fields.Selection(
@@ -53,7 +75,7 @@ class CompanyLDAPGroupMapping(models.Model):
         help='The operator to check the attribute against the value\n'
         'For active directory, use \'contains\'', required=True)
     value = fields.Char(
-        'Value', size=1024,
+        'Value',
         help='The value to check the attribute against.\n'
         'For active directory, use the dn of the desired group',
         required=True)
@@ -81,6 +103,7 @@ class CompanyLDAP(models.Model):
 
     @api.model
     def get_or_create_user(self, conf, login, ldap_entry):
+        op_obj = self.env['res.company.ldap.operator']
         id_ = conf['id']
         this = self.browse(id_)
         user_id = super(CompanyLDAP, self).get_or_create_user(
@@ -95,11 +118,10 @@ class CompanyLDAP(models.Model):
             user.write({'groups_id': [(5, )]})
 
         for mapping in this.group_mappings:
-            operator = mapping.operator
-            operator = getattr(users_ldap_groups_operators, mapping.operator)()
+            operator = getattr(op_obj, mapping.operator)
             logger.debug('checking mapping %s' % mapping)
-            if operator.check_value(ldap_entry, mapping['ldap_attribute'],
-                                    mapping['value'], conf, self, logger):
+            if operator(ldap_entry, mapping['ldap_attribute'],
+                        mapping['value'], conf, self, logger):
                 logger.debug('adding user %d to group %s' %
                              (user_id, mapping.group.name))
                 user.write({'groups_id': [(4, mapping.group.id)]})
diff --git a/users_ldap_groups/users_ldap_groups_operators.py b/users_ldap_groups/users_ldap_groups_operators.py
deleted file mode 100644
index e4354a825..000000000
--- a/users_ldap_groups/users_ldap_groups_operators.py
+++ /dev/null
@@ -1,53 +0,0 @@
-# -*- coding: utf-8 -*-
-##############################################################################
-#
-#    OpenERP, Open Source Management Solution
-#    This module copyright (C) 2012 Therp BV (<http://therp.nl>).
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU Affero General Public License as
-#    published by the Free Software Foundation, either version 3 of the
-#    License, or (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU Affero General Public License for more details.
-#
-#    You should have received a copy of the GNU Affero General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-##############################################################################
-from string import Template
-
-
-class LDAPOperator:
-    pass
-
-
-class contains(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
-                    logger):
-        return (attribute in ldap_entry[1]) and \
-            (value in ldap_entry[1][attribute])
-
-
-class equals(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
-                    logger):
-        return attribute in ldap_entry[1] and \
-            unicode(value) == unicode(ldap_entry[1][attribute])
-
-
-class query(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
-                    logger):
-        query_string = Template(value).safe_substitute(dict(
-            [(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
-            )
-        )
-        logger.debug('evaluating query group mapping, filter: %s' %
-                     query_string)
-        results = company.query(ldap_config, query_string)
-        logger.debug(results)
-        return bool(results)

From 81dc7a84d0a032bdf700258d3e795fc8197d8c5f Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Fri, 17 Jul 2015 15:12:52 +0200
Subject: [PATCH 06/14] use AbstractModel instead of TransientModel so we don't
 create useless db tables

---
 users_ldap_groups/users_ldap_groups.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index b99ae0fea..4d08d8aaf 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -26,7 +26,7 @@ import logging
 from string import Template
 
 
-class LDAPOperator(models.TransientModel):
+class LDAPOperator(models.AbstractModel):
     _name = "res.company.ldap.operator"
 
     def operators(self):

From 5788dee62838d8454f746ebb7da33b3b0e933b28 Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Fri, 17 Jul 2015 15:13:33 +0200
Subject: [PATCH 07/14] change description with summary to have the following
 sentence show up beneath the module's name in kanban view

---
 users_ldap_groups/__openerp__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
index 6014447dc..39ca3893c 100644
--- a/users_ldap_groups/__openerp__.py
+++ b/users_ldap_groups/__openerp__.py
@@ -25,7 +25,7 @@
     "depends": ["auth_ldap"],
     "author": "Therp BV,Odoo Community Association (OCA)",
     "license": "AGPL-3",
-    "description": """
+    "summary": """
 Adds user accounts to groups based on rules defined by the administrator.
 """,
     "category": "Tools",

From 9a7cb96127baf602df515e2ea7d44984df9d980e Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 11:43:51 +0200
Subject: [PATCH 08/14] start moving the users_ldap_groups outside the
 __unported__ folder

---
 {__unported__/users_ldap_groups => users_ldap_groups}/__init__.py | 0
 .../users_ldap_groups => users_ldap_groups}/__openerp__.py        | 0
 .../i18n/users_ldap_groups.pot                                    | 0
 .../security/ir.model.access.csv                                  | 0
 .../users_ldap_groups => users_ldap_groups}/users_ldap_groups.py  | 0
 .../users_ldap_groups => users_ldap_groups}/users_ldap_groups.xml | 0
 .../users_ldap_groups_operators.py                                | 0
 7 files changed, 0 insertions(+), 0 deletions(-)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/__init__.py (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/__openerp__.py (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/i18n/users_ldap_groups.pot (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/security/ir.model.access.csv (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/users_ldap_groups.py (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/users_ldap_groups.xml (100%)
 rename {__unported__/users_ldap_groups => users_ldap_groups}/users_ldap_groups_operators.py (100%)

diff --git a/__unported__/users_ldap_groups/__init__.py b/users_ldap_groups/__init__.py
similarity index 100%
rename from __unported__/users_ldap_groups/__init__.py
rename to users_ldap_groups/__init__.py
diff --git a/__unported__/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
similarity index 100%
rename from __unported__/users_ldap_groups/__openerp__.py
rename to users_ldap_groups/__openerp__.py
diff --git a/__unported__/users_ldap_groups/i18n/users_ldap_groups.pot b/users_ldap_groups/i18n/users_ldap_groups.pot
similarity index 100%
rename from __unported__/users_ldap_groups/i18n/users_ldap_groups.pot
rename to users_ldap_groups/i18n/users_ldap_groups.pot
diff --git a/__unported__/users_ldap_groups/security/ir.model.access.csv b/users_ldap_groups/security/ir.model.access.csv
similarity index 100%
rename from __unported__/users_ldap_groups/security/ir.model.access.csv
rename to users_ldap_groups/security/ir.model.access.csv
diff --git a/__unported__/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
similarity index 100%
rename from __unported__/users_ldap_groups/users_ldap_groups.py
rename to users_ldap_groups/users_ldap_groups.py
diff --git a/__unported__/users_ldap_groups/users_ldap_groups.xml b/users_ldap_groups/users_ldap_groups.xml
similarity index 100%
rename from __unported__/users_ldap_groups/users_ldap_groups.xml
rename to users_ldap_groups/users_ldap_groups.xml
diff --git a/__unported__/users_ldap_groups/users_ldap_groups_operators.py b/users_ldap_groups/users_ldap_groups_operators.py
similarity index 100%
rename from __unported__/users_ldap_groups/users_ldap_groups_operators.py
rename to users_ldap_groups/users_ldap_groups_operators.py

From c0b2e6454f0eea13b6580f87ad38730485d75e8b Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 13:41:38 +0200
Subject: [PATCH 09/14] porting to v8

---
 users_ldap_groups/__init__.py                 |  2 +-
 users_ldap_groups/__openerp__.py              | 10 +--
 users_ldap_groups/users_ldap_groups.py        | 80 ++++++++++---------
 .../users_ldap_groups_operators.py            | 18 +++--
 4 files changed, 59 insertions(+), 51 deletions(-)

diff --git a/users_ldap_groups/__init__.py b/users_ldap_groups/__init__.py
index d359182a2..4db4e4cb2 100644
--- a/users_ldap_groups/__init__.py
+++ b/users_ldap_groups/__init__.py
@@ -19,4 +19,4 @@
 #
 ##############################################################################
 
-import users_ldap_groups
+import users_ldap_groups  # noqa
diff --git a/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
index 190917a88..9b63fec86 100644
--- a/users_ldap_groups/__openerp__.py
+++ b/users_ldap_groups/__openerp__.py
@@ -30,13 +30,13 @@ Adds user accounts to groups based on rules defined by the administrator.
 
 Usage:
 
-Define mappings in Settings->Companies->[your company]->tab configuration->[your
-ldap server].
+Define mappings in Settings->Companies->[your company]->tab configuration->[
+your ldap server].
 
 Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
-mix of manually set groups and ldap groups (Only ldap groups=n). Setting this to
-'no' will result in users never losing privileges when you remove them from a
-ldap group, so that's a potential security issue. It is still the default to
+mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
+to 'no' will result in users never losing privileges when you remove them from
+a ldap group, so that's a potential security issue. It is still the default to
 prevent losing group information by accident.
 
 For active directory, use LDAP attribute 'memberOf' and operator 'contains'.
diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index bca79a05a..5dcdaed31 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -19,18 +19,20 @@
 #
 ##############################################################################
 
-from openerp.osv import fields, orm
+from openerp import models
+from openerp import fields
+from openerp import api
 import logging
 import users_ldap_groups_operators
 import inspect
 
 
-class CompanyLDAPGroupMapping(orm.Model):
+class CompanyLDAPGroupMapping(models.Model):
     _name = 'res.company.ldap.group_mapping'
     _rec_name = 'ldap_attribute'
     _order = 'ldap_attribute'
 
-    def _get_operators(self, cr, uid, context=None):
+    def _get_operators(self):
         operators = []
         members = inspect.getmembers(
             users_ldap_groups_operators,
@@ -41,49 +43,47 @@ class CompanyLDAPGroupMapping(orm.Model):
             operators.append((name, name))
         return tuple(operators)
 
-    _columns = {
-        'ldap_id': fields.many2one('res.company.ldap', 'LDAP server', required=True),
-        'ldap_attribute': fields.char(
-            'LDAP attribute', size=64,
-            help='The LDAP attribute to check.\n'
-                 'For active directory, use memberOf.'),
-        'operator': fields.selection(
-            _get_operators, 'Operator',
-            help='The operator to check the attribute against the value\n'
-            'For active directory, use \'contains\'', required=True),
-        'value': fields.char(
-            'Value', size=1024,
-            help='The value to check the attribute against.\n'
-            'For active directory, use the dn of the desired group',
-            required=True),
-        'group': fields.many2one(
-            'res.groups', 'OpenERP group',
-            help='The OpenERP group to assign', required=True),
-        }
+    ldap_id = fields.Many2one('res.company.ldap', 'LDAP server', required=True)
+    ldap_attribute = fields.Char(
+        'LDAP attribute', size=64,
+        help='The LDAP attribute to check.\n'
+             'For active directory, use memberOf.')
+    operator = fields.Selection(
+        _get_operators, 'Operator',
+        help='The operator to check the attribute against the value\n'
+        'For active directory, use \'contains\'', required=True)
+    value = fields.Char(
+        'Value', size=1024,
+        help='The value to check the attribute against.\n'
+        'For active directory, use the dn of the desired group',
+        required=True)
+    group = fields.Many2one(
+        'res.groups', 'OpenERP group',
+        help='The OpenERP group to assign', required=True)
 
 
-class CompanyLDAP(orm.Model):
+class CompanyLDAP(models.Model):
     _inherit = 'res.company.ldap'
 
-    _columns = {
-        'group_mappings': fields.one2many(
-            'res.company.ldap.group_mapping',
-            'ldap_id', 'Group mappings',
-            help='Define how OpenERP groups are assigned to ldap users'),
-        'only_ldap_groups': fields.boolean(
-            'Only ldap groups',
-            help='If this is checked, manual changes to group membership are '
-                 'undone on every login (so OpenERP groups are always synchronous '
-                 'with LDAP groups). If not, manually added groups are preserved.')
-    }
+    group_mappings = fields.One2many(
+        'res.company.ldap.group_mapping',
+        'ldap_id', 'Group mappings',
+        help='Define how OpenERP groups are assigned to ldap users')
+    only_ldap_groups = fields.Boolean(
+        'Only ldap groups',
+        help='If this is checked, manual changes to group membership are '
+             'undone on every login (so OpenERP groups are always synchronous '
+             'with LDAP groups). If not, manually added groups are preserved.')
 
     _default = {
         'only_ldap_groups': False,
     }
 
-    def get_or_create_user(self, cr, uid, conf, login, ldap_entry, context=None):
-        user_id = super(CompanyLDAP, self).get_or_create_user(cr, uid, conf, login,
-                                                              ldap_entry, context)
+    @api.multi
+    def get_or_create_user(self, cr, uid, conf, login, ldap_entry,
+                           context=None):
+        user_id = super(CompanyLDAP, self).get_or_create_user(
+            cr, uid, conf, login, ldap_entry, context)
         if not user_id:
             return user_id
         logger = logging.getLogger('users_ldap_groups')
@@ -92,11 +92,13 @@ class CompanyLDAP(orm.Model):
         conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
         if(conf_all['only_ldap_groups']):
             logger.debug('deleting all groups from user %d' % user_id)
-            userobj.write(cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
+            userobj.write(
+                cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
 
         for mapping in mappingobj.read(cr, uid, mappingobj.search(
                 cr, uid, [('ldap_id', '=', conf['id'])]), []):
-            operator = getattr(users_ldap_groups_operators, mapping['operator'])()
+            operator = getattr(users_ldap_groups_operators,
+                               mapping['operator'])()
             logger.debug('checking mapping %s' % mapping)
             if operator.check_value(ldap_entry, mapping['ldap_attribute'],
                                     mapping['value'], conf, self, logger):
diff --git a/users_ldap_groups/users_ldap_groups_operators.py b/users_ldap_groups/users_ldap_groups_operators.py
index 4de745fbf..e4354a825 100644
--- a/users_ldap_groups/users_ldap_groups_operators.py
+++ b/users_ldap_groups/users_ldap_groups_operators.py
@@ -26,22 +26,28 @@ class LDAPOperator:
 
 
 class contains(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
-        return (attribute in ldap_entry[1]) and (value in ldap_entry[1][attribute])
+    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
+                    logger):
+        return (attribute in ldap_entry[1]) and \
+            (value in ldap_entry[1][attribute])
 
 
 class equals(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
-        return attribute in ldap_entry[1] and unicode(value) == unicode(ldap_entry[1][attribute])
+    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
+                    logger):
+        return attribute in ldap_entry[1] and \
+            unicode(value) == unicode(ldap_entry[1][attribute])
 
 
 class query(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
+    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
+                    logger):
         query_string = Template(value).safe_substitute(dict(
             [(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
             )
         )
-        logger.debug('evaluating query group mapping, filter: %s' % query_string)
+        logger.debug('evaluating query group mapping, filter: %s' %
+                     query_string)
         results = company.query(ldap_config, query_string)
         logger.debug(results)
         return bool(results)

From 5710085027d909b886c56f678322f5dfd27cf5d1 Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 15:52:59 +0200
Subject: [PATCH 10/14] move to new apis

---
 users_ldap_groups/users_ldap_groups.py | 32 +++++++++++---------------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index 5dcdaed31..6aec46d32 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -79,32 +79,28 @@ class CompanyLDAP(models.Model):
         'only_ldap_groups': False,
     }
 
-    @api.multi
-    def get_or_create_user(self, cr, uid, conf, login, ldap_entry,
-                           context=None):
+    @api.model
+    def get_or_create_user(self, conf, login, ldap_entry):
+        id_ = conf['id']
+        this = self.browse(id_)
         user_id = super(CompanyLDAP, self).get_or_create_user(
-            cr, uid, conf, login, ldap_entry, context)
+            conf, login, ldap_entry)
         if not user_id:
             return user_id
+        userobj = self.env['res.users']
+        user = userobj.browse(user_id)
         logger = logging.getLogger('users_ldap_groups')
-        mappingobj = self.pool.get('res.company.ldap.group_mapping')
-        userobj = self.pool.get('res.users')
-        conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
-        if(conf_all['only_ldap_groups']):
+        if self.only_ldap_groups:
             logger.debug('deleting all groups from user %d' % user_id)
-            userobj.write(
-                cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
+            userobj.write([user_id], {'groups_id': [(5, )]})
 
-        for mapping in mappingobj.read(cr, uid, mappingobj.search(
-                cr, uid, [('ldap_id', '=', conf['id'])]), []):
-            operator = getattr(users_ldap_groups_operators,
-                               mapping['operator'])()
+        for mapping in this.group_mappings:
+            operator = mapping.operator
+            operator = getattr(users_ldap_groups_operators, mapping.operator)()
             logger.debug('checking mapping %s' % mapping)
             if operator.check_value(ldap_entry, mapping['ldap_attribute'],
                                     mapping['value'], conf, self, logger):
                 logger.debug('adding user %d to group %s' %
-                             (user_id, mapping['group'][1]))
-                userobj.write(cr, uid, [user_id],
-                              {'groups_id': [(4, mapping['group'][0])]},
-                              context=context)
+                             (user_id, mapping.group.name))
+                user.write({'groups_id': [(4, mapping.group.id)]})
         return user_id

From 725af132ec966ffb29e1a2d5df30ed8bdff8acb4 Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 16:00:39 +0200
Subject: [PATCH 11/14] fix missing new api call

---
 users_ldap_groups/users_ldap_groups.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index 6aec46d32..68b925c67 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -92,7 +92,7 @@ class CompanyLDAP(models.Model):
         logger = logging.getLogger('users_ldap_groups')
         if self.only_ldap_groups:
             logger.debug('deleting all groups from user %d' % user_id)
-            userobj.write([user_id], {'groups_id': [(5, )]})
+            user.write({'groups_id': [(5, )]})
 
         for mapping in this.group_mappings:
             operator = mapping.operator

From 8e19eb11c29c021d3a2fdf86bea4d65cb7c4badc Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Thu, 16 Jul 2015 20:49:16 +0200
Subject: [PATCH 12/14] some makeup and change the ldap operators from plain
 python objects to a transientmodel

---
 users_ldap_groups/README.rst                  | 64 +++++++++++++++++++
 users_ldap_groups/__init__.py                 |  2 +-
 users_ldap_groups/__openerp__.py              | 22 -------
 users_ldap_groups/users_ldap_groups.py        | 54 +++++++++++-----
 .../users_ldap_groups_operators.py            | 53 ---------------
 5 files changed, 103 insertions(+), 92 deletions(-)
 create mode 100644 users_ldap_groups/README.rst
 delete mode 100644 users_ldap_groups/users_ldap_groups_operators.py

diff --git a/users_ldap_groups/README.rst b/users_ldap_groups/README.rst
new file mode 100644
index 000000000..2dbc81de3
--- /dev/null
+++ b/users_ldap_groups/README.rst
@@ -0,0 +1,64 @@
+.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
+    :alt: License: AGPL-3
+
+users_ldap_groups
+=================
+
+Adds user accounts to groups based on rules defined by the administrator.
+
+
+Usage
+=====
+
+Define mappings in Settings->Companies->[your company]->tab configuration->[
+your ldap server].
+
+Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
+mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
+to 'no' will result in users never losing privileges when you remove them from
+a ldap group, so that's a potential security issue. It is still the default to
+prevent losing group information by accident.
+
+For active directory, use LDAP attribute 'memberOf' and operator 'contains'.
+Fill in the DN of the windows group as value and choose an OpenERP group users
+with this windows group are to be assigned to.
+
+For posix accounts, use operator 'query' and a value like
+(&(cn=bzr)(objectClass=posixGroup)(memberUid=$uid))
+
+The operator query matches if the filter in value returns something, and value
+can contain $[attribute] which will be replaced by the first value of the
+user's ldap record's attribute named [attribute].
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed feedback
+`here <https://github.com/OCA/server-tools/issues/new?body=module:%20{module_name}%0Aversion:%20{version}%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+
+Credits
+=======
+
+Contributors
+------------
+
+* Therp BV <info@therp.nl>
+* Giacomo Spettoli <giacomo.spettoli@gmail.com>
+
+Maintainer
+----------
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+This module is maintained by the OCA.
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+To contribute to this module, please visit http://odoo-community.org.
diff --git a/users_ldap_groups/__init__.py b/users_ldap_groups/__init__.py
index 4db4e4cb2..d1066f41b 100644
--- a/users_ldap_groups/__init__.py
+++ b/users_ldap_groups/__init__.py
@@ -19,4 +19,4 @@
 #
 ##############################################################################
 
-import users_ldap_groups  # noqa
+from . import users_ldap_groups
diff --git a/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
index 9b63fec86..6014447dc 100644
--- a/users_ldap_groups/__openerp__.py
+++ b/users_ldap_groups/__openerp__.py
@@ -27,28 +27,6 @@
     "license": "AGPL-3",
     "description": """
 Adds user accounts to groups based on rules defined by the administrator.
-
-Usage:
-
-Define mappings in Settings->Companies->[your company]->tab configuration->[
-your ldap server].
-
-Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
-mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
-to 'no' will result in users never losing privileges when you remove them from
-a ldap group, so that's a potential security issue. It is still the default to
-prevent losing group information by accident.
-
-For active directory, use LDAP attribute 'memberOf' and operator 'contains'.
-Fill in the DN of the windows group as value and choose an OpenERP group users
-with this windows group are to be assigned to.
-
-For posix accounts, use operator 'query' and a value like
-(&(cn=bzr)(objectClass=posixGroup)(memberUid=$uid))
-
-The operator query matches if the filter in value returns something, and value
-can contain $[attribute] which will be replaced by the first value of the
-user's ldap record's attribute named [attribute].
 """,
     "category": "Tools",
     "data": [
diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index 68b925c67..b99ae0fea 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -23,8 +23,36 @@ from openerp import models
 from openerp import fields
 from openerp import api
 import logging
-import users_ldap_groups_operators
-import inspect
+from string import Template
+
+
+class LDAPOperator(models.TransientModel):
+    _name = "res.company.ldap.operator"
+
+    def operators(self):
+        return ('contains', 'equals', 'query')
+
+    def contains(self, ldap_entry, attribute, value, ldap_config, company,
+                 logger):
+        return (attribute in ldap_entry[1]) and \
+            (value in ldap_entry[1][attribute])
+
+    def equals(self, ldap_entry, attribute, value, ldap_config, company,
+               logger):
+        return attribute in ldap_entry[1] and \
+            unicode(value) == unicode(ldap_entry[1][attribute])
+
+    def query(self, ldap_entry, attribute, value, ldap_config, company,
+              logger):
+        query_string = Template(value).safe_substitute(dict(
+            [(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
+            )
+        )
+        logger.debug('evaluating query group mapping, filter: %s' %
+                     query_string)
+        results = company.query(ldap_config, query_string)
+        logger.debug(results)
+        return bool(results)
 
 
 class CompanyLDAPGroupMapping(models.Model):
@@ -33,19 +61,13 @@ class CompanyLDAPGroupMapping(models.Model):
     _order = 'ldap_attribute'
 
     def _get_operators(self):
-        operators = []
-        members = inspect.getmembers(
-            users_ldap_groups_operators,
-            lambda cls:
-            inspect.isclass(cls) and
-            cls != users_ldap_groups_operators.LDAPOperator)
-        for name, operator in members:
-            operators.append((name, name))
+        op_obj = self.env['res.company.ldap.operator']
+        operators = [(op, op) for op in op_obj.operators()]
         return tuple(operators)
 
     ldap_id = fields.Many2one('res.company.ldap', 'LDAP server', required=True)
     ldap_attribute = fields.Char(
-        'LDAP attribute', size=64,
+        'LDAP attribute',
         help='The LDAP attribute to check.\n'
              'For active directory, use memberOf.')
     operator = fields.Selection(
@@ -53,7 +75,7 @@ class CompanyLDAPGroupMapping(models.Model):
         help='The operator to check the attribute against the value\n'
         'For active directory, use \'contains\'', required=True)
     value = fields.Char(
-        'Value', size=1024,
+        'Value',
         help='The value to check the attribute against.\n'
         'For active directory, use the dn of the desired group',
         required=True)
@@ -81,6 +103,7 @@ class CompanyLDAP(models.Model):
 
     @api.model
     def get_or_create_user(self, conf, login, ldap_entry):
+        op_obj = self.env['res.company.ldap.operator']
         id_ = conf['id']
         this = self.browse(id_)
         user_id = super(CompanyLDAP, self).get_or_create_user(
@@ -95,11 +118,10 @@ class CompanyLDAP(models.Model):
             user.write({'groups_id': [(5, )]})
 
         for mapping in this.group_mappings:
-            operator = mapping.operator
-            operator = getattr(users_ldap_groups_operators, mapping.operator)()
+            operator = getattr(op_obj, mapping.operator)
             logger.debug('checking mapping %s' % mapping)
-            if operator.check_value(ldap_entry, mapping['ldap_attribute'],
-                                    mapping['value'], conf, self, logger):
+            if operator(ldap_entry, mapping['ldap_attribute'],
+                        mapping['value'], conf, self, logger):
                 logger.debug('adding user %d to group %s' %
                              (user_id, mapping.group.name))
                 user.write({'groups_id': [(4, mapping.group.id)]})
diff --git a/users_ldap_groups/users_ldap_groups_operators.py b/users_ldap_groups/users_ldap_groups_operators.py
deleted file mode 100644
index e4354a825..000000000
--- a/users_ldap_groups/users_ldap_groups_operators.py
+++ /dev/null
@@ -1,53 +0,0 @@
-# -*- coding: utf-8 -*-
-##############################################################################
-#
-#    OpenERP, Open Source Management Solution
-#    This module copyright (C) 2012 Therp BV (<http://therp.nl>).
-#
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU Affero General Public License as
-#    published by the Free Software Foundation, either version 3 of the
-#    License, or (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU Affero General Public License for more details.
-#
-#    You should have received a copy of the GNU Affero General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-##############################################################################
-from string import Template
-
-
-class LDAPOperator:
-    pass
-
-
-class contains(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
-                    logger):
-        return (attribute in ldap_entry[1]) and \
-            (value in ldap_entry[1][attribute])
-
-
-class equals(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
-                    logger):
-        return attribute in ldap_entry[1] and \
-            unicode(value) == unicode(ldap_entry[1][attribute])
-
-
-class query(LDAPOperator):
-    def check_value(self, ldap_entry, attribute, value, ldap_config, company,
-                    logger):
-        query_string = Template(value).safe_substitute(dict(
-            [(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
-            )
-        )
-        logger.debug('evaluating query group mapping, filter: %s' %
-                     query_string)
-        results = company.query(ldap_config, query_string)
-        logger.debug(results)
-        return bool(results)

From 97febe4850803c756984c2273188c59f02eaa72b Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Fri, 17 Jul 2015 15:12:52 +0200
Subject: [PATCH 13/14] use AbstractModel instead of TransientModel so we don't
 create useless db tables

---
 users_ldap_groups/users_ldap_groups.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users_ldap_groups/users_ldap_groups.py b/users_ldap_groups/users_ldap_groups.py
index b99ae0fea..4d08d8aaf 100644
--- a/users_ldap_groups/users_ldap_groups.py
+++ b/users_ldap_groups/users_ldap_groups.py
@@ -26,7 +26,7 @@ import logging
 from string import Template
 
 
-class LDAPOperator(models.TransientModel):
+class LDAPOperator(models.AbstractModel):
     _name = "res.company.ldap.operator"
 
     def operators(self):

From 3139ea3ab3dfff1dee0ed121974b2d76bf955f70 Mon Sep 17 00:00:00 2001
From: Giacomo Spettoli <giacomo.spettoli@gmail.com>
Date: Fri, 17 Jul 2015 15:13:33 +0200
Subject: [PATCH 14/14] change description with summary to have the following
 sentence show up beneath the module's name in kanban view

---
 users_ldap_groups/__openerp__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users_ldap_groups/__openerp__.py b/users_ldap_groups/__openerp__.py
index 6014447dc..39ca3893c 100644
--- a/users_ldap_groups/__openerp__.py
+++ b/users_ldap_groups/__openerp__.py
@@ -25,7 +25,7 @@
     "depends": ["auth_ldap"],
     "author": "Therp BV,Odoo Community Association (OCA)",
     "license": "AGPL-3",
-    "description": """
+    "summary": """
 Adds user accounts to groups based on rules defined by the administrator.
 """,
     "category": "Tools",