Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[17.0] [MIG] auth_ldaps: Migration to 17.0 #643

Open
wants to merge 34 commits into
base: 17.0
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
f8a0dfd
[ADD] auth_ldaps
etobella Dec 22, 2017
d2db33d
[MIG] auth_ldaps: Migration to 12.0
alexey-pelykh Oct 16, 2018
7a0fc34
[FIX] auth_ldaps: Specify ldap as Python dependency and safely import it
alexey-pelykh Oct 17, 2018
90c9ea8
[12.0][FIX] auth_ldap_attribute_sync & auth_ldaps: author name
alexey-pelykh Nov 7, 2018
45c56e9
[IMP] auth_ldaps: black, isort, prettier
Apr 1, 2020
28d819d
[13.0][MIG] auth_ldaps
Apr 1, 2020
a81890c
fix linting
gurneyalex May 29, 2020
272f5aa
add python-ldap dependency
gurneyalex May 29, 2020
f7c7d2a
[UPD] Update auth_ldaps.pot
oca-travis Jun 5, 2020
92a7229
[UPD] README.rst
OCA-git-bot Jun 5, 2020
0b82f93
[UPD] Brainbean Apps => CorporateHub
alexey-pelykh Nov 8, 2020
87cf16e
[UPD] README.rst
OCA-git-bot Nov 8, 2020
89d89d9
auth_ldaps 13.0.1.0.1
OCA-git-bot Nov 8, 2020
5d9b67a
[MIG][14.0] auth_ldaps
gurneyalex Nov 30, 2020
c4fafb8
[UPD] Update auth_ldaps.pot
oca-travis Feb 2, 2021
059fdda
[UPD] README.rst
OCA-git-bot Feb 2, 2021
92cca4c
Added translation using Weblate (Italian)
primes2h Feb 12, 2021
c3526ec
Translated using Weblate (Italian)
primes2h Feb 12, 2021
5fea19d
Translated using Weblate (Italian)
primes2h Mar 2, 2021
3a82e6c
[FIX] fix ldaps certificate verification
huguesdk Nov 9, 2021
1a6c3f1
auth_ldaps 14.0.1.0.1
OCA-git-bot Mar 22, 2022
bea6d38
[IMP] auth_ldaps: black, isort, prettier
albig Sep 14, 2022
92ed5fc
[MIG] auth_ldaps: Migration to 15.0
albig Sep 14, 2022
39ad450
Update readme with oca-gen-addon-readme
albig Sep 14, 2022
0a5e604
[UPD] README.rst
OCA-git-bot Jan 9, 2023
5ffaa85
Update translation files
weblate Jan 9, 2023
75741ab
[16.0][MIG] auth_ldaps: Migration to 16.0
anothingguy Apr 17, 2023
ffa291b
[UPD] Update auth_ldaps.pot
Apr 17, 2023
9df95fa
[UPD] README.rst
OCA-git-bot Apr 17, 2023
d416e84
[UPD] README.rst
OCA-git-bot Sep 3, 2023
1aacc37
[IMP] auth_ldaps: pre-commit stuff
rven May 6, 2024
d2ab2c3
[MIG] auth_ldaps: Migration to 17.0
rven May 6, 2024
4710036
[FIX] Remove model description
rven Aug 1, 2024
1337793
[IMP] auth_ldaps: Allow disabling LDAP ref-chasing
ryanc-me Jul 31, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 116 additions & 0 deletions auth_ldaps/README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
====================
LDAPS authentication
====================

..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! source digest: sha256:d0479aff742f2c5f5ff1bfa5a7de7ac307a3d04a5763dbe003aad01cbbd4c393
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
:target: https://odoo-community.org/page/development-status
:alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
:alt: License: AGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
:target: https://github.com/OCA/server-auth/tree/17.0/auth_ldaps
:alt: OCA/server-auth
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_ldaps
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
:target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=17.0
:alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

This module allows to authenticate using a LDAP over SSL system.

**Table of contents**

.. contents::
:local:

Installation
============

To verify LDAPS server certificate, you need to:

1. Add the CA certificate of the LDAPS on your server as a trusted
certificate
2. Check the ``Verify certificate`` flag in configuration

Configuration
=============

To configure this module, you need to:

1. Access Settings / General Settings / LDAP Authentication / LDAP
Server
2. Check the ``Use LDAPS`` flag

Usage
=====



Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_ldaps%0Aversion:%2017.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
-------

* CorporateHub
* Creu Blanca

Contributors
------------

- Enric Tobella <[email protected]>

- `CorporateHub <https://corporatehub.eu/>`__

- Alexey Pelykh <[email protected]>

- Bhavesh Odedra <[email protected]>

- `Trobz <https://trobz.com>`__:

- Hoang Diep <[email protected]>

Other credits
-------------

The migration of this module from 15.0 to 16.0 was financially supported
by Camptocamp

Maintainers
-----------

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/17.0/auth_ldaps>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
3 changes: 3 additions & 0 deletions auth_ldaps/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).

from . import models
19 changes: 19 additions & 0 deletions auth_ldaps/__manifest__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Copyright (C) 2017 Creu Blanca
# Copyright (C) 2018 Brainbean Apps
# Copyright 2020 CorporateHub (https://corporatehub.eu)
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).

{
"name": "LDAPS authentication",
"version": "17.0.1.0.0",
"category": "Tools",
"website": "https://github.com/OCA/server-auth",
"author": "CorporateHub, " "Creu Blanca, " "Odoo Community Association (OCA)",
"license": "AGPL-3",
"installable": True,
"application": False,
"summary": "Allows to use LDAP over SSL authentication",
"depends": ["auth_ldap"],
"data": ["views/res_company_ldap_views.xml"],
"external_dependencies": {"python": ["python-ldap"]},
}
29 changes: 29 additions & 0 deletions auth_ldaps/i18n/auth_ldaps.pot
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Translation of Odoo Server.
# This file contains the translation of the following modules:
# * auth_ldaps
#
msgid ""
msgstr ""
"Project-Id-Version: Odoo Server 16.0\n"
"Report-Msgid-Bugs-To: \n"
"Last-Translator: \n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: \n"

#. module: auth_ldaps
#: model:ir.model,name:auth_ldaps.model_res_company_ldap
msgid "Company LDAP configuration"
msgstr ""

#. module: auth_ldaps
#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__skip_cert_validation
msgid "Skip certificate validation"
msgstr ""

#. module: auth_ldaps
#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__is_ssl
msgid "Use LDAPS"
msgstr ""
41 changes: 41 additions & 0 deletions auth_ldaps/i18n/it.po
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Translation of Odoo Server.
# This file contains the translation of the following modules:
# * auth_ldaps
#
msgid ""
msgstr ""
"Project-Id-Version: Odoo Server 14.0\n"
"Report-Msgid-Bugs-To: \n"
"PO-Revision-Date: 2021-03-02 19:45+0000\n"
"Last-Translator: Sergio Zanchetta <[email protected]>\n"
"Language-Team: none\n"
"Language: it\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Weblate 4.3.2\n"

#. module: auth_ldaps
#: model:ir.model,name:auth_ldaps.model_res_company_ldap
msgid "Company LDAP configuration"
msgstr "Configurazione LDAP azienda"

#. module: auth_ldaps
#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__skip_cert_validation
msgid "Skip certificate validation"
msgstr "Saltare verifica del certificato"

#. module: auth_ldaps
#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__is_ssl
msgid "Use LDAPS"
msgstr "Utilizzare LDAPS"

#~ msgid "Display Name"
#~ msgstr "Nome visualizzato"

#~ msgid "ID"
#~ msgstr "ID"

#~ msgid "Last Modified on"
#~ msgstr "Ultima modifica il"
3 changes: 3 additions & 0 deletions auth_ldaps/models/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).

from . import res_company_ldap
57 changes: 57 additions & 0 deletions auth_ldaps/models/res_company_ldap.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
# Copyright (C) Creu Blanca
# Copyright (C) 2018 Brainbean Apps
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).


import logging

import ldap

from odoo import fields, models
from odoo.tools.misc import str2bool

_logger = logging.getLogger(__name__)


class CompanyLDAP(models.Model):
_inherit = "res.company.ldap"

is_ssl = fields.Boolean(string="Use LDAPS", default=False)
skip_cert_validation = fields.Boolean(
string="Skip certificate validation", default=False
)

def _get_ldap_dicts(self):
res = super()._get_ldap_dicts()
for rec in res:
ldap = self.sudo().browse(rec["id"])
rec["is_ssl"] = ldap.is_ssl or False
rec["skip_cert_validation"] = ldap.skip_cert_validation or False

Check warning on line 29 in auth_ldaps/models/res_company_ldap.py

View check run for this annotation

Codecov / codecov/patch

auth_ldaps/models/res_company_ldap.py#L27-L29

Added lines #L27 - L29 were not covered by tests
return res

def _connect(self, conf):
if conf["is_ssl"]:
uri = "ldaps://%s:%d" % (conf["ldap_server"], conf["ldap_server_port"])
connection = ldap.initialize(uri)
ldap_chase_ref_disabled = (

Check warning on line 36 in auth_ldaps/models/res_company_ldap.py

View check run for this annotation

Codecov / codecov/patch

auth_ldaps/models/res_company_ldap.py#L34-L36

Added lines #L34 - L36 were not covered by tests
self.env["ir.config_parameter"]
.sudo()
.get_param("auth_ldap.disable_chase_ref")
)
if str2bool(ldap_chase_ref_disabled):
connection.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)

Check warning on line 42 in auth_ldaps/models/res_company_ldap.py

View check run for this annotation

Codecov / codecov/patch

auth_ldaps/models/res_company_ldap.py#L42

Added line #L42 was not covered by tests
if conf["skip_cert_validation"]:
connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)

Check warning on line 44 in auth_ldaps/models/res_company_ldap.py

View check run for this annotation

Codecov / codecov/patch

auth_ldaps/models/res_company_ldap.py#L44

Added line #L44 was not covered by tests
# this creates a new tls context, which is required to apply
# the options, but it also clears the default options defined
# in the openldap's configuration file, such as the TLS_CACERT
# option, which specifies the file containing the trusted
# certificates. this causes certificate verification to fail,
# even if it would succeed with the default options. this is
# why this is only called if we want to skip certificate
# verification.
connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

Check warning on line 53 in auth_ldaps/models/res_company_ldap.py

View check run for this annotation

Codecov / codecov/patch

auth_ldaps/models/res_company_ldap.py#L53

Added line #L53 was not covered by tests
if conf["ldap_tls"]:
connection.start_tls_s()
return connection
return super()._connect(conf)

Check warning on line 57 in auth_ldaps/models/res_company_ldap.py

View check run for this annotation

Codecov / codecov/patch

auth_ldaps/models/res_company_ldap.py#L55-L57

Added lines #L55 - L57 were not covered by tests
3 changes: 3 additions & 0 deletions auth_ldaps/pyproject.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[build-system]
requires = ["whool"]
build-backend = "whool.buildapi"
5 changes: 5 additions & 0 deletions auth_ldaps/readme/CONFIGURE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
To configure this module, you need to:

1. Access Settings / General Settings / LDAP Authentication / LDAP
Server
2. Check the `Use LDAPS` flag
11 changes: 11 additions & 0 deletions auth_ldaps/readme/CONTRIBUTORS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
- Enric Tobella \<<[email protected]>\>

- [CorporateHub](https://corporatehub.eu/)

- Alexey Pelykh \<<[email protected]>\>

- Bhavesh Odedra \<<[email protected]>\>

- [Trobz](https://trobz.com):

> - Hoang Diep \<<[email protected]>\>
2 changes: 2 additions & 0 deletions auth_ldaps/readme/CREDITS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
The migration of this module from 15.0 to 16.0 was financially supported
by Camptocamp
1 change: 1 addition & 0 deletions auth_ldaps/readme/DESCRIPTION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
This module allows to authenticate using a LDAP over SSL system.
5 changes: 5 additions & 0 deletions auth_ldaps/readme/INSTALL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
To verify LDAPS server certificate, you need to:

1. Add the CA certificate of the LDAPS on your server as a trusted
certificate
2. Check the `Verify certificate` flag in configuration
1 change: 1 addition & 0 deletions auth_ldaps/readme/USAGE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@

Binary file added auth_ldaps/static/description/icon.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Loading