Odoo Addons (MOVED TO GITHUB)

Merge lp:~ibeardslee/openobject-addons/users_ldap-tls into lp:openobject-addons

  1. users_ldap-tls
  2. Merge into trunk
Proposed by Ian Beardslee
Status: Superseded
Proposed branch: lp:~ibeardslee/openobject-addons/users_ldap-tls
Merge into: lp:openobject-addons
Prerequisite: lp:~openerp-community/openobject-addons/stefan-therp_lp794584
Diff against target: 93 lines (+23/-2) (has conflicts)
3 files modified
users_ldap/__openerp__.py (+12/-0)
users_ldap/users_ldap.py (+10/-2)
users_ldap/users_ldap_view.xml (+1/-0)
Text conflict in users_ldap/__openerp__.py
To merge this branch: bzr merge lp:~ibeardslee/openobject-addons/users_ldap-tls
Reviewer Review Type Date Requested Status
Stefan Rijnhart (Opener) (community) Needs Fixing
OpenERP Core Team Pending
Review via email: mp+71496@code.launchpad.net

This proposal has been superseded by a proposal from 2011-08-16.

Commit message

Improved code for STARTTLS support in users_ldap

Description of the change

Brought the ldap_tls_s into res_company_ldap.connect()

Removed the 'Start TLS' from the tree view, to keep that a bit cleaner.

Once again, only tested against a LDAP server that requires STARTTLS.

To post a comment you must log in.
Revision history for this message
Stefan Rijnhart (Opener) (stefan-opener) wrote :

Hi Ian,

thanks for resubmitting this. I have not seen this prerequisite branch functionality of bzr in action before, but it appears to be working pretty well apart from the phantom addition of 'hr_payroll/i18n/vi.po' that none of us commited in these branches (but that was added to the target branch in the meantime).

I am generally happy with your code changes and documentation, and have only one request. With regards to ldap.conf, you mention its default location and the fact that it may vary between distributions. It may be more correct to refer to its man page, which starts by explaining which files and locations are searched for LDAP defaults, in what order and how this can be manipulated using environment settings. The Sphynx syntax for this is

:manpage:`ldap.conf{5}`

Cheers,
Stefan.

review: Needs Fixing

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'users_ldap/__openerp__.py'
2--- users_ldap/__openerp__.py 2011-07-08 10:03:07 +0000
3+++ users_ldap/__openerp__.py 2011-08-16 22:08:37 +0000
4@@ -50,6 +50,11 @@
5 LDAP account that is used to verify if a user exists before
6 attempting to authenticate it.
7
8+Securing the connection with STARTTLS is available for LDAP
9+servers supporting STARTTLS. The default is to require STARTTLS.
10+For further options configuring the LDAP settings, refer to the
11+ldap.conf manpage :manpage:`ldap.conf(5)`.
12+
13 Security Considerations
14 +++++++++++++++++++++++
15 Users' LDAP passwords are never stored in the OpenERP database,
16@@ -78,6 +83,9 @@
17 always fails and the LDAP server is queried to do the
18 authentication.
19
20+Enabling STARTTLS ensures that the authentication query to the
21+LDAP server is encrypted.
22+
23 User Template
24 +++++++++++++
25 In the LDAP configuration on the Company form, it is possible to
26@@ -108,8 +116,12 @@
27 "website" : "http://www.openerp.com",
28 "category" : "Tools",
29 "data" : [
30+<<<<<<< TREE
31 "users_ldap_view.xml",
32 "user_ldap_installer.xml",
33+=======
34+ "users_ldap_view.xml",w
35+>>>>>>> MERGE-SOURCE
36 ],
37 "active": False,
38 "installable": True,
39
40=== modified file 'users_ldap/users_ldap.py'
41--- users_ldap/users_ldap.py 2011-08-16 22:08:34 +0000
42+++ users_ldap/users_ldap.py 2011-08-16 22:08:37 +0000
43@@ -50,7 +50,8 @@
44 args = []
45 cr.execute("""
46 SELECT id, company, ldap_server, ldap_server_port, ldap_binddn,
47- ldap_password, ldap_filter, ldap_base, "user", create_user
48+ ldap_password, ldap_filter, ldap_base, "user", create_user,
49+ ldap_tls
50 FROM res_company_ldap
51 WHERE ldap_server != '' """ + id_clause + """ ORDER BY sequence
52 """, args)
53@@ -67,7 +68,11 @@
54
55 uri = 'ldap://%s:%d' % (conf['ldap_server'],
56 conf['ldap_server_port'])
57- return ldap.initialize(uri)
58+
59+ connection = ldap.initialize(uri)
60+ if conf['ldap_tls']:
61+ connection.start_tls_s()
62+ return connection
63
64 def authenticate(self, conf, login, password):
65 """
66@@ -211,12 +216,15 @@
67 help="Model used for user creation"),
68 'create_user': fields.boolean('Create user',
69 help="Create the user if not in database"),
70+ 'ldap_tls': fields.boolean('Use TLS',
71+ help="Use STARTTLS to connect to the LDAP server"),
72 }
73 _defaults = {
74 'ldap_server': '127.0.0.1',
75 'ldap_server_port': 389,
76 'sequence': 10,
77 'create_user': True,
78+ 'ldap_tls': True,
79 }
80
81 CompanyLDAP()
82
83=== modified file 'users_ldap/users_ldap_view.xml'
84--- users_ldap/users_ldap_view.xml 2011-06-11 15:18:53 +0000
85+++ users_ldap/users_ldap_view.xml 2011-08-16 22:08:37 +0000
86@@ -20,6 +20,7 @@
87 <field name="user"/>
88 <newline/>
89 <field name="sequence"/>
90+ <field name="ldap_tls"/>
91 </form>
92 <tree string="LDAP Configuration">
93 <field name="sequence"/>

Subscribers

People subscribed via source and target branches

to all changes: