1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
# -*- coding: utf-8 -*-
##############################################################################
#
# Original Module for OpenERP, Open Source Management Solution
# Copyright (C) 20014 TeMPO CONSULTING (<http://tempo-consulting.fr>).
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from openerp.osv import osv, fields
from openerp import tools
import ldap
import logging
from ldap.filter import filter_format
import openerp.exceptions
from openerp import SUPERUSER_ID
from openerp.modules.registry import RegistryManager
_logger = logging.getLogger(__name__)
import re
class res_users(osv.osv):
_inherit = 'res.users'
def hook_ldap_user_create(self, cr, uid, user_id, login, ldap_entry,
context=None):
"""
for ldap_entry content:
check auth_ldap/users_ldap.py: res_users.authenticate()
"""
if ldap_entry:
dn = ldap_entry[0]
if not dn:
return
ou = False
"""
split dn and get first OU (last OU node parent of user)
(office code always here)
dn: CN=FIRSTNAME Lastname,OU=Montauban-GF12,OU=Montauban2,
OU=UTILISATEURS,OU=04 - AXIMA REFRIGERATION,OU=GCR,
DC=D29,DC=tes,DC=local
"""
nodes = dn.split(',')
for n in nodes:
node_parts = n.split('=')
if len(node_parts) == 2:
if node_parts[0] == 'OU':
# first OU in dn (last OU NODE)
ou = node_parts[1]
break
if ou:
office_code = self.ldap_get_office_code_from_ou(ou)
if office_code:
self.register_company(cr, uid, user_id, login, office_code,
context=context)
def ldap_get_office_code_from_ou(self, ou):
"""
get axima office code from OU (organisational unit) sufix
OU is ended by -GF[NN|NNN] pattern (2 or 3 digits)
'Any AD group name-GFNN' or 'Any AD group name-GFNNN'
"""
match_obj = re.search('-GF(\d{2,3})$', ou)
if match_obj is not None:
office_number = match_obj.group(1)
return 'GF' + office_number
# special cases
if ou.endswith('-GFCN'):
# 'Contrats Nationaux' office
return 'GFCN'
return False
def register_company(self, cr, uid, user_id, login, office_code,
context=None):
# get company from code
domain = [
('office_code', '=', office_code),
]
comp_id = self.pool.get('res.company').search(cr, uid, domain,
context=context)
if not comp_id:
msg = u"Impossible de lier l'utilisateur au code agence '%s'"
raise osv.except_osv("Avertissement", msg % (office_code, ))
comp_id = comp_id[0]
company_obj = self.pool.get('res.company').browse(cr, uid, comp_id,
context=context)
# get sale team
if company_obj and company_obj.name:
domain = [
('name', '=', company_obj.name),
]
ccs_id = self.pool.get('crm.case.section').search(cr, uid, domain,
context=context)
vals = {
'company_id': comp_id,
# (4, ID) link to existing record with id = ID (adds a relationship)
'company_ids': [(4, comp_id)],
'default_section_id': ccs_id and ccs_id[0] or False,
}
if login:
# default mail for internal messages, bc even if alias is set,
# sending internal message need email field filled...
vals['email'] = login + '@localhost'
self.write(cr, uid, user_id, vals, context=context)
res_users()
class CompanyLDAP(osv.osv):
_inherit = 'res.company.ldap'
_columns = {
'ldap_base': fields.char('LDAP base', size=128, required=True), # resize from standard 64
}
def get_or_create_user(self, cr, uid, conf, login, ldap_entry,
context=None):
"""
Retrieve an active resource of model res_users with the specified
login. Create the user if it is not initially found.
:param dict conf: LDAP configuration
:param login: the user's login
:param tuple ldap_entry: single LDAP result (dn, attrs)
:return: res_users id
:rtype: int
"""
user_id = False
login = tools.ustr(login.lower())
cr.execute("SELECT id, active FROM res_users WHERE lower(login)=%s", (login,))
res = cr.fetchone()
if res:
if res[1]:
user_id = res[0]
elif conf['create_user']:
_logger.debug("Creating new OpenERP user \"%s\" from LDAP" % login)
user_obj = self.pool.get('res.users')
values = self.map_ldap_attributes(cr, uid, conf, login, ldap_entry)
if conf['user']:
values['active'] = True
user_id = user_obj.copy(cr, SUPERUSER_ID, conf['user'],
default=values)
else:
user_id = user_obj.create(cr, SUPERUSER_ID, values)
# Added by Tempo
user_obj.hook_ldap_user_create(cr, uid, user_id, login, ldap_entry,
context=context)
return user_id
CompanyLDAP()
|