1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
# -*- coding: utf-8 -*-
##############################################################################
#
# OpenERP, Open Source Management Solution
# This module copyright (C) 2012 Therp BV (<http://therp.nl>).
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from openerp.osv import fields, osv
import logging
import users_ldap_groups_operators
import inspect
import sys
class CompanyLDAPGroupMapping(osv.osv):
_name='res.company.ldap.group_mapping'
_rec_name='ldap_attribute'
_order='ldap_attribute'
def _get_operators(self, cr, uid, context=None):
operators=[]
for name, operator in inspect.getmembers(users_ldap_groups_operators, lambda cls: inspect.isclass(cls) and cls!=users_ldap_groups_operators.LDAPOperator):
operators.append((name, name))
return tuple(operators)
_columns={
'ldap_id': fields.many2one('res.company.ldap', 'LDAP server', required=True),
'ldap_attribute': fields.char('LDAP attribute', size=64, help='The LDAP attribute to check.\nFor active directory, use memberOf.', required=True),
'operator': fields.selection(_get_operators, 'Operator', help='The operator to check the attribute against the value\nFor active directory, use \'contains\'', required=True),
'value': fields.char('Value', size=1024, help='The value to check the attribute against.\nFor active directory, use the dn of the desired group', required=True),
'group': fields.many2one('res.groups', 'OpenERP group', help='The OpenERP group to assign', required=True),
}
class CompanyLDAP(osv.osv):
_inherit='res.company.ldap'
_columns={
'group_mappings': fields.one2many('res.company.ldap.group_mapping', 'ldap_id', 'Group mappings', help='Define how OpenERP groups are assigned to ldap users'),
'only_ldap_groups': fields.boolean('Only ldap groups', help='If this is checked, manual changes to group membership are undone on every login (so OpenERP groups are always synchronous with LDAP groups). If not, manually added groups are preserved.')
}
_default={
'only_ldap_groups': False
}
def get_or_create_user(self, cr, uid, conf, login, ldap_entry, context=None):
user_id=super(CompanyLDAP, self).get_or_create_user(cr, uid, conf, login, ldap_entry, context)
logger=logging.getLogger('users_ldap_groups')
mappingobj=self.pool.get('res.company.ldap.group_mapping')
userobj=self.pool.get('res.users')
conf_all=self.read(cr, uid, conf['id'], ['only_ldap_groups'])
if(conf_all['only_ldap_groups']):
logger.debug('deleting all groups from user %d' % user_id)
userobj.write(cr, uid, user_id, {'groups_id': [(5, )]})
for mapping in mappingobj.read(cr, uid, mappingobj.search(cr, uid, [('ldap_id', '=', conf['id'])]), []):
operator=getattr(users_ldap_groups_operators, mapping['operator'])()
logger.debug('checking mapping %s' % mapping)
if operator.check_value(ldap_entry, mapping['ldap_attribute'], mapping['value']):
logger.debug('adding user %d to group %s' % (user_id, mapping['group'][1]))
userobj.write(cr, uid, user_id, {'groups_id': [(4, mapping['group'][0])]})
return user_id
|