diff --git a/auth_ldaps/README.rst b/auth_ldaps/README.rst new file mode 100644 index 0000000000..c18dc0ca45 --- /dev/null +++ b/auth_ldaps/README.rst @@ -0,0 +1,116 @@ +==================== +LDAPS authentication +==================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:d0479aff742f2c5f5ff1bfa5a7de7ac307a3d04a5763dbe003aad01cbbd4c393 + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github + :target: https://github.com/OCA/server-auth/tree/17.0/auth_ldaps + :alt: OCA/server-auth +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/server-auth-17-0/server-auth-17-0-auth_ldaps + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=17.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This module allows to authenticate using a LDAP over SSL system. + +**Table of contents** + +.. contents:: + :local: + +Installation +============ + +To verify LDAPS server certificate, you need to: + +1. Add the CA certificate of the LDAPS on your server as a trusted + certificate +2. Check the ``Verify certificate`` flag in configuration + +Configuration +============= + +To configure this module, you need to: + +1. Access Settings / General Settings / LDAP Authentication / LDAP + Server +2. Check the ``Use LDAPS`` flag + +Usage +===== + + + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Authors +------- + +* CorporateHub +* Creu Blanca + +Contributors +------------ + +- Enric Tobella + +- `CorporateHub `__ + + - Alexey Pelykh + +- Bhavesh Odedra + +- `Trobz `__: + + - Hoang Diep + +Other credits +------------- + +The migration of this module from 15.0 to 16.0 was financially supported +by Camptocamp + +Maintainers +----------- + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/server-auth `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/auth_ldaps/__init__.py b/auth_ldaps/__init__.py new file mode 100644 index 0000000000..4b76c7b2d5 --- /dev/null +++ b/auth_ldaps/__init__.py @@ -0,0 +1,3 @@ +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). + +from . import models diff --git a/auth_ldaps/__manifest__.py b/auth_ldaps/__manifest__.py new file mode 100644 index 0000000000..9e3298fb6e --- /dev/null +++ b/auth_ldaps/__manifest__.py @@ -0,0 +1,19 @@ +# Copyright (C) 2017 Creu Blanca +# Copyright (C) 2018 Brainbean Apps +# Copyright 2020 CorporateHub (https://corporatehub.eu) +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). + +{ + "name": "LDAPS authentication", + "version": "17.0.1.0.0", + "category": "Tools", + "website": "https://github.com/OCA/server-auth", + "author": "CorporateHub, " "Creu Blanca, " "Odoo Community Association (OCA)", + "license": "AGPL-3", + "installable": True, + "application": False, + "summary": "Allows to use LDAP over SSL authentication", + "depends": ["auth_ldap"], + "data": ["views/res_company_ldap_views.xml"], + "external_dependencies": {"python": ["python-ldap"]}, +} diff --git a/auth_ldaps/i18n/auth_ldaps.pot b/auth_ldaps/i18n/auth_ldaps.pot new file mode 100644 index 0000000000..1fc2913824 --- /dev/null +++ b/auth_ldaps/i18n/auth_ldaps.pot @@ -0,0 +1,29 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * auth_ldaps +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 16.0\n" +"Report-Msgid-Bugs-To: \n" +"Last-Translator: \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: \n" + +#. module: auth_ldaps +#: model:ir.model,name:auth_ldaps.model_res_company_ldap +msgid "Company LDAP configuration" +msgstr "" + +#. module: auth_ldaps +#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__skip_cert_validation +msgid "Skip certificate validation" +msgstr "" + +#. module: auth_ldaps +#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__is_ssl +msgid "Use LDAPS" +msgstr "" diff --git a/auth_ldaps/i18n/it.po b/auth_ldaps/i18n/it.po new file mode 100644 index 0000000000..774c030afd --- /dev/null +++ b/auth_ldaps/i18n/it.po @@ -0,0 +1,41 @@ +# Translation of Odoo Server. +# This file contains the translation of the following modules: +# * auth_ldaps +# +msgid "" +msgstr "" +"Project-Id-Version: Odoo Server 14.0\n" +"Report-Msgid-Bugs-To: \n" +"PO-Revision-Date: 2021-03-02 19:45+0000\n" +"Last-Translator: Sergio Zanchetta \n" +"Language-Team: none\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: \n" +"Plural-Forms: nplurals=2; plural=n != 1;\n" +"X-Generator: Weblate 4.3.2\n" + +#. module: auth_ldaps +#: model:ir.model,name:auth_ldaps.model_res_company_ldap +msgid "Company LDAP configuration" +msgstr "Configurazione LDAP azienda" + +#. module: auth_ldaps +#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__skip_cert_validation +msgid "Skip certificate validation" +msgstr "Saltare verifica del certificato" + +#. module: auth_ldaps +#: model:ir.model.fields,field_description:auth_ldaps.field_res_company_ldap__is_ssl +msgid "Use LDAPS" +msgstr "Utilizzare LDAPS" + +#~ msgid "Display Name" +#~ msgstr "Nome visualizzato" + +#~ msgid "ID" +#~ msgstr "ID" + +#~ msgid "Last Modified on" +#~ msgstr "Ultima modifica il" diff --git a/auth_ldaps/models/__init__.py b/auth_ldaps/models/__init__.py new file mode 100644 index 0000000000..499b15f328 --- /dev/null +++ b/auth_ldaps/models/__init__.py @@ -0,0 +1,3 @@ +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). + +from . import res_company_ldap diff --git a/auth_ldaps/models/res_company_ldap.py b/auth_ldaps/models/res_company_ldap.py new file mode 100644 index 0000000000..b4a3775638 --- /dev/null +++ b/auth_ldaps/models/res_company_ldap.py @@ -0,0 +1,57 @@ +# Copyright (C) Creu Blanca +# Copyright (C) 2018 Brainbean Apps +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html). + + +import logging + +import ldap + +from odoo import fields, models +from odoo.tools.misc import str2bool + +_logger = logging.getLogger(__name__) + + +class CompanyLDAP(models.Model): + _inherit = "res.company.ldap" + + is_ssl = fields.Boolean(string="Use LDAPS", default=False) + skip_cert_validation = fields.Boolean( + string="Skip certificate validation", default=False + ) + + def _get_ldap_dicts(self): + res = super()._get_ldap_dicts() + for rec in res: + ldap = self.sudo().browse(rec["id"]) + rec["is_ssl"] = ldap.is_ssl or False + rec["skip_cert_validation"] = ldap.skip_cert_validation or False + return res + + def _connect(self, conf): + if conf["is_ssl"]: + uri = "ldaps://%s:%d" % (conf["ldap_server"], conf["ldap_server_port"]) + connection = ldap.initialize(uri) + ldap_chase_ref_disabled = ( + self.env["ir.config_parameter"] + .sudo() + .get_param("auth_ldap.disable_chase_ref") + ) + if str2bool(ldap_chase_ref_disabled): + connection.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF) + if conf["skip_cert_validation"]: + connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) + # this creates a new tls context, which is required to apply + # the options, but it also clears the default options defined + # in the openldap's configuration file, such as the TLS_CACERT + # option, which specifies the file containing the trusted + # certificates. this causes certificate verification to fail, + # even if it would succeed with the default options. this is + # why this is only called if we want to skip certificate + # verification. + connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0) + if conf["ldap_tls"]: + connection.start_tls_s() + return connection + return super()._connect(conf) diff --git a/auth_ldaps/pyproject.toml b/auth_ldaps/pyproject.toml new file mode 100644 index 0000000000..4231d0cccb --- /dev/null +++ b/auth_ldaps/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["whool"] +build-backend = "whool.buildapi" diff --git a/auth_ldaps/readme/CONFIGURE.md b/auth_ldaps/readme/CONFIGURE.md new file mode 100644 index 0000000000..6439d923e7 --- /dev/null +++ b/auth_ldaps/readme/CONFIGURE.md @@ -0,0 +1,5 @@ +To configure this module, you need to: + +1. Access Settings / General Settings / LDAP Authentication / LDAP + Server +2. Check the `Use LDAPS` flag diff --git a/auth_ldaps/readme/CONTRIBUTORS.md b/auth_ldaps/readme/CONTRIBUTORS.md new file mode 100644 index 0000000000..c1d5aadbfe --- /dev/null +++ b/auth_ldaps/readme/CONTRIBUTORS.md @@ -0,0 +1,11 @@ +- Enric Tobella \<\> + +- [CorporateHub](https://corporatehub.eu/) + + - Alexey Pelykh \<\> + +- Bhavesh Odedra \<\> + +- [Trobz](https://trobz.com): + + > - Hoang Diep \<\> diff --git a/auth_ldaps/readme/CREDITS.md b/auth_ldaps/readme/CREDITS.md new file mode 100644 index 0000000000..291e14c81e --- /dev/null +++ b/auth_ldaps/readme/CREDITS.md @@ -0,0 +1,2 @@ +The migration of this module from 15.0 to 16.0 was financially supported +by Camptocamp diff --git a/auth_ldaps/readme/DESCRIPTION.md b/auth_ldaps/readme/DESCRIPTION.md new file mode 100644 index 0000000000..defed2d590 --- /dev/null +++ b/auth_ldaps/readme/DESCRIPTION.md @@ -0,0 +1 @@ +This module allows to authenticate using a LDAP over SSL system. diff --git a/auth_ldaps/readme/INSTALL.md b/auth_ldaps/readme/INSTALL.md new file mode 100644 index 0000000000..711643999e --- /dev/null +++ b/auth_ldaps/readme/INSTALL.md @@ -0,0 +1,5 @@ +To verify LDAPS server certificate, you need to: + +1. Add the CA certificate of the LDAPS on your server as a trusted + certificate +2. Check the `Verify certificate` flag in configuration diff --git a/auth_ldaps/readme/USAGE.md b/auth_ldaps/readme/USAGE.md new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/auth_ldaps/readme/USAGE.md @@ -0,0 +1 @@ + diff --git a/auth_ldaps/static/description/icon.png b/auth_ldaps/static/description/icon.png new file mode 100644 index 0000000000..3a0328b516 Binary files /dev/null and b/auth_ldaps/static/description/icon.png differ diff --git a/auth_ldaps/static/description/index.html b/auth_ldaps/static/description/index.html new file mode 100644 index 0000000000..860ef9df56 --- /dev/null +++ b/auth_ldaps/static/description/index.html @@ -0,0 +1,469 @@ + + + + + +LDAPS authentication + + + +
+

LDAPS authentication

+ + +

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

+

This module allows to authenticate using a LDAP over SSL system.

+

Table of contents

+ +
+

Installation

+

To verify LDAPS server certificate, you need to:

+
    +
  1. Add the CA certificate of the LDAPS on your server as a trusted +certificate
    2. +
  2. Check the Verify certificate flag in configuration
    3. +
+
+
+

Configuration

+

To configure this module, you need to:

+
    +
  1. Access Settings / General Settings / LDAP Authentication / LDAP +Server
    2. +
  2. Check the Use LDAPS flag
    3. +
+
+
+

Usage

+
+
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Authors

+
    +
  • CorporateHub
    • +
  • Creu Blanca
    • +
+
+
+

Contributors

+ +
+
+

Other credits

+

The migration of this module from 15.0 to 16.0 was financially supported +by Camptocamp

+
+
+

Maintainers

+

This module is maintained by the OCA.

+ +Odoo Community Association + +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

This module is part of the OCA/server-auth project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/auth_ldaps/views/res_company_ldap_views.xml b/auth_ldaps/views/res_company_ldap_views.xml new file mode 100644 index 0000000000..641f352b4b --- /dev/null +++ b/auth_ldaps/views/res_company_ldap_views.xml @@ -0,0 +1,19 @@ + + + + + res.company.ldap.form + res.company.ldap + + + + + + + + + diff --git a/requirements.txt b/requirements.txt index 302ba0e988..72eb0562e8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,3 +3,4 @@ email_validator lxml pysaml2 python-jose +python-ldap