[MERGE] users_ldap: support for STARTTLS added, courtesy of Ian Beardslee
bzr revid: odo@openerp.com-20111109150536-ll84q6qskmes0nqb
This commit is contained in:
commit
08ee7f63cf
|
@ -50,6 +50,13 @@ anonymous authentication for users, it is only for the master
|
|||
LDAP account that is used to verify if a user exists before
|
||||
attempting to authenticate it.
|
||||
|
||||
Securing the connection with STARTTLS is available for LDAP
|
||||
servers supporting it, by enabling the TLS option in the LDAP
|
||||
configuration.
|
||||
|
||||
For further options configuring the LDAP settings, refer to the
|
||||
ldap.conf manpage :manpage:`ldap.conf(5)`.
|
||||
|
||||
Security Considerations
|
||||
+++++++++++++++++++++++
|
||||
Users' LDAP passwords are never stored in the OpenERP database,
|
||||
|
@ -78,6 +85,9 @@ OpenERP database (which means no access), the first step
|
|||
always fails and the LDAP server is queried to do the
|
||||
authentication.
|
||||
|
||||
Enabling STARTTLS ensures that the authentication query to the
|
||||
LDAP server is encrypted.
|
||||
|
||||
User Template
|
||||
+++++++++++++
|
||||
In the LDAP configuration on the Company form, it is possible to
|
||||
|
|
|
@ -52,7 +52,8 @@ class CompanyLDAP(osv.osv):
|
|||
args = []
|
||||
cr.execute("""
|
||||
SELECT id, company, ldap_server, ldap_server_port, ldap_binddn,
|
||||
ldap_password, ldap_filter, ldap_base, "user", create_user
|
||||
ldap_password, ldap_filter, ldap_base, "user", create_user,
|
||||
ldap_tls
|
||||
FROM res_company_ldap
|
||||
WHERE ldap_server != '' """ + id_clause + """ ORDER BY sequence
|
||||
""", args)
|
||||
|
@ -69,7 +70,11 @@ class CompanyLDAP(osv.osv):
|
|||
|
||||
uri = 'ldap://%s:%d' % (conf['ldap_server'],
|
||||
conf['ldap_server_port'])
|
||||
return ldap.initialize(uri)
|
||||
|
||||
connection = ldap.initialize(uri)
|
||||
if conf['ldap_tls']:
|
||||
connection.start_tls_s()
|
||||
return connection
|
||||
|
||||
def authenticate(self, conf, login, password):
|
||||
"""
|
||||
|
@ -213,6 +218,10 @@ class CompanyLDAP(osv.osv):
|
|||
help="Model used for user creation"),
|
||||
'create_user': fields.boolean('Create user',
|
||||
help="Create the user if not in database"),
|
||||
'ldap_tls': fields.boolean('Use TLS',
|
||||
help="Request secure TLS/SSL encryption when connecting to the LDAP server. "
|
||||
"This option requires a server with STARTTLS enabled, "
|
||||
"otherwise all authentication attempts will fail."),
|
||||
}
|
||||
_defaults = {
|
||||
'ldap_server': '127.0.0.1',
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
<field name="user"/>
|
||||
<newline/>
|
||||
<field name="sequence"/>
|
||||
<field name="ldap_tls"/>
|
||||
</form>
|
||||
<tree string="LDAP Configuration">
|
||||
<field name="sequence"/>
|
||||
|
|
Loading…
Reference in New Issue