From 7cb887d4da121456c16adc632ccace726d91e73c Mon Sep 17 00:00:00 2001
From: ced <>
Date: Wed, 7 Mar 2007 15:53:14 +0000
Subject: [PATCH] USERS_LDAP,KERNEL: small fix for login and add new module for
 users ldap

bzr revid: ced-f970bba067f81d4065e317a395dada8ae399774b
---
 addons/l10n_ch/v11/v11_import.py      |   4 +-
 addons/users_ldap/__init__.py         |  29 ++++++
 addons/users_ldap/__terp__.py         |  18 ++++
 addons/users_ldap/users_ldap.py       | 129 ++++++++++++++++++++++++++
 addons/users_ldap/users_ldap_view.xml |  22 +++++
 5 files changed, 200 insertions(+), 2 deletions(-)
 create mode 100644 addons/users_ldap/__init__.py
 create mode 100644 addons/users_ldap/__terp__.py
 create mode 100644 addons/users_ldap/users_ldap.py
 create mode 100644 addons/users_ldap/users_ldap_view.xml

diff --git a/addons/l10n_ch/v11/v11_import.py b/addons/l10n_ch/v11/v11_import.py
index ceea5bd6d74..e8c5c1987af 100644
--- a/addons/l10n_ch/v11/v11_import.py
+++ b/addons/l10n_ch/v11/v11_import.py
@@ -215,6 +215,8 @@ def _v11_parsing(self, cr, uid, data, context):
 					
 				std_log = std_log + " Amount expected : %d"% amount_to_pay
 			
+			bkst_list.append(bk_st_id)
+
 		except osv.except_osv, e:
 			cr.rollback() 
 			nb_err+=1
@@ -234,8 +236,6 @@ def _v11_parsing(self, cr, uid, data, context):
 			err_log= err_log +'\n * Line '+rec['line_number'] +', invoice '+rec['invoice_ref'].lstrip('0')
 			raise
 
-	bkst_list.append(bk_st_id)
-
 	err_log= err_log + '\n\n --' +'\nNumber of parsed lines : '+ str(len(rec_list)) +'\nNumber of error : '+ str(nb_err)
 
 	pool.get('account.v11').create(cr, uid,{
diff --git a/addons/users_ldap/__init__.py b/addons/users_ldap/__init__.py
new file mode 100644
index 00000000000..8a12325a454
--- /dev/null
+++ b/addons/users_ldap/__init__.py
@@ -0,0 +1,29 @@
+##############################################################################
+#
+# Copyright (c) 2007 TINY SPRL. (http://tiny.be) All Rights Reserved.
+#                    Fabien Pinckaers <fp@tiny.Be>
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+import users_ldap
diff --git a/addons/users_ldap/__terp__.py b/addons/users_ldap/__terp__.py
new file mode 100644
index 00000000000..54aa633e89d
--- /dev/null
+++ b/addons/users_ldap/__terp__.py
@@ -0,0 +1,18 @@
+{
+	"name" : "Authenticate users with ldap server",
+	"version" : "0.1",
+	"depends" : ["base"],
+	"author" : "Tiny",
+	"description": """Add support for authentication by ldap server""",
+	"website" : "http://tinyerp.com/",
+	"category" : "Generic Modules/Others",
+	"init_xml" : [
+	],
+	"demo_xml" : [
+	],
+	"update_xml" : [
+		"users_ldap_view.xml",
+	],
+	"active": False,
+	"installable": True
+}
diff --git a/addons/users_ldap/users_ldap.py b/addons/users_ldap/users_ldap.py
new file mode 100644
index 00000000000..295546975a0
--- /dev/null
+++ b/addons/users_ldap/users_ldap.py
@@ -0,0 +1,129 @@
+##############################################################################
+#
+# Copyright (c) 2004-2007 TINY SPRL. (http://tiny.be) All Rights Reserved.
+#
+# $Id: account.py 1005 2005-07-25 08:41:42Z nicoe $
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsability of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# garantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+##############################################################################
+
+from osv import fields,osv
+from service import security
+import pooler
+
+try:
+	import ldap
+except ImportError:
+	import netsvc
+	logger = netsvc.Logger()
+	logger.notifyChannel("init", netsvc.LOG_ERROR, "could not import ldap!")
+
+class res_company(osv.osv):
+	_inherit = "res.company"
+
+	_columns = {
+		'ldap_server': fields.char('LDAP Server address', size=64),
+		'ldap_binddn': fields.char('LDAP binddn', size=64),
+		'ldap_password': fields.char('LDAP password', size=64),
+		'ldap_filter': fields.char('LDAP filter', size=64),
+		'ldap_base': fields.char('LDAP base', size=64),
+	}
+res_company()
+
+def ldap_login(oldfnc):
+	def _ldap_login(db, login, passwd):
+		cr = pooler.get_db(db).cursor()
+		cr.execute("select id, name, ldap_server, ldap_binddn, ldap_password, ldap_filter, ldap_base from res_company where ldap_server != '' and ldap_binddn != ''")
+		for res_company in cr.dictfetchall():
+			try:
+				l = ldap.open(res_company['ldap_server'])
+				if l.simple_bind_s(res_company['ldap_binddn'], res_company['ldap_password']):
+					base = res_company['ldap_base']
+					scope = ldap.SCOPE_SUBTREE
+					filter = res_company['ldap_filter']%(login,)
+					retrieve_attributes = None
+					result_id = l.search(base, scope, filter, retrieve_attributes)
+					timeout = 60
+					result_type, result_data = l.result(result_id, timeout)
+					if not result_data:
+						continue
+					if result_type == ldap.RES_SEARCH_RESULT and len(result_data) == 1:
+						dn=result_data[0][0]
+						name=result_data[0][1]['cn']
+						if l.bind_s(dn, passwd):
+							cr.execute("select id from res_users where login=%s",(login.encode('utf-8'),))
+							res = cr.fetchone()
+							if res:
+								cr.close()
+								return res[0]
+							users_obj = pooler.get_pool(cr.dbname).get('res.users')
+							action_obj = pooler.get_pool(cr.dbname).get('ir.actions.actions')
+							action_id = action_obj.search(cr, 1, [('usage', '=', 'menu')])[0]
+							res = users_obj.create(cr, 1, {'name': name, 'login': login.encode('utf-8'), 'company_id': res_company['id'], 'action_id': action_id})
+							cr.commit()
+							cr.close()
+							return res
+				else:
+					print "failed"
+			except Exception, e:
+				print e
+				continue
+		cr.close()
+		return oldfnc(db, login, passwd)
+	return _ldap_login
+
+security.login = ldap_login(security.login)
+
+def ldap_check(oldfnc):
+	def _ldap_check(db, uid, passwd):
+		if security._uid_cache.has_key(uid) and (security._uid_cache[uid]==passwd):
+			return True
+		cr = pooler.get_db(db).cursor()
+		users_obj = pooler.get_pool(cr.dbname).get('res.users')
+		user = users_obj.browse(cr, 1, uid)
+		if user and user.company_id.ldap_server and user.company_id.ldap_binddn:
+			company = user.company_id
+			try:
+				l = ldap.open(company.ldap_server)
+				if l.simple_bind_s(company.ldap_binddn, company.ldap_password):
+					base = company['ldap_base']
+					scope = ldap.SCOPE_SUBTREE
+					filter = company['ldap_filter']%(user.login,)
+					retrieve_attributes = None
+					result_id = l.search(base, scope, filter, retrieve_attributes)
+					timeout = 60
+					result_type, result_data = l.result(result_id, timeout)
+					if result_data and result_type == ldap.RES_SEARCH_RESULT and len(result_data) == 1:
+						dn=result_data[0][0]
+						name=result_data[0][1]['cn']
+						if l.bind_s(dn, passwd):
+							security._uid_cache[uid] = passwd
+							cr.close()
+							return True
+			except Exception, e:
+				print e
+		cr.close()
+		return oldfnc(db, uid, passwd)
+	return _ldap_check
+
+security.check = ldap_check(security.check)
diff --git a/addons/users_ldap/users_ldap_view.xml b/addons/users_ldap/users_ldap_view.xml
new file mode 100644
index 00000000000..d8ce175bca1
--- /dev/null
+++ b/addons/users_ldap/users_ldap_view.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<terp>
+	<data>
+		<record model="ir.ui.view" id="company_form_view">
+			<field name="name">res.company.form.inherit.users_ldap</field>
+			<field name="model">res.company</field>
+			<field name="type">form</field>
+			<field name="inherit_id" ref="base.view_company_form"/>
+			<field name="arch" type="xml">
+				<field name="rml_footer2" position="after">
+					<field name="ldap_filter"/>
+					<field name="ldap_base"/>
+					<field name="ldap_password"/>
+					<field name="ldap_binddn"/>
+					<newline/>
+					<field name="ldap_server"/>
+					<newline/>
+				</field>
+			</field>
+		</record>
+	</data>
+</terp>