diff --git a/addons/auth_ldap/README.rst b/addons/auth_ldap/README.rst new file mode 100644 index 00000000000..7d46633f439 --- /dev/null +++ b/addons/auth_ldap/README.rst @@ -0,0 +1,66 @@ +Adds support for authentication by LDAP server. +=============================================== +This module allows users to login with their LDAP username and password, and +will automatically create OpenERP users for them on the fly. + +**Note:** This module only work on servers who have Python's ``ldap`` module installed. + +Configuration: +-------------- +After installing this module, you need to configure the LDAP parameters in the +Configuration tab of the Company details. Different companies may have different +LDAP servers, as long as they have unique usernames (usernames need to be unique +in OpenERP, even across multiple companies). + +Anonymous LDAP binding is also supported (for LDAP servers that allow it), by +simply keeping the LDAP user and password empty in the LDAP configuration. +This does not allow anonymous authentication for users, it is only for the master +LDAP account that is used to verify if a user exists before attempting to +authenticate it. + +Securing the connection with STARTTLS is available for LDAP servers supporting +it, by enabling the TLS option in the LDAP configuration. + +For further options configuring the LDAP settings, refer to the ldap.conf +manpage: manpage:`ldap.conf(5)`. + +Security Considerations: +------------------------ +Users' LDAP passwords are never stored in the OpenERP database, the LDAP server +is queried whenever a user needs to be authenticated. No duplication of the +password occurs, and passwords are managed in one place only. + +OpenERP does not manage password changes in the LDAP, so any change of password +should be conducted by other means in the LDAP directory directly (for LDAP users). + +It is also possible to have local OpenERP users in the database along with +LDAP-authenticated users (the Administrator account is one obvious example). + +Here is how it works: +--------------------- + * The system first attempts to authenticate users against the local OpenERP + database; + * if this authentication fails (for example because the user has no local + password), the system then attempts to authenticate against LDAP; + +As LDAP users have blank passwords by default in the local OpenERP database +(which means no access), the first step always fails and the LDAP server is +queried to do the authentication. + +Enabling STARTTLS ensures that the authentication query to the LDAP server is +encrypted. + +User Template: +-------------- +In the LDAP configuration on the Company form, it is possible to select a *User +Template*. If set, this user will be used as template to create the local users +whenever someone authenticates for the first time via LDAP authentication. This +allows pre-setting the default groups and menus of the first-time users. + +**Warning:** if you set a password for the user template, this password will be + assigned as local password for each new LDAP user, effectively setting + a *master password* for these users (until manually changed). You + usually do not want this. One easy way to setup a template user is to + login once with a valid LDAP user, let OpenERP create a blank local + user with the same login (and a blank password), then rename this new + user to a username that does not exist in LDAP, and setup its groups diff --git a/addons/auth_ldap/__openerp__.py b/addons/auth_ldap/__openerp__.py index 16c59617c79..256ef50cb7d 100644 --- a/addons/auth_ldap/__openerp__.py +++ b/addons/auth_ldap/__openerp__.py @@ -24,75 +24,7 @@ 'depends' : ['base'], 'images' : ['images/ldap_configuration.jpeg'], 'author' : 'OpenERP SA', - 'description': """ -Adds support for authentication by LDAP server. -=============================================== -This module allows users to login with their LDAP username and password, and -will automatically create OpenERP users for them on the fly. - -**Note:** This module only work on servers who have Python's ``ldap`` module installed. - -Configuration: --------------- -After installing this module, you need to configure the LDAP parameters in the -Configuration tab of the Company details. Different companies may have different -LDAP servers, as long as they have unique usernames (usernames need to be unique -in OpenERP, even across multiple companies). - -Anonymous LDAP binding is also supported (for LDAP servers that allow it), by -simply keeping the LDAP user and password empty in the LDAP configuration. -This does not allow anonymous authentication for users, it is only for the master -LDAP account that is used to verify if a user exists before attempting to -authenticate it. - -Securing the connection with STARTTLS is available for LDAP servers supporting -it, by enabling the TLS option in the LDAP configuration. - -For further options configuring the LDAP settings, refer to the ldap.conf -manpage: manpage:`ldap.conf(5)`. - -Security Considerations: ------------------------- -Users' LDAP passwords are never stored in the OpenERP database, the LDAP server -is queried whenever a user needs to be authenticated. No duplication of the -password occurs, and passwords are managed in one place only. - -OpenERP does not manage password changes in the LDAP, so any change of password -should be conducted by other means in the LDAP directory directly (for LDAP users). - -It is also possible to have local OpenERP users in the database along with -LDAP-authenticated users (the Administrator account is one obvious example). - -Here is how it works: ---------------------- - * The system first attempts to authenticate users against the local OpenERP - database; - * if this authentication fails (for example because the user has no local - password), the system then attempts to authenticate against LDAP; - -As LDAP users have blank passwords by default in the local OpenERP database -(which means no access), the first step always fails and the LDAP server is -queried to do the authentication. - -Enabling STARTTLS ensures that the authentication query to the LDAP server is -encrypted. - -User Template: --------------- -In the LDAP configuration on the Company form, it is possible to select a *User -Template*. If set, this user will be used as template to create the local users -whenever someone authenticates for the first time via LDAP authentication. This -allows pre-setting the default groups and menus of the first-time users. - -**Warning:** if you set a password for the user template, this password will be - assigned as local password for each new LDAP user, effectively setting - a *master password* for these users (until manually changed). You - usually do not want this. One easy way to setup a template user is to - login once with a valid LDAP user, let OpenERP create a blank local - user with the same login (and a blank password), then rename this new - user to a username that does not exist in LDAP, and setup its groups - the way you want. - """, + #'description': < auto-loaded from README file 'website' : 'https://www.odoo.com', 'category' : 'Authentication', 'data' : [ @@ -107,4 +39,3 @@ allows pre-setting the default groups and menus of the first-time users. } } # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: - diff --git a/openerp/modules/module.py b/openerp/modules/module.py index 368ee43beb8..b9a77f5f7f3 100644 --- a/openerp/modules/module.py +++ b/openerp/modules/module.py @@ -39,6 +39,7 @@ import openerp.release as release from openerp.tools.safe_eval import safe_eval as eval MANIFEST = '__openerp__.py' +README = ['README.rst', 'README.md', 'README.txt'] _logger = logging.getLogger(__name__) @@ -248,6 +249,13 @@ def load_information_from_description_file(module, mod_path=None): finally: f.close() + if not info.get('description'): + readme_path = [opj(mod_path, x) for x in README + if os.path.isfile(opj(mod_path, x))] + if readme_path: + readme_text = tools.file_open(readme_path[0]).read() + info['description'] = readme_text + if 'active' in info: # 'active' has been renamed 'auto_install' info['auto_install'] = info['active']