This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

This module allows users to login with their LDAP username and password, and will automatically create OpenERP users for them on the fly.

Note: This module only work on servers who have Python’s ldap module installed.

Configuration:

After installing this module, you need to configure the LDAP parameters in the Configuration tab of the Company details. Different companies may have different LDAP servers, as long as they have unique usernames (usernames need to be unique in OpenERP, even across multiple companies).

Anonymous LDAP binding is also supported (for LDAP servers that allow it), by simply keeping the LDAP user and password empty in the LDAP configuration. This does not allow anonymous authentication for users, it is only for the master LDAP account that is used to verify if a user exists before attempting to authenticate it.

Securing the connection with STARTTLS is available for LDAP servers supporting it, by enabling the TLS option in the LDAP configuration.

For further options configuring the LDAP settings, refer to the ldap.conf manpage: manpage:ldap.conf(5).

Security Considerations:

Users’ LDAP passwords are never stored in the OpenERP database, the LDAP server is queried whenever a user needs to be authenticated. No duplication of the password occurs, and passwords are managed in one place only.

OpenERP does not manage password changes in the LDAP, so any change of password should be conducted by other means in the LDAP directory directly (for LDAP users).

It is also possible to have local OpenERP users in the database along with LDAP-authenticated users (the Administrator account is one obvious example).

Here is how it works:

  • The system first attempts to authenticate users against the local OpenERP database;
  • if this authentication fails (for example because the user has no local password), the system then attempts to authenticate against LDAP;

As LDAP users have blank passwords by default in the local OpenERP database (which means no access), the first step always fails and the LDAP server is queried to do the authentication.

Enabling STARTTLS ensures that the authentication query to the LDAP server is encrypted.

User Template:

In the LDAP configuration on the Company form, it is possible to select a User Template. If set, this user will be used as template to create the local users whenever someone authenticates for the first time via LDAP authentication. This allows pre-setting the default groups and menus of the first-time users.

Warning: if you set a password for the user template, this password will be
assigned as local password for each new LDAP user, effectively setting a master password for these users (until manually changed). You usually do not want this. One easy way to setup a template user is to login once with a valid LDAP user, let OpenERP create a blank local user with the same login (and a blank password), then rename this new user to a username that does not exist in LDAP, and setup its groups the way you want.
Release History

Release History

7.0.406

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

7.0.355

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
openerp-auth-ldap-7.0.406.tar.gz (67.9 kB) Copy SHA256 Checksum SHA256 Source Feb 9, 2014

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting