| REPOSITORY | |
|---|---|
| REPOSITORY | odoo/odoo |
| GIT | |
| GIT | https://github.com/odoo/odoo.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/odoo/odoo/tree/6.1/users_ldap |
| VERSION | |
| VERSION | 1.0 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | LGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | OpenERP SA |
| MAINTAINERS | |
| MAINTAINERS | OpenERP SA |
| COMMITTERS | |
| COMMITTERS | Raphael Collet, Stephane Wirtel, Martin Trigaux, Fabien Pinckaers, Antony Lesuisse, Olivier Dony, Vo Minh Thu, Launchpad Translations on behalf of openerp, Quentin (OpenERP), Kuldeep Joshi (OpenERP), Jigar Amin - OpenERP, vro, Ian Beardslee, niv-openerp, Xavier Morel, Stefan Rijnhart, Carlos Vásquez, Els Van Vossel, Israel Fermin Montilla, mayur maheshwari (Open ERP), Hardik Ansodariy (OpenERP), rch-openerp |
| WEBSITE | |
| WEBSITE | http://www.openerp.com |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-05 23:41:35 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES |
python-ldap |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES | Not have |
| DESCRIPTION | |
| DESCRIPTION |
Adds support for authentication by LDAP server.
===============================================
This module allows users to login with their LDAP username and
password, and will automatically create OpenERP users for them
on the fly.
**Note**: This module only work on servers who have Python's
``ldap`` module installed.
Configuration
+++++++++++++
After installing this module, you need to configure the LDAP
parameters in the Configuration tab of the Company details.
Different companies may have different LDAP servers, as long
as they have unique usernames (usernames need to be unique in
OpenERP, even across multiple companies).
Anonymous LDAP binding is also supported (for LDAP servers
that allow it), by simpling keeping the LDAP user and password
empty in the LDAP configuration. This does **not** allow
anonymous authentication for users, it is only for the master
LDAP account that is used to verify if a user exists before
attempting to authenticate it.
Securing the connection with STARTTLS is available for LDAP
servers supporting it, by enabling the TLS option in the LDAP
configuration.
For further options configuring the LDAP settings, refer to the
ldap.conf manpage :manpage:`ldap.conf(5)`.
Security Considerations
+++++++++++++++++++++++
Users' LDAP passwords are never stored in the OpenERP database,
the LDAP server is queried whenever a user needs to be
authenticated. No duplication of the password occurs, and
passwords are managed in one place only.
OpenERP does not manage password changes in the LDAP, so
any change of password should be conducted by other means
in the LDAP directory directly (for LDAP users).
It is also possible to have local OpenERP users in the
database along with LDAP-authenticated users (the Administrator
account is one obvious example).
Here is how it works:
* The system first attempts to authenticate users against
the local OpenERP database ;
* if this authentication fails (for example because the
user has no local password), the system then attempts
to authenticate against LDAP ;
As LDAP users have blank passwords by default in the local
OpenERP database (which means no access), the first step
always fails and the LDAP server is queried to do the
authentication.
Enabling STARTTLS ensures that the authentication query to the
LDAP server is encrypted.
User Template
+++++++++++++
In the LDAP configuration on the Company form, it is possible to
select a *User Template*. If set, this user will be used as
template to create the local users whenever someone authenticates
for the first time via LDAP authentication.
This allows pre-setting the default groups and menus of the
first-time users.
**Warning**: if you set a password for the user template,
this password will be assigned as local password for each new
LDAP user, effectively setting a *master password* for these
users (until manually changed). You usually do not want this.
One easy way to setup a template user is to login once with
a valid LDAP user, let OpenERP create a blank local user with the
same login (and a blank password), then rename this new user
to a username that does not exist in LDAP, and setup its
groups the way you want.
Interaction with base_crypt
+++++++++++++++++++++++++++
The base_crypt module is not compatible with this module, and
will disable LDAP authentication if installed at the same time.
|
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
company_form_view |
res.company.form.inherit.users_ldap | res.company | xpath | Inherits base.view_company_form |
view_ldap_installer_form |
ldap.installer.form | res.company.ldap | form | New |
No models found for this module.