Initial commit: OCA Server Auth packages (29 packages)

2026-04-18 14:32:03 +02:00 · 2025-08-29 15:43:06 +02:00 · 2025-08-29 15:43:06 +02:00 · 3ed80311c4
commit 3ed80311c4
1325 changed files with 127292 additions and 0 deletions
--- a/odoo-bringout-oca-server-auth-auth_ldaps/auth_ldaps/models/init.py
+++ b/odoo-bringout-oca-server-auth-auth_ldaps/auth_ldaps/models/init.py
@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+
+from . import res_company_ldap
--- a/odoo-bringout-oca-server-auth-auth_ldaps/auth_ldaps/models/res_company_ldap.py
+++ b/odoo-bringout-oca-server-auth-auth_ldaps/auth_ldaps/models/res_company_ldap.py
@ -0,0 +1,50 @@
+# Copyright (C) Creu Blanca
+# Copyright (C) 2018 Brainbean Apps
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
+
+
+import logging
+
+import ldap
+
+from odoo import fields, models
+
+_logger = logging.getLogger(__name__)
+
+
+class CompanyLDAP(models.Model):
+    _inherit = "res.company.ldap"
+    _description = "Company LDAP configuration"
+
+    is_ssl = fields.Boolean(string="Use LDAPS", default=False)
+    skip_cert_validation = fields.Boolean(
+        string="Skip certificate validation", default=False
+    )
+
+    def _get_ldap_dicts(self):
+        res = super()._get_ldap_dicts()
+        for rec in res:
+            ldap = self.sudo().browse(rec["id"])
+            rec["is_ssl"] = ldap.is_ssl or False
+            rec["skip_cert_validation"] = ldap.skip_cert_validation or False
+        return res
+
+    def _connect(self, conf):
+        if conf["is_ssl"]:
+            uri = "ldaps://%s:%d" % (conf["ldap_server"], conf["ldap_server_port"])
+            connection = ldap.initialize(uri)
+            if conf["skip_cert_validation"]:
+                connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
+                # this creates a new tls context, which is required to apply
+                # the options, but it also clears the default options defined
+                # in the openldap's configuration file, such as the TLS_CACERT
+                # option, which specifies the file containing the trusted
+                # certificates. this causes certificate verification to fail,
+                # even if it would succeed with the default options. this is
+                # why this is only called if we want to skip certificate
+                # verification.
+                connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
+            if conf["ldap_tls"]:
+                connection.start_tls_s()
+            return connection
+        return super()._connect(conf)