mirror of
https://github.com/bringout/oca-server-auth.git
synced 2026-04-18 07:12:07 +02:00
50 lines
1.9 KiB
Python
50 lines
1.9 KiB
Python
# Copyright (C) Creu Blanca
|
|
# Copyright (C) 2018 Brainbean Apps
|
|
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl.html).
|
|
|
|
|
|
import logging
|
|
|
|
import ldap
|
|
|
|
from odoo import fields, models
|
|
|
|
_logger = logging.getLogger(__name__)
|
|
|
|
|
|
class CompanyLDAP(models.Model):
|
|
_inherit = "res.company.ldap"
|
|
_description = "Company LDAP configuration"
|
|
|
|
is_ssl = fields.Boolean(string="Use LDAPS", default=False)
|
|
skip_cert_validation = fields.Boolean(
|
|
string="Skip certificate validation", default=False
|
|
)
|
|
|
|
def _get_ldap_dicts(self):
|
|
res = super()._get_ldap_dicts()
|
|
for rec in res:
|
|
ldap = self.sudo().browse(rec["id"])
|
|
rec["is_ssl"] = ldap.is_ssl or False
|
|
rec["skip_cert_validation"] = ldap.skip_cert_validation or False
|
|
return res
|
|
|
|
def _connect(self, conf):
|
|
if conf["is_ssl"]:
|
|
uri = "ldaps://%s:%d" % (conf["ldap_server"], conf["ldap_server_port"])
|
|
connection = ldap.initialize(uri)
|
|
if conf["skip_cert_validation"]:
|
|
connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
|
|
# this creates a new tls context, which is required to apply
|
|
# the options, but it also clears the default options defined
|
|
# in the openldap's configuration file, such as the TLS_CACERT
|
|
# option, which specifies the file containing the trusted
|
|
# certificates. this causes certificate verification to fail,
|
|
# even if it would succeed with the default options. this is
|
|
# why this is only called if we want to skip certificate
|
|
# verification.
|
|
connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
|
|
if conf["ldap_tls"]:
|
|
connection.start_tls_s()
|
|
return connection
|
|
return super()._connect(conf)
|