users_ldap: LDAP connection not flexible enough (e.g., SSL)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Addons (MOVED TO GITHUB) |
Confirmed
|
Wishlist
|
OpenERP R&D Addons Team 1 |
Bug Description
Only LDAP connections with TLS options are supported.
This makes it impossible to bind on a server that accepts SSL connections only.
users_ldap currently stores in res.company.ldap a host/port pair, which in turn forces it to generate the UIR from code (see the code extract below)
The best way to specify a connection would instead be to specify the URI. Otherwise we'll have to re-implement all the variations unthought of one by one, creating useless bloated code, bugs reports etc.
Some basic validation of the URI syntax would of course be welcomed.
Besides, having just one field is easier to update if there are many such lines (I have 3 different on the same server, for different user templates).
Code extract:
def connect(self, conf):
"""
Connect to an LDAP server specified by an ldap
:param dict conf: LDAP configuration
:return: an LDAP object
"""
uri = 'ldap://%s:%d' % (conf['
connection = ldap.initialize
if conf['ldap_tls']:
return connection
(seen on 6.1-1, 6.1 current HEAD and trunk)
I can of course contribute the direct URI implementation, if there is positive feedback about it, but I'm in immediate need of this, and a bit reluctant to maintain a fork for such a simple change if not convinced it has a chance to be merged one day. I'll solve my immediate problem with a custom addon for now.
description: | updated |
Changed in openobject-addons: | |
assignee: | nobody → OpenERP R&D Addons Team 1 (openerp-dev-addons1) |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
On Tuesday 03 July 2012, you wrote:
> Public bug reported:
>
> Only LDAP connections with TLS options are supported.
According to the Wikipedia, anything but TLS is now deprecated:
http:// en.wikipedia. org/wiki/ Ldap#Protocol_ overview
Quote:
> The use of LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was
> never standardized in any formal specification. This usage has been
> deprecated along with LDAPv2, which was officially retired in 2003.