[tryton-debian-vcs] tryton-modules-ldap-authentication branch upstream updated. upstream/4.0.1-1-g8dfb7b7
Mathias Behrle
tryton-debian-vcs at alioth.debian.org
Tue Dec 6 15:58:59 UTC 2016
The following commit has been merged in the upstream branch:
https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi/?p=tryton/tryton-modules-ldap-authentication.git;a=commitdiff;h=upstream/4.0.1-1-g8dfb7b7
commit 8dfb7b7c08eef89ad29c519f0f0360f01025e1c2
Author: Mathias Behrle <mathiasb at m9s.biz>
Date: Mon Dec 5 09:34:29 2016 +0100
Adding upstream version 4.2.0.
Signed-off-by: Mathias Behrle <mathiasb at m9s.biz>
diff --git a/CHANGELOG b/CHANGELOG
index 5d97560..4ce618f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,7 @@
-Version 4.0.1 - 2016-05-11
+Version 4.2.0 - 2016-11-28
* Bug fixes (see mercurial logs for details)
+* Add Python3 support
+* Switch to ldap3
Version 4.0.0 - 2016-05-02
* Bug fixes (see mercurial logs for details)
diff --git a/INSTALL b/INSTALL
index f49e587..bedec31 100644
--- a/INSTALL
+++ b/INSTALL
@@ -23,7 +23,7 @@ site-packages directory on your system.
For advanced options, please refer to the easy_install and/or the distutils
documentation:
- http://peak.telecommunity.com/DevCenter/EasyInstall
+ http://setuptools.readthedocs.io/en/latest/easy_install.html
http://docs.python.org/inst/inst.html
To use without installation, extract the archive into ``trytond/modules`` with
diff --git a/PKG-INFO b/PKG-INFO
index 112c748..2ec753b 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,12 +1,12 @@
Metadata-Version: 1.1
Name: trytond_ldap_authentication
-Version: 4.0.1
+Version: 4.2.0
Summary: Tryton module to authenticate users through LDAP
Home-page: http://www.tryton.org/
Author: Tryton
Author-email: issue_tracker at tryton.org
License: GPL-3
-Download-URL: http://downloads.tryton.org/4.0/
+Download-URL: http://downloads.tryton.org/4.2/
Description: trytond_ldap_authentication
===========================
@@ -62,11 +62,17 @@ Classifier: Natural Language :: French
Classifier: Natural Language :: German
Classifier: Natural Language :: Hungarian
Classifier: Natural Language :: Italian
+Classifier: Natural Language :: Polish
Classifier: Natural Language :: Portuguese (Brazilian)
Classifier: Natural Language :: Russian
Classifier: Natural Language :: Slovenian
Classifier: Natural Language :: Spanish
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Office/Business
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP
diff --git a/doc/index.rst b/doc/index.rst
index f5c48a7..c5abfec 100644
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -6,6 +6,9 @@ The LDAP authentication module allows to authenticate users via a LDAP server.
The configuration of the LDAP connection is set in the `ldap_authentication`
section.
+To be activated, the `ldap` method must be added to the `authentications`
+methods list of the `session` section of the configuration.
+
Configuration
*************
diff --git a/locale/bg_BG.po b/locale/bg.po
similarity index 100%
copy from locale/bg_BG.po
copy to locale/bg.po
diff --git a/locale/ca_ES.po b/locale/ca.po
similarity index 100%
rename from locale/ca_ES.po
rename to locale/ca.po
diff --git a/locale/cs_CZ.po b/locale/cs.po
similarity index 100%
rename from locale/cs_CZ.po
rename to locale/cs.po
diff --git a/locale/de_DE.po b/locale/de.po
similarity index 100%
rename from locale/de_DE.po
rename to locale/de.po
diff --git a/locale/es_ES.po b/locale/es.po
similarity index 100%
rename from locale/es_ES.po
rename to locale/es.po
diff --git a/locale/es_MX.po b/locale/es_419.po
similarity index 70%
rename from locale/es_MX.po
rename to locale/es_419.po
index e2c2606..7690ee3 100644
--- a/locale/es_MX.po
+++ b/locale/es_419.po
@@ -4,4 +4,4 @@ msgstr "Content-Type: text/plain; charset=utf-8\n"
msgctxt "error:res.user:"
msgid "You can not set the password of ldap user \"%s\"."
-msgstr "No puede cambiar la contraseña del usuario \"%s\" de LDAP."
+msgstr "No puede definit la contraseña del usuario \"%s\" de LDAP."
diff --git a/locale/es_AR.po b/locale/es_AR.po
deleted file mode 100644
index fea3d1d..0000000
--- a/locale/es_AR.po
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-msgid ""
-msgstr "Content-Type: text/plain; charset=utf-8\n"
-
-msgctxt "error:res.user:"
-msgid "You can not set the password of ldap user \"%s\"."
-msgstr "No puede establecer la contraseña del usuario LDAP «%s»."
diff --git a/locale/es_CO.po b/locale/es_CO.po
deleted file mode 100644
index 3ca3fe7..0000000
--- a/locale/es_CO.po
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-msgid ""
-msgstr "Content-Type: text/plain; charset=utf-8\n"
-
-msgctxt "error:res.user:"
-msgid "You can not set the password of ldap user \"%s\"."
-msgstr "No puede fijar la contraseña del usuario ldap \"%s\"."
diff --git a/locale/es_EC.po b/locale/es_EC.po
deleted file mode 100644
index 2ad3b17..0000000
--- a/locale/es_EC.po
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-msgid ""
-msgstr "Content-Type: text/plain; charset=utf-8\n"
-
-msgctxt "error:res.user:"
-msgid "You can not set the password of ldap user \"%s\"."
-msgstr "No puede establecer la contraseña del usuario LDAP \"%s\"."
diff --git a/locale/fr_FR.po b/locale/fr.po
similarity index 100%
rename from locale/fr_FR.po
rename to locale/fr.po
diff --git a/locale/it_IT.po b/locale/it_IT.po
index a28cfa2..6d34a34 100644
--- a/locale/it_IT.po
+++ b/locale/it_IT.po
@@ -4,4 +4,4 @@ msgstr "Content-Type: text/plain; charset=utf-8\n"
msgctxt "error:res.user:"
msgid "You can not set the password of ldap user \"%s\"."
-msgstr ""
+msgstr "password non impostabile per l'utente ldap \"%s\"."
diff --git a/locale/lo_LA.po b/locale/lo.po
similarity index 100%
rename from locale/lo_LA.po
rename to locale/lo.po
diff --git a/locale/lt_LT.po b/locale/lt.po
similarity index 100%
rename from locale/lt_LT.po
rename to locale/lt.po
diff --git a/locale/nl_NL.po b/locale/nl.po
similarity index 100%
rename from locale/nl_NL.po
rename to locale/nl.po
diff --git a/locale/ru_RU.po b/locale/pl.po
similarity index 100%
rename from locale/ru_RU.po
rename to locale/pl.po
diff --git a/locale/bg_BG.po b/locale/ru.po
similarity index 100%
rename from locale/bg_BG.po
rename to locale/ru.po
diff --git a/locale/sl_SI.po b/locale/sl.po
similarity index 100%
rename from locale/sl_SI.po
rename to locale/sl.po
diff --git a/res.py b/res.py
index 21dff2c..4e6a3f9 100644
--- a/res.py
+++ b/res.py
@@ -3,20 +3,20 @@
import logging
import urlparse
-import ldap
+import ldap3
from trytond.transaction import Transaction
-from trytond.pool import Pool, PoolMeta
+from trytond.pool import PoolMeta
from trytond.config import config, parse_uri
+from trytond.exceptions import LoginException
__all__ = ['User']
-__metaclass__ = PoolMeta
logger = logging.getLogger(__name__)
section = 'ldap_authentication'
# Old version of urlparse doesn't parse query for ldap
# see http://bugs.python.org/issue9374
-if hasattr(urlparse, 'uses_query') and 'ldap' not in urlparse.uses_query:
+if 'ldap' not in urlparse.uses_query:
urlparse.uses_query.append('ldap')
@@ -33,7 +33,7 @@ def parse_ldap_url(uri):
extensions)
-def ldap_connection():
+def ldap_server():
uri = config.get(section, 'uri')
if not uri:
return
@@ -42,30 +42,12 @@ def ldap_connection():
scheme, port = 'ldaps', 636
else:
scheme, port = 'ldap', 389
- conn = ldap.initialize('%s://%s:%s/' % (
+ return ldap3.Server('%s://%s:%s' % (
scheme, uri.hostname, uri.port or port))
- if config.getboolean(section, 'active_directory', default=False):
- conn.set_option(ldap.OPT_REFERRALS, 0)
- if 'tls' in uri.scheme:
- conn.start_tls_s()
-
- bindname, = extensions.get('bindname', [None])
- if not bindname:
- bindname, = extensions.get('!bindname', [None])
- if bindname:
- # XXX find better way to get the password
- conn.simple_bind_s(bindname, config.get(section, 'bind_pass'))
- return conn
-
-
-# python-ldap works only with str
-def unicode2str(param):
- if isinstance(param, unicode):
- param = param.encode('utf-8')
- return param
class User:
+ __metaclass__ = PoolMeta
__name__ = 'res.user'
@classmethod
@@ -77,44 +59,53 @@ class User:
})
@staticmethod
- def ldap_search_user(login, con, attrs=None):
+ def ldap_search_user(login, server, attrs=None):
'''
Return the result of a ldap search for the login using the ldap
- connection con based on connection.
+ server.
The attributes values defined in attrs will be return.
'''
- _, dn, _, scope, filter_, _ = parse_ldap_url(
+ _, dn, _, scope, filter_, extensions = parse_ldap_url(
config.get(section, 'uri'))
scope = {
- 'base': ldap.SCOPE_BASE,
- 'onelevel': ldap.SCOPE_ONELEVEL,
- 'subtree': ldap.SCOPE_SUBTREE,
- }.get(scope)
+ 'base': ldap3.BASE,
+ 'onelevel': ldap3.LEVEL,
+ 'subtree': ldap3.SUBTREE,
+ }[scope]
uid = config.get(section, 'uid', default='uid')
if filter_:
- filter_ = '(&(%s=%s)%s)' % (uid, unicode2str(login), filter_)
+ filter_ = '(&(%s=%s)%s)' % (uid, login, filter_)
else:
- filter_ = '(%s=%s)' % (uid, unicode2str(login))
-
- result = con.search_s(dn, scope, filter_, attrs)
- if config.get(section, 'active_directory'):
- result = [x for x in result if x[0]]
- if result and len(result) > 1:
- logger.info('ldap_search_user found more than 1 user')
- return result
+ filter_ = '(%s=%s)' % (uid, login)
+
+ bindpass = None
+ bindname, = extensions.get('bindname', [None])
+ if not bindname:
+ bindname, = extensions.get('!bindname', [None])
+ if bindname:
+ # XXX find better way to get the password
+ bindpass = config.get(section, 'bind_pass')
+
+ with ldap3.Connection(server, bindname, bindpass) as con:
+ con.search(dn, filter_, search_scope=scope, attributes=attrs)
+ result = con.entries
+ if result and len(result) > 1:
+ logger.info('ldap_search_user found more than 1 user')
+ return [(e.entry_get_dn(), e.entry_get_attributes_dict())
+ for e in result]
@classmethod
def _check_passwd_ldap_user(cls, logins):
find = False
try:
- con = ldap_connection()
- if not con:
+ server = ldap_server()
+ if not server:
return
for login in logins:
- if cls.ldap_search_user(login, con, attrs=[]):
+ if cls.ldap_search_user(login, server, attrs=[]):
find = True
break
- except ldap.LDAPError:
+ except ldap3.LDAPException:
logger.error('LDAPError when checking password', exc_info=True)
if find:
cls.raise_user_error('set_passwd_ldap_user', (login,))
@@ -140,47 +131,53 @@ class User:
super(User, cls).write(*args)
@classmethod
- def set_preferences(cls, values, old_password=False):
+ def set_preferences(cls, values, parameters):
if 'password' in values:
+ if 'password' not in parameters:
+ msg = cls.fields_get(['password'])['password']['string']
+ raise LoginException('password', msg, type='password')
+ old_password = parameters['password']
try:
- con = ldap_connection()
- if con:
+ server = ldap_server()
+ if server:
user = cls(Transaction().user)
uid = config.get(section, 'uid', default='uid')
- users = cls.ldap_search_user(user.login, con, attrs=[uid])
+ users = cls.ldap_search_user(
+ user.login, server, attrs=[uid])
if users and len(users) == 1:
[(dn, attrs)] = users
- if con.simple_bind_s(dn, unicode2str(old_password)):
- con.passwd_s(
- dn, unicode2str(old_password),
- unicode2str(values['password']))
+ con = ldap3.Connection(server, dn, old_password)
+ if con.bind():
+ con.extend.standard.modify_password(
+ dn, old_password, values['password'])
values = values.copy()
del values['password']
else:
cls.raise_user_error('wrong_password')
- except ldap.LDAPError:
+ except ldap3.LDAPException:
logger.error('LDAPError when setting preferences',
exc_info=True)
super(User, cls).set_preferences(values, old_password=old_password)
@classmethod
- def get_login(cls, login, password):
- pool = Pool()
- LoginAttempt = pool.get('res.user.login.attempt')
+ def _login_ldap(cls, login, parameters):
+ if 'password' not in parameters:
+ msg = cls.fields_get(['password'])['password']['string']
+ raise LoginException('password', msg, type='password')
+ password = parameters['password']
try:
- con = ldap_connection()
- if con:
+ server = ldap_server()
+ if server:
uid = config.get(section, 'uid', default='uid')
- users = cls.ldap_search_user(login, con, attrs=[uid])
+ users = cls.ldap_search_user(login, server, attrs=[uid])
if users and len(users) == 1:
[(dn, attrs)] = users
- if (password
- and con.simple_bind_s(dn, unicode2str(password))):
+ con = ldap3.Connection(server, dn, password)
+ if (password and con.bind()):
# Use ldap uid so we always get the right case
login = attrs.get(uid, [login])[0]
user_id, _ = cls._get_login(login)
if user_id:
- LoginAttempt.remove(login)
return user_id
elif config.getboolean(section, 'create_user'):
user, = cls.create([{
@@ -188,6 +185,5 @@ class User:
'login': login,
}])
return user.id
- except ldap.LDAPError:
+ except ldap3.LDAPException:
logger.error('LDAPError when login', exc_info=True)
- return super(User, cls).get_login(login, password)
diff --git a/setup.py b/setup.py
index c09cd96..b65bc07 100644
--- a/setup.py
+++ b/setup.py
@@ -5,11 +5,17 @@
from setuptools import setup
import re
import os
-import ConfigParser
+import io
+try:
+ from configparser import ConfigParser
+except ImportError:
+ from ConfigParser import ConfigParser
def read(fname):
- return open(os.path.join(os.path.dirname(__file__), fname)).read()
+ return io.open(
+ os.path.join(os.path.dirname(__file__), fname),
+ 'r', encoding='utf-8').read()
def get_require_version(name):
@@ -21,7 +27,7 @@ def get_require_version(name):
major_version, minor_version + 1)
return require
-config = ConfigParser.ConfigParser()
+config = ConfigParser()
config.readfp(open('tryton.cfg'))
info = dict(config.items('tryton'))
for key in ('depends', 'extras_depend', 'xml'):
@@ -41,7 +47,7 @@ if minor_version % 2:
'hg+http://hg.tryton.org/modules/%s#egg=%s-%s' % (
name[8:], name, version))
-requires = ['python-ldap']
+requires = ['ldap3']
for dep in info.get('depends', []):
if not re.match(r'(ir|res)(\W|$)', dep):
requires.append(get_require_version('trytond_%s' % dep))
@@ -85,12 +91,18 @@ setup(name=name,
'Natural Language :: German',
'Natural Language :: Hungarian',
'Natural Language :: Italian',
+ 'Natural Language :: Polish',
'Natural Language :: Portuguese (Brazilian)',
'Natural Language :: Russian',
'Natural Language :: Slovenian',
'Natural Language :: Spanish',
'Operating System :: OS Independent',
'Programming Language :: Python :: 2.7',
+ 'Programming Language :: Python :: 3.3',
+ 'Programming Language :: Python :: 3.4',
+ 'Programming Language :: Python :: 3.5',
+ 'Programming Language :: Python :: Implementation :: CPython',
+ 'Programming Language :: Python :: Implementation :: PyPy',
'Topic :: Office/Business',
('Topic :: System :: Systems Administration '
':: Authentication/Directory :: LDAP'),
@@ -105,4 +117,5 @@ setup(name=name,
test_suite='tests',
test_loader='trytond.test_loader:Loader',
tests_require=tests_require,
+ use_2to3=True,
)
diff --git a/tests/test_ldap_authentication.py b/tests/test_ldap_authentication.py
index 740b7ed..cce1459 100644
--- a/tests/test_ldap_authentication.py
+++ b/tests/test_ldap_authentication.py
@@ -2,8 +2,8 @@
# this repository contains the full copyright notices and license terms.
import unittest
-from mock import patch
-import ldap
+from mock import patch, ANY
+import ldap3
import trytond.tests.test_tryton
from trytond.tests.test_tryton import ModuleTestCase, with_transaction
@@ -21,11 +21,12 @@ class LDAPAuthenticationTestCase(ModuleTestCase):
def setUp(self):
super(LDAPAuthenticationTestCase, self).setUp()
+ methods = config.get('session', 'authentications')
+ config.set('session', 'authentications', 'ldap')
+ self.addCleanup(config.set, 'session', 'authentications', methods)
config.add_section(section)
config.set(section, 'uri', 'ldap://localhost/dc=tryton,dc=org')
-
- def tearDown(self):
- config.remove_section(section)
+ self.addCleanup(config.remove_section, section)
@with_transaction()
def test_user_get_login(self):
@@ -33,20 +34,24 @@ class LDAPAuthenticationTestCase(ModuleTestCase):
pool = Pool()
User = pool.get('res.user')
- @patch.object(ldap, 'initialize')
+ @patch.object(ldap3, 'Connection')
@patch.object(User, 'ldap_search_user')
- def get_login(login, password, find, ldap_search_user, initialize):
- con = initialize.return_value
- con.simple_bind_s.return_value = True
+ def get_login(login, password, find, ldap_search_user, Connection):
+ con = Connection.return_value
+ con.bind.return_value = bool(find)
if find:
ldap_search_user.return_value = [('dn', {'uid': [find]})]
else:
ldap_search_user.return_value = None
- return User.get_login(login, password)
+ user_id = User.get_login(login, {
+ 'password': password,
+ })
+ if find:
+ Connection.assert_called_with(ANY, ANY, password)
+ return user_id
# Test existing user
user, = User.search([('login', '=', 'admin')])
- self.assertEqual(get_login('admin', 'admin', None), user.id)
self.assertEqual(get_login('admin', 'admin', 'admin'), user.id)
self.assertEqual(get_login('AdMiN', 'admin', 'admin'), user.id)
diff --git a/tryton.cfg b/tryton.cfg
index e6a46b1..45de99f 100644
--- a/tryton.cfg
+++ b/tryton.cfg
@@ -1,5 +1,5 @@
[tryton]
-version=4.0.1
+version=4.2.0
depends:
ir
res
diff --git a/trytond_ldap_authentication.egg-info/PKG-INFO b/trytond_ldap_authentication.egg-info/PKG-INFO
index ae7129d..f85b027 100644
--- a/trytond_ldap_authentication.egg-info/PKG-INFO
+++ b/trytond_ldap_authentication.egg-info/PKG-INFO
@@ -1,12 +1,12 @@
Metadata-Version: 1.1
Name: trytond-ldap-authentication
-Version: 4.0.1
+Version: 4.2.0
Summary: Tryton module to authenticate users through LDAP
Home-page: http://www.tryton.org/
Author: Tryton
Author-email: issue_tracker at tryton.org
License: GPL-3
-Download-URL: http://downloads.tryton.org/4.0/
+Download-URL: http://downloads.tryton.org/4.2/
Description: trytond_ldap_authentication
===========================
@@ -62,11 +62,17 @@ Classifier: Natural Language :: French
Classifier: Natural Language :: German
Classifier: Natural Language :: Hungarian
Classifier: Natural Language :: Italian
+Classifier: Natural Language :: Polish
Classifier: Natural Language :: Portuguese (Brazilian)
Classifier: Natural Language :: Russian
Classifier: Natural Language :: Slovenian
Classifier: Natural Language :: Spanish
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 2.7
+Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
+Classifier: Programming Language :: Python :: Implementation :: CPython
+Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Office/Business
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP
diff --git a/trytond_ldap_authentication.egg-info/SOURCES.txt b/trytond_ldap_authentication.egg-info/SOURCES.txt
index c31a8a6..2aa2970 100644
--- a/trytond_ldap_authentication.egg-info/SOURCES.txt
+++ b/trytond_ldap_authentication.egg-info/SOURCES.txt
@@ -9,48 +9,44 @@ tryton.cfg
./__init__.py
./res.py
./tryton.cfg
-./locale/bg_BG.po
-./locale/ca_ES.po
-./locale/cs_CZ.po
-./locale/de_DE.po
-./locale/es_AR.po
-./locale/es_CO.po
-./locale/es_EC.po
-./locale/es_ES.po
-./locale/es_MX.po
-./locale/fr_FR.po
+./locale/bg.po
+./locale/ca.po
+./locale/cs.po
+./locale/de.po
+./locale/es.po
+./locale/es_419.po
+./locale/fr.po
./locale/hu_HU.po
./locale/it_IT.po
./locale/ja_JP.po
-./locale/lo_LA.po
-./locale/lt_LT.po
-./locale/nl_NL.po
+./locale/lo.po
+./locale/lt.po
+./locale/nl.po
+./locale/pl.po
./locale/pt_BR.po
-./locale/ru_RU.po
-./locale/sl_SI.po
+./locale/ru.po
+./locale/sl.po
./locale/zh_CN.po
./tests/__init__.py
./tests/test_ldap_authentication.py
doc/index.rst
-locale/bg_BG.po
-locale/ca_ES.po
-locale/cs_CZ.po
-locale/de_DE.po
-locale/es_AR.po
-locale/es_CO.po
-locale/es_EC.po
-locale/es_ES.po
-locale/es_MX.po
-locale/fr_FR.po
+locale/bg.po
+locale/ca.po
+locale/cs.po
+locale/de.po
+locale/es.po
+locale/es_419.po
+locale/fr.po
locale/hu_HU.po
locale/it_IT.po
locale/ja_JP.po
-locale/lo_LA.po
-locale/lt_LT.po
-locale/nl_NL.po
+locale/lo.po
+locale/lt.po
+locale/nl.po
+locale/pl.po
locale/pt_BR.po
-locale/ru_RU.po
-locale/sl_SI.po
+locale/ru.po
+locale/sl.po
locale/zh_CN.po
trytond_ldap_authentication.egg-info/PKG-INFO
trytond_ldap_authentication.egg-info/SOURCES.txt
diff --git a/trytond_ldap_authentication.egg-info/requires.txt b/trytond_ldap_authentication.egg-info/requires.txt
index 39ad98e..5dc1bcb 100644
--- a/trytond_ldap_authentication.egg-info/requires.txt
+++ b/trytond_ldap_authentication.egg-info/requires.txt
@@ -1,2 +1,2 @@
-python-ldap
-trytond >= 4.0, < 4.1
+ldap3
+trytond >= 4.2, < 4.3
--
tryton-modules-ldap-authentication
More information about the tryton-debian-vcs
mailing list