openerp-india team mailing list archive

[Georges Racinet <1020553@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Only LDAP connections with TLS options are supported.
This makes it impossible to bind on a server that accepts SSL connections only.
users_ldap currently stores in res.company.ldap a host/port pair, which in turn forces it to generate the UIR from code (see the code extract below)

The best way to specify a connection would instead be to specify the URI. Otherwise we'll have to re-implement all the variations unthought of one by one, creating useless bloated code, bugs reports etc.
Some basic validation of the URI syntax would of course be welcomed.

Besides, having just one field is easier to update if there are many
such lines (I have 3 different on the same server, for different user
templates).

Code extract:
    def connect(self, conf):
        """
        Connect to an LDAP server specified by an ldap
        configuration dictionary.

        :param dict conf: LDAP configuration
        :return: an LDAP object
        """

        uri = 'ldap://%s:%d' % (conf['ldap_server'],
                                conf['ldap_server_port'])

        connection = ldap.initialize(uri)
        if conf['ldap_tls']:
            connection.start_tls_s()
        return connection

(seen on 6.1-1, 6.1 current HEAD and trunk)

I can of course contribute the direct URI implementation, if there is
positive feedback about it, but I'm in immediate need of this, and a bit
reluctant to maintain a fork for such a simple change if not convinced
it has a chance to be merged one day. I'll solve my immediate problem
with a custom addon for now.

** Affects: openobject-addons
     Importance: Undecided
         Status: New

** Description changed:

  Only LDAP connections with TLS options are supported.
  This makes it impossible to bind on a server that accepts SSL connections only.
  users_ldap currently stores in res.company.ldap a host/port pair, which in turn forces it to generate the UIR from code (see the code extract below)
  
- The best way to specify a connection would instead be to specify the URI. Otherwise we'll have to re-implement all the variations unthought of one by one, creating useless bloated code, bugs reports etc. 
+ The best way to specify a connection would instead be to specify the URI. Otherwise we'll have to re-implement all the variations unthought of one by one, creating useless bloated code, bugs reports etc.
  Some basic validation of the URI syntax would of course be welcomed.
  
  Besides, having just one field is easier to update if there are many
  such lines (I have 3 different on the same server, for different user
- templates.
+ templates).
  
  Code extract:
-     def connect(self, conf):
-         """
-         Connect to an LDAP server specified by an ldap
-         configuration dictionary.
+     def connect(self, conf):
+         """
+         Connect to an LDAP server specified by an ldap
+         configuration dictionary.
  
-         :param dict conf: LDAP configuration
-         :return: an LDAP object
-         """
+         :param dict conf: LDAP configuration
+         :return: an LDAP object
+         """
  
-         uri = 'ldap://%s:%d' % (conf['ldap_server'],
-                                 conf['ldap_server_port'])
+         uri = 'ldap://%s:%d' % (conf['ldap_server'],
+                                 conf['ldap_server_port'])
  
-         connection = ldap.initialize(uri)
-         if conf['ldap_tls']:
-             connection.start_tls_s()
-         return connection
+         connection = ldap.initialize(uri)
+         if conf['ldap_tls']:
+             connection.start_tls_s()
+         return connection
  
  (seen on 6.1-1, 6.1 current HEAD and trunk)
  
- I can of course contribute the above if there is positive feedback on
- specifying the URI, but I'm in immediate need of this, and a bit
+ I can of course contribute the direct URI implementation, if there is
+ positive feedback about it, but I'm in immediate need of this, and a bit
  reluctant to maintain a fork for such a simple change if not convinced
  it has a chance to be merged one day. I'll solve my immediate problem
  with a custom addon for now.

-- 
You received this bug notification because you are a member of OpenERP
Indian Team, which is subscribed to OpenERP Addons.
https://bugs.launchpad.net/bugs/1020553

Title:
  users_ldap: LDAP connection not flexible enough (e.g., SSL)

Status in OpenERP Addons (modules):
  New

Bug description:
  Only LDAP connections with TLS options are supported.
  This makes it impossible to bind on a server that accepts SSL connections only.
  users_ldap currently stores in res.company.ldap a host/port pair, which in turn forces it to generate the UIR from code (see the code extract below)

  The best way to specify a connection would instead be to specify the URI. Otherwise we'll have to re-implement all the variations unthought of one by one, creating useless bloated code, bugs reports etc.
  Some basic validation of the URI syntax would of course be welcomed.

  Besides, having just one field is easier to update if there are many
  such lines (I have 3 different on the same server, for different user
  templates).

  Code extract:
      def connect(self, conf):
          """
          Connect to an LDAP server specified by an ldap
          configuration dictionary.

          :param dict conf: LDAP configuration
          :return: an LDAP object
          """

          uri = 'ldap://%s:%d' % (conf['ldap_server'],
                                  conf['ldap_server_port'])

          connection = ldap.initialize(uri)
          if conf['ldap_tls']:
              connection.start_tls_s()
          return connection

  (seen on 6.1-1, 6.1 current HEAD and trunk)

  I can of course contribute the direct URI implementation, if there is
  positive feedback about it, but I'm in immediate need of this, and a
  bit reluctant to maintain a fork for such a simple change if not
  convinced it has a chance to be merged one day. I'll solve my
  immediate problem with a custom addon for now.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-addons/+bug/1020553/+subscriptions