[IMP] modules: add support for loading module description from README.{md,rst,txt}
Showcase the feature by moving auth_ldap's description to README.rst (Manual rebase of PR #1759)
This commit is contained in:
parent
e049e56b3f
commit
ec0b770ed3
|
@ -0,0 +1,66 @@
|
||||||
|
Adds support for authentication by LDAP server.
|
||||||
|
===============================================
|
||||||
|
This module allows users to login with their LDAP username and password, and
|
||||||
|
will automatically create OpenERP users for them on the fly.
|
||||||
|
|
||||||
|
**Note:** This module only work on servers who have Python's ``ldap`` module installed.
|
||||||
|
|
||||||
|
Configuration:
|
||||||
|
--------------
|
||||||
|
After installing this module, you need to configure the LDAP parameters in the
|
||||||
|
Configuration tab of the Company details. Different companies may have different
|
||||||
|
LDAP servers, as long as they have unique usernames (usernames need to be unique
|
||||||
|
in OpenERP, even across multiple companies).
|
||||||
|
|
||||||
|
Anonymous LDAP binding is also supported (for LDAP servers that allow it), by
|
||||||
|
simply keeping the LDAP user and password empty in the LDAP configuration.
|
||||||
|
This does not allow anonymous authentication for users, it is only for the master
|
||||||
|
LDAP account that is used to verify if a user exists before attempting to
|
||||||
|
authenticate it.
|
||||||
|
|
||||||
|
Securing the connection with STARTTLS is available for LDAP servers supporting
|
||||||
|
it, by enabling the TLS option in the LDAP configuration.
|
||||||
|
|
||||||
|
For further options configuring the LDAP settings, refer to the ldap.conf
|
||||||
|
manpage: manpage:`ldap.conf(5)`.
|
||||||
|
|
||||||
|
Security Considerations:
|
||||||
|
------------------------
|
||||||
|
Users' LDAP passwords are never stored in the OpenERP database, the LDAP server
|
||||||
|
is queried whenever a user needs to be authenticated. No duplication of the
|
||||||
|
password occurs, and passwords are managed in one place only.
|
||||||
|
|
||||||
|
OpenERP does not manage password changes in the LDAP, so any change of password
|
||||||
|
should be conducted by other means in the LDAP directory directly (for LDAP users).
|
||||||
|
|
||||||
|
It is also possible to have local OpenERP users in the database along with
|
||||||
|
LDAP-authenticated users (the Administrator account is one obvious example).
|
||||||
|
|
||||||
|
Here is how it works:
|
||||||
|
---------------------
|
||||||
|
* The system first attempts to authenticate users against the local OpenERP
|
||||||
|
database;
|
||||||
|
* if this authentication fails (for example because the user has no local
|
||||||
|
password), the system then attempts to authenticate against LDAP;
|
||||||
|
|
||||||
|
As LDAP users have blank passwords by default in the local OpenERP database
|
||||||
|
(which means no access), the first step always fails and the LDAP server is
|
||||||
|
queried to do the authentication.
|
||||||
|
|
||||||
|
Enabling STARTTLS ensures that the authentication query to the LDAP server is
|
||||||
|
encrypted.
|
||||||
|
|
||||||
|
User Template:
|
||||||
|
--------------
|
||||||
|
In the LDAP configuration on the Company form, it is possible to select a *User
|
||||||
|
Template*. If set, this user will be used as template to create the local users
|
||||||
|
whenever someone authenticates for the first time via LDAP authentication. This
|
||||||
|
allows pre-setting the default groups and menus of the first-time users.
|
||||||
|
|
||||||
|
**Warning:** if you set a password for the user template, this password will be
|
||||||
|
assigned as local password for each new LDAP user, effectively setting
|
||||||
|
a *master password* for these users (until manually changed). You
|
||||||
|
usually do not want this. One easy way to setup a template user is to
|
||||||
|
login once with a valid LDAP user, let OpenERP create a blank local
|
||||||
|
user with the same login (and a blank password), then rename this new
|
||||||
|
user to a username that does not exist in LDAP, and setup its groups
|
|
@ -24,75 +24,7 @@
|
||||||
'depends' : ['base'],
|
'depends' : ['base'],
|
||||||
'images' : ['images/ldap_configuration.jpeg'],
|
'images' : ['images/ldap_configuration.jpeg'],
|
||||||
'author' : 'OpenERP SA',
|
'author' : 'OpenERP SA',
|
||||||
'description': """
|
#'description': < auto-loaded from README file
|
||||||
Adds support for authentication by LDAP server.
|
|
||||||
===============================================
|
|
||||||
This module allows users to login with their LDAP username and password, and
|
|
||||||
will automatically create OpenERP users for them on the fly.
|
|
||||||
|
|
||||||
**Note:** This module only work on servers who have Python's ``ldap`` module installed.
|
|
||||||
|
|
||||||
Configuration:
|
|
||||||
--------------
|
|
||||||
After installing this module, you need to configure the LDAP parameters in the
|
|
||||||
Configuration tab of the Company details. Different companies may have different
|
|
||||||
LDAP servers, as long as they have unique usernames (usernames need to be unique
|
|
||||||
in OpenERP, even across multiple companies).
|
|
||||||
|
|
||||||
Anonymous LDAP binding is also supported (for LDAP servers that allow it), by
|
|
||||||
simply keeping the LDAP user and password empty in the LDAP configuration.
|
|
||||||
This does not allow anonymous authentication for users, it is only for the master
|
|
||||||
LDAP account that is used to verify if a user exists before attempting to
|
|
||||||
authenticate it.
|
|
||||||
|
|
||||||
Securing the connection with STARTTLS is available for LDAP servers supporting
|
|
||||||
it, by enabling the TLS option in the LDAP configuration.
|
|
||||||
|
|
||||||
For further options configuring the LDAP settings, refer to the ldap.conf
|
|
||||||
manpage: manpage:`ldap.conf(5)`.
|
|
||||||
|
|
||||||
Security Considerations:
|
|
||||||
------------------------
|
|
||||||
Users' LDAP passwords are never stored in the OpenERP database, the LDAP server
|
|
||||||
is queried whenever a user needs to be authenticated. No duplication of the
|
|
||||||
password occurs, and passwords are managed in one place only.
|
|
||||||
|
|
||||||
OpenERP does not manage password changes in the LDAP, so any change of password
|
|
||||||
should be conducted by other means in the LDAP directory directly (for LDAP users).
|
|
||||||
|
|
||||||
It is also possible to have local OpenERP users in the database along with
|
|
||||||
LDAP-authenticated users (the Administrator account is one obvious example).
|
|
||||||
|
|
||||||
Here is how it works:
|
|
||||||
---------------------
|
|
||||||
* The system first attempts to authenticate users against the local OpenERP
|
|
||||||
database;
|
|
||||||
* if this authentication fails (for example because the user has no local
|
|
||||||
password), the system then attempts to authenticate against LDAP;
|
|
||||||
|
|
||||||
As LDAP users have blank passwords by default in the local OpenERP database
|
|
||||||
(which means no access), the first step always fails and the LDAP server is
|
|
||||||
queried to do the authentication.
|
|
||||||
|
|
||||||
Enabling STARTTLS ensures that the authentication query to the LDAP server is
|
|
||||||
encrypted.
|
|
||||||
|
|
||||||
User Template:
|
|
||||||
--------------
|
|
||||||
In the LDAP configuration on the Company form, it is possible to select a *User
|
|
||||||
Template*. If set, this user will be used as template to create the local users
|
|
||||||
whenever someone authenticates for the first time via LDAP authentication. This
|
|
||||||
allows pre-setting the default groups and menus of the first-time users.
|
|
||||||
|
|
||||||
**Warning:** if you set a password for the user template, this password will be
|
|
||||||
assigned as local password for each new LDAP user, effectively setting
|
|
||||||
a *master password* for these users (until manually changed). You
|
|
||||||
usually do not want this. One easy way to setup a template user is to
|
|
||||||
login once with a valid LDAP user, let OpenERP create a blank local
|
|
||||||
user with the same login (and a blank password), then rename this new
|
|
||||||
user to a username that does not exist in LDAP, and setup its groups
|
|
||||||
the way you want.
|
|
||||||
""",
|
|
||||||
'website' : 'https://www.odoo.com',
|
'website' : 'https://www.odoo.com',
|
||||||
'category' : 'Authentication',
|
'category' : 'Authentication',
|
||||||
'data' : [
|
'data' : [
|
||||||
|
@ -107,4 +39,3 @@ allows pre-setting the default groups and menus of the first-time users.
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||||
|
|
||||||
|
|
|
@ -39,6 +39,7 @@ import openerp.release as release
|
||||||
from openerp.tools.safe_eval import safe_eval as eval
|
from openerp.tools.safe_eval import safe_eval as eval
|
||||||
|
|
||||||
MANIFEST = '__openerp__.py'
|
MANIFEST = '__openerp__.py'
|
||||||
|
README = ['README.rst', 'README.md', 'README.txt']
|
||||||
|
|
||||||
_logger = logging.getLogger(__name__)
|
_logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -248,6 +249,13 @@ def load_information_from_description_file(module, mod_path=None):
|
||||||
finally:
|
finally:
|
||||||
f.close()
|
f.close()
|
||||||
|
|
||||||
|
if not info.get('description'):
|
||||||
|
readme_path = [opj(mod_path, x) for x in README
|
||||||
|
if os.path.isfile(opj(mod_path, x))]
|
||||||
|
if readme_path:
|
||||||
|
readme_text = tools.file_open(readme_path[0]).read()
|
||||||
|
info['description'] = readme_text
|
||||||
|
|
||||||
if 'active' in info:
|
if 'active' in info:
|
||||||
# 'active' has been renamed 'auto_install'
|
# 'active' has been renamed 'auto_install'
|
||||||
info['auto_install'] = info['active']
|
info['auto_install'] = info['active']
|
||||||
|
|
Loading…
Reference in New Issue