| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 1141 |
| Technical Name |
lse_ldaps_tls |
| License | OPL-1 |
| Website | https://lumanet.info |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 1141 |
| Technical Name |
lse_ldaps_tls |
| License | OPL-1 |
| Website | https://lumanet.info |
LSE Enterprise LDAPS
TLS 1.3-only LDAP authentication - WolfSSL hardened, PCI DSS compliant, no fallback, no exceptions
What it does
LSE Enterprise LDAPS replaces Odoo's built-in LDAP authentication with a hardened implementation that enforces TLS 1.3 only - no fallback, no legacy protocols, no exceptions.
Built for enterprises running OpenLDAP 2.6+ or Active Directory where PCI DSS, ISO 27001, or internal security policy mandates encrypted directory access on port 636.
Key Features
- Native LDAPS on port 636 - replaces plain LDAP entirely
- TLS 1.3 enforced via WolfSSL - no TLS 1.0/1.1/1.2 fallback
- Argon2 password hashing for LDAP-authenticated users
- OpenLDAP 2.6+ and Active Directory compatible
- Group-to-role mapping (LDAP groups â Odoo internal groups)
- OU-based user filtering
- Let's Encrypt certificate support
- Enterprise-grade authentication audit logging
- PCI DSS & ISO 27001 audit-ready configuration
- License-enforced via LSE License Agent
Configuration & Settings
🔒 TLS 1.3 Only
Every connection to your LDAP directory is encrypted with TLS 1.3 via WolfSSL. Unencrypted or downgraded connections are refused at the socket level - not just warned about.
✅ PCI DSS Ready
Satisfies PCI DSS v4.0 requirement 8.3.2 (strong cryptography for authentication) and 2.2.7 (all non-console admin access encrypted). Audit evidence available on request.
🔓 Argon2 Hashing
LDAP-authenticated users have their credentials protected with Argon2 hashing - the winner of the Password Hashing Competition, resistant to GPU and side-channel attacks.
🔧 Requirements
- Odoo 19 Community or Enterprise
- OpenLDAP 2.6+ or Active Directory with port 636 enabled
- Valid TLS certificate on your LDAP server
- python-ldap and argon2-cffi Python packages
- Replaces the built-in
auth_ldapmodule
📄 Why WolfSSL over GnuTLS?
WolfSSL is FIPS 140-3 validated, has a significantly smaller attack surface than GnuTLS, and is purpose-built for embedded and security-critical environments. It's the TLS library of choice for PCI DSS Level 1 deployments at LSE Group.
Support
Commercial support: support@lumanet.info
Published by LSE Group — Enterprise Odoo Solutions
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module