First install the python-ldap library:
[sudo] apt-get install python-ldap
Then install OpenERP's user_ldap module.
Go to Administration » Companies, select your company, find the "Configuration" tab, and on the "LDAP Configuration" box click "New" to add a LDAP configuration.
Complete the requested information:
- LDAP Server address: your.adserver.address
- LDAP Server port: 3268
- LDAP binddn: your-domain\a-username
- LDAP password: your-password
- LDAP base: DC=your-domain,DC=local
- LDAP filter: sAMAccountName=%s
- Create User: Yes
- Model User: Your template user
The parameters bindn and password can be ignored if the AD server is configured to allow anonymous connections. In this case, we preferred to create a generic user to connect to the AD.
When someone tries to login to OpenERP for the first time, it's full name is retrieved from the AD and a new Openerp user is created copying from the template user. So, this template user should have assigned default access groups for everyone in the domain.
You might need to adjust some of these setting to your specific AD structure. I found Softerra's free LDAP browser to be useful to explore the AD structure, or just to test the LDAP configuration parameters.