View Full Version : Integration with vBulletin - vBulletin Ldap Authentication Plugin 1.0.1
malcolmx
01-01-2010, 10:00 PM
This is a very small plugin for enabling ldap authentication for vBulletin Suite 4. The original version is from www.sartori.at (http://www.sartori.at/).
if you need any help installing the plugin, please post into this thread here.
if you need any extra changes i will modify the plugin for extra charge.
In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.
If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.
in the admin or moderator panel no user is authenticated against the directory.
Requirements
php with ldap support
Installation Notes:
copy ldapAuth directory to your vb forum installation directory
change the path to controller.php directory in ldap-plugin.xml
copy the hooks_ldap.xml to FORUM_ROOT/includes/xml directory
in login.php search for:
if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
}
add hook after if statement, becomes:
(if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
}
($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false;
activate plugin system (if not done already) in admincp
in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'
recheck if the include for controller.php is right
in includes/class_bootstrap.php search for:
$show['nopasswordempty']
and change:
defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0;
to:
defined('DISABLE_PASSWORD_CLEARING') ? 0 : 1;
configure the ldap settings in: ldapconfig.inc.php
test the product
Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell (http://www.novell.com/coolsolutions/appnote/15120.html) and Microsoft (http://support.microsoft.com/kb/320528)
I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal. :)
vBulletin 3.6 version (https://vborg.vbsupport.ru/showthread.php?t=148573)
Does this support native vb functions such as changing password, username or email address?
malcolmx
01-03-2010, 06:25 AM
hello,
since this addon does not use vb functions to authenticate the users, those features are not available. if you want to change passwords / email addresses in your ldap / active directory then use
software that is available on the open source market.
if you want ldap functions implemented in vBulletin, you need another addon or need a request for paid services.
greetings
-malc
yambert
01-08-2010, 11:54 PM
A few things that could be more clear on the installation notes:
4. in login.php search for:
if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
}
add hook after if statement, becomes:
if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
}
($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false;
6. in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'
malcolmx
01-09-2010, 05:17 AM
thanks for the suggestions. changes made!
-malc
DraculaVN
01-19-2010, 02:13 AM
Dear malcolmx !
Thanks for your plugin. Now I want to a question for you: How to config plugin if my LDAP don't allow anonymous queries.
Because my company don't allow anonymous queries.
Please help me !!!
malcolmx
01-19-2010, 03:37 AM
Dear malcolmx !
Thanks for your plugin. Now I want to a question for you: How to config plugin if my LDAP don't allow anonymous queries.
Because my company don't allow anonymous queries.
Please help me !!!
as there habe been alot of questions for this feature (in the "old" plugin, too) i will add it to the code. see it online within 2 days.
kind regards
-malc
DraculaVN
01-19-2010, 04:52 AM
Oh ... I'm feeling happy with your answer. I will waiting for your plugin. I donate this plugin :).
Thanks so much
danlavu
01-20-2010, 02:09 PM
I hope this helps but I modified the controller.php so you can bind a username and password, so you do not need to open your ldap server.
My changes are below.
Add the following at
// connect to the LDAP Server
++$ldapBindUser = 'YOUR_BIND_USER';
++$ldapPassword = 'YOUR_BIND_USER_PASSWORD';
For every instance of $ldapConnection add the follow below the line. Should be two instances.
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
++$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapPassword);
Make some changes to the if else statement, delete or comment out the following and change one variable.
// write the FIRST found DN to $bindDn;
--$bindDn=$searchResult[0]['dn'];
// bind to the ldap server with specified credentials (dn, password)
--$ldap_bind = @ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);
// close the server connection
ldap_close($ldapConnection);
// ldap bind did not succeed, wrong username/password combination
++if ($ldapBind != 1)
--if ($ldap_bind != 1)
Now you should be able to connect to a more secure ldap server. Anonymous queries against my AD makes it hard for me to sleep at night.
DraculaVN
01-20-2010, 11:23 PM
Oh thanks danlavu. I will check it.
DraculaVN
01-21-2010, 12:25 AM
I can't connect to my LDAP with danlavu's code.
Dear Malcolmx,
I'm waiting your new plugin. I hope it will successful.
danlavu
01-21-2010, 02:07 PM
If you want, pastebin what you have and I can take a look at it, because its working fine for me. Also if you modify controller.debug.php and make the changes, it'll give you a lot more information on what the error is, if you can pastebin that I certain i can help you get it working.
DraculaVN
01-21-2010, 11:47 PM
Dear danlavu,
Thanks for support. Can you send me your "controller.php" file you have repair it or you send me your plugin you config.
Thanks so much
danlavu
01-22-2010, 12:06 AM
Dracula,
I found a bug in my code, if I can it working without this bug I'll post a solution but in the meanwhile please disregard my solution, it allows users to login as long as they match a username in ldap, no actual authentication occurs.
So I apologize for prematurely posting any code.
Dan
danlavu
01-22-2010, 05:49 AM
OK, I finally got it working properly, here is my controller.php and ldapconfig.inc.php
controller.php (modified ldap parameters to bind to a database, and because I'm using AD, I changed my search filter to 'samaccountname' instead of uid.
<?php
//
// main php file for vBulletin authentication against LDAP
// (c) andreas sartori, 2006
//
error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'controller.php');
// some basic requirements
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/ldapAuth/ldapfunctions.inc.php');
require_once(DIR . '/ldapAuth/ldapconfig.inc.php');
// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
return;
}
// if there is no password submitted, redirect to standard error
if ($vbulletin->GPC['vb_login_password'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
// create the ldap search filter
$ldapFilter = "(samaccountname=" . $vbulletin->GPC['vb_login_username'] .")";
// connect to the LDAP Server
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
if($ldapConnection)
{
$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
// search for the username and get the DN
$searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter);
$searchResult=ldap_get_entries($ldapConnection,$se archDn);
// if no user is found in ldap, redirect to standard error
if(sizeof($searchResult) < 2)
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'],$strikes)));
}
// write the FIRST found DN to $bindDn;
$bindDn=$searchResult[0]['dn'];
// bind to the ldap server with specified credentials (dn, password)
$ldap_bind = @ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);
// close the server connection
ldap_close($ldapConnection);
// ldap bind did not succeed, wrong username/password combination
if ($ldap_bind != 1)
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
else
{
// generate a template for vBulletin user database
$randomSalt=genSalt();
$randomPass=md5(crypt($randomSalt,$randomSalt));
$newuser =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
$newuser->set('username', $vbulletin->GPC['vb_login_username']);
// get the email address from ldap
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
if($ldapConnection)
{
$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
$searchEmail=ldap_search($ldapConnection,$ldapBase ,$ldapFilter, $ldapEmailAttr);
$userEmail=ldap_get_entries($ldapConnection,$searc hEmail);
if(sizeof($userEmail) < 2)
{
$newuser->set('email', $noEmailExists);
}
else
{
$newuser->set('email', $userEmail[0]['mail'][0]);
}
}
ldap_close($ldapConnection);
$newuser->set('password', $randomPass);
$newuser->set('usergroupid', 2);
$newuser->pre_save();
// try to create the user in vBulletin; if it works save the dataset else just login
if (!empty($newuser->errors))
{
$vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
$vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
do_login_redirect();
}
else
{
$newuser->set_info('coppauser', false);
$vbulletin->userinfo['userid']
= $userid
= $newuser->save();
$vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
$vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
do_login_redirect();
}
}
}
?>
ldapconfig.inc.php (Add user bind and pass variable)
<?php
//
// ldap configuration for vBulletin authentication against LDAP
// (c) andreas sartori, 2006
//
error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'ldapconfig.php');
// Server Settings
$ldapBindUser = "ldapuser";
$ldapBindPassword = "ilikeldap";
$ldapServer = "0.0.0.0";
$ldapPort = 389;
$ldapBase = "ou=users,dc=vbulletin,dc=org";
// Search Settings
$ldapEmailAttr = array( "mail" );
$noEmailExists = ""
?>
I hope this helps.
evilchili
02-08-2010, 08:42 PM
For those of you using OpenLDAP, you may need to specify:
ldap_set_option($LdapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
Immediately following your call to ldap_connect. This will avoid a protocol error when binding.
evilchili
02-08-2010, 08:58 PM
Also that whole second connect/bind/search just to get the email address isn't necessary -- we already have in $searchResult. So just do:
$newuser->set( 'email', $searchResult[0]['mail'][0] );
malcolmx
03-14-2010, 03:44 PM
i am sorry, that i am was not that active in the last weeks. lots of work to do :( thanks for every one helping the other vbulletin users!
-malc
tuwebfacil
03-14-2010, 07:04 PM
Just to help others, it's important to check that you have the php_ldap module, your php info should show something like this:
https://vborg.vbsupport.ru/external/2010/03/47.jpg
But I am currently having this problem:
Warning: ldap_search() [function.ldap-search]: Search: Can't contact LDAP server in [path]/ldapAuth/controller.php on line 37
Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in [path]/ldapAuth/controller.php on line 38
Any idea?
malcolmx
03-14-2010, 07:48 PM
Just to help others, it's important to check that you have the php_ldap module, your php info should show something like this:
https://vborg.vbsupport.ru/attachment.php?attachmentid=114109&stc=1&d=1268597172
But I am currently having this problem:
Warning: ldap_search() [function.ldap-search]: Search: Can't contact LDAP server in [path]/ldapAuth/controller.php on line 37
Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in [path]/ldapAuth/controller.php on line 38
Any idea?
show me the contents of the ldapconfig file.
-malc
tuwebfacil
03-14-2010, 08:07 PM
Here is :)
<?php
//
// ldap configuration for vBulletin authentication against LDAP
// (c) andreas sartori, 2006
//
error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'ldapconfig.php');
// Server Settings
$ldapServer = "dc2.mydomain.org";
$ldapPort = 389;
$ldapBase = "dc=mydomain, dc=org";
// Search Settings
$ldapEmailAttr = array( "mail" );
$noEmailExists = "";
?>
FFSBC
03-15-2010, 07:41 PM
Tried this with vbulletin 4-0-2 Patch Level 1 and Server 2003 AD with no luck. Installed Haqa's LDAP mod version 1.5 (which I had previously used with version 3.8.2 without issues) and it worked on the first try without any other tweaking:
https://vborg.vbsupport.ru/showthread.php?t=196596
hamzi
03-22-2010, 01:45 AM
can ldap login work while also enabling non-ldap users to register ? Even if registration is done manually by the administrator? I like to have users who are'nt on the ldap directory to be able to be members of the forum. Any help would be much appreciated.
thanks
hamzi
03-25-2010, 02:12 AM
can ldap login work while also enabling non-ldap users to register ? Even if registration is done manually by the administrator? I like to have users who are'nt on the ldap directory to be able to be members of the forum. Any help would be much appreciated.
thanks
I might have found a solution.
I have changed the 'Hook Location' for the Ldap plugin from 'ldap_login_hook(ldap)' to 'login_failure'. I presumed that this would force it to login as usual and on failure it will try ldap. This works now.
Can you see any problems with this?
jgarland
03-29-2010, 05:11 PM
These are the worst instructions I have encountered in a long time. Your target audience varies, I am not stupid, and there doesnt seem tot be that many steps, yet this thread is unclear and I couldnt get it to work. I will move on to another LDAP plugin in hopes it works. Would be great if you could write them step by step.
jgarland
03-29-2010, 05:16 PM
The are the worst instructions. Why write a program if you arent taking the time to write instructions properly. I will review other ldap plugins.
danlavu
04-01-2010, 06:29 PM
jgarland,
That is completely unnecessary, a lot of people here do this on their spare time and all we're trying to do is help. So why don't we help you get it working, because it does work and you can contribute like the rest of us and write some better documentation?
cowbert
05-20-2010, 05:38 PM
Auth works but fails to create the user if the user does not already exist in vB, so you get logged out as soon as it redirects after logging in.
kfurloni
05-24-2010, 07:51 PM
Hi,
I have tried this add on in 4.0.0 and i'm it is not functioning.
Is there a log file i can check to see if it trying to log onto the server? how can i troubleshoot this?
Keith
medikdave
06-27-2010, 03:23 AM
Hi,
I have tried this add on in 4.0.0 and i'm it is not functioning.
Is there a log file i can check to see if it trying to log onto the server? how can i troubleshoot this?
Keith
I have the same request. Is there any way to debug the process?
Dave
jeffsawyer
07-02-2010, 05:49 PM
I'm sure this has been asked (and hopefully solved) somewhere, but I'm not having luck with my searches here or on Google. What I'd really like is a full complete LDAP solution for vBulletin. This LDAP mod is great, but only integrates the login and nothing else. Is there a full integration hack somewhere or do I need to hack it up myself? Or do most people use some sort of central account management hub on their sites and disable the broken pieces? i.e. multiple subdomains for each piece: account.mycoolsite.com, forum.mycoolsite.com, www.mycoolsite.com
Thanks! Looking forward to feedback.
Jeff
Does this mod allow for LDAPS (secure LDAP)? I am trying with OpenLDAP and have no idea how I would set encryption types, certs, etc.
Any help would be much appreciated, thanks.
northerndoctors
08-24-2010, 01:53 PM
Hi,
I've been through the steps and added the code and put the files in the places told. When i try log in i get the error shown below right at the top of the window. Could you give me some suggestions to try?
Cheers Ben
"Warning: include(/Forums/ldapAuth/controller.php) [function.include]: failed to open stream: No such file or directory in [path]\login.php(109) : eval()'d code on line 1
Warning: include() [function.include]: Failed opening '/Forums/ldapAuth/controller.php' for inclusion (include_path='.;C:\xampp\php\pear\') in [path]\login.php(109) : eval()'d code on line 1"
jjuarez
10-11-2010, 09:13 PM
Please help me, I install this mod and work perfect, but I need give administrator privileges to an Active Directory User, and when I try to enter with this user to Admin Panel, dispay the error on user or password.
I Think this is because in controller.php are this condition:
// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
return;
}
How fix this that when this user try to access to admin panel, work.
Tanks a lot.
VirginBlue
10-12-2010, 02:30 AM
Tried this with vbulletin 4-0-2 Patch Level 1 and Server 2003 AD with no luck. Installed Haqa's LDAP mod version 1.5 (which I had previously used with version 3.8.2 without issues) and it worked on the first try without any other tweaking:
https://vborg.vbsupport.ru/showthread.php?t=196596
Same
ecrist
03-26-2011, 08:06 PM
I've updated the code from this add-on to include the code for authenticated (non-anonymous) binds, and well as having added the ability to keep the in-database password in-sync with the password stored in LDAP. The allows the user to use the same password for the admin/mod control panels as they do for the forum main pages.
There are a few things I'd like to do in the near future:
Update LDAP password from vB profile update page.
Update email from vB profile update page
Update email from LDAP front-end.
Please take these code changes and let me know what you think.
Swarm
05-31-2011, 04:24 PM
Hello,
Does anyone know if this plugin has been worked on recently? I've followed the directions and notes from this thread fairly extensively but still cannot get it to work entirely.
Using: AD, ldapAuth_1.0.2 (non-anonymous)
I can verify that my credential is binding correctly. However when I try to log in, i see the following errors:
Warning: ldap_search() [function.ldap-search]: Search: Bad search filter in [path]\ldapAuth\controller.php on line 38
Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in [path]\ldapAuth\controller.php on line 39
controller.php
<?php
error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'controller.php');
// some basic requirements
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/ldapAuth/ldapfunctions.inc.php');
require_once(DIR . '/ldapAuth/ldapconfig.inc.php');
// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
return;
}
// if there is no password submitted, redirect to standard error
if ($vbulletin->GPC['vb_login_password'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
// create the ldap search filter
$ldapFilter = "($samaccountname=" . $vbulletin->GPC['vb_login_username'] .")";
// connect to the LDAP Server
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
//ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
if($ldapConnection){
$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
// search for the username and get the DN
$searchDn = ldap_search($ldapConnection,$ldapBase,$ldapFilter) ;
$searchResult = ldap_get_entries($ldapConnection,$searchDn);
// if no user is found in ldap, redirect to standard error
if(sizeof($searchResult) < 2)
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'],$strikes)));
}
// write the FIRST found DN to $bindDn;
$bindDn=$searchResult[0]['dn'];
// bind to the ldap server with specified credentials (dn, password)
$ldap_bind = ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);
// close the server connection
ldap_close($ldapConnection);
if ($ldap_bind != 1){
// ldap bind did not succeed, wrong username/password combination
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} else {
// generate a template for vBulletin user database
[...]
ldapconfig
<?php
error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'ldapconfig.php');
// Server Settings
$ldapBindUser = "mydomainadminusername";
$ldapBindPassword = "mypass";
$ldapServer = "x.x.x.x";
$ldapPort = 389;
$ldapBase = "ou=users,dc=domain,dc=local";
// Search Settings
//$samaccountname = "cn";
$ldapEmailAttr = array( "mail" );
$noEmailExists = ""
?>
Any Ideas?
Eslob
01-29-2012, 10:23 AM
thank you for this mod, its little complicated but i'm trying to learn more about it.
as i know ldap mostly used for emails (microsoft outlook)
J29953E37A78
12-27-2012, 03:37 AM
Hi there,
I have downloaded the plugin and done up to point 5 but I don't understand point 6 (in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'
Where do I find this?
Frustrated
thanks
miklr
01-30-2013, 08:30 PM
Hi there,
I have downloaded the plugin and done up to point 5 but I don't understand point 6 (in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'
Where do I find this?
Frustrated
thanks
I noticed that malcolmx has a supported tag on this. Has anyone had success installing it on 4.2?
dirkji
03-23-2017, 07:48 AM
Will this version also work for vBulletin version 5 + ?
MarkFL
03-23-2017, 07:51 AM
Will this version also work for vBulletin version 5 + ?
No product written for vB 3.x or vB 4.x will work with vB 5.x...not without being pretty much completely rewritten, and then if it is, it would be released as a vB 5.x product.
Netcom
07-11-2018, 11:50 AM
Im sorry but I could not understand. How can I use this plugin?
I could find nowhere. neither admincp nor other page
Where is the plugin manage screen?
How can I see the plugin work or not?
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.