vb.org Archive
Page 14 of 15 « First 41213 14 15
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Graveyard (https://vborg.vbsupport.ru/forumdisplay.php?f=224)
-   -   Miscellaneous Hacks - LDAP Authentication (https://vborg.vbsupport.ru/showthread.php?t=196596)

Jimbot 10-14-2011 04:15 AM
Quote:
Originally Posted by jugbugs (Post 2254260)
I followed this process and am getting...

Code:
Fatal error: Call to undefined function ldap_connect() in D:\www\vhosts\localhost\includes\functions.php(7038) : eval()'d code on line 36
I am assuming this means I do not have ldap enabled for PHP... any thoughts on an easy way to "add" LDAP to an existing install? What specifically needs to be included and where?
I've not got that error, but I have the LDAP extension for PHP installed. You can check the status of ldap through the vbulletin admincp->Maintenance->PHP info. There's a whole section devoted to ldap in mine.

I run on Windows, so installing LDAP support for PHP was simply an option I chose in the PHP installer (under 'extensions' if I recall correctly).

Good luck!

roarkh 11-22-2011 07:56 PM
I am new to vBulletin so this is all new to me. I just installed the LDAP Authentication plugin referenced in this thread and for the most part it seems to be working just fine. However, I have a question. I have logged in as two different users from our LDAP server and vBulletin did indeed allow them to login and did create user accounts for them. However, I noticed that for some reason the "Primary Usergroup" for both of those users was set by default to "Super Moderators". It seems to me that they should be set to "Registered Users" instead.

If I go into the vbulletin admin panel and manually add a user the default settings does seem to be "Registered Users".

Is there any way to tell the LDAP Authentication plugin that new users should be created as "Registered Users" instead of "Super Moderators"?

Thanks in advance.

Jimbot 11-22-2011 10:26 PM
Quote:
Originally Posted by roarkh (Post 2270898)
Is there any way to tell the LDAP Authentication plugin that new users should be created as "Registered Users" instead of "Super Moderators"?
Yes, but you'll need to edit the plugin source, as this option hasn't been added to the LDAP settings.

If you're using my version, from the post above, you'll need to edit line 193 of the plugin, shown in the snip below. The line that sets the usergroupid to 5 makes the new user a supermoderator. The 'Registered users' group has a usergroupid of 2 (at least it does in mine). So change the 5 to a 2, and that should resolve the issue. The usergroup IDs can be found in Usergroup manager in the admin control panel.

PHP Code:
      ($debug $debug ) ? print_log("New user. Creating with info from ldap") : false;
      $newuser->set('email'strtolower($userData[0]['mail'][0]));
      $newuser->set('username'$vbulletin->GPC['vb_login_username']);
--->      $newuser->set('usergroupid'5);
      $newuser->set_bitfield('options''adminemail'true);
      $newuser->set_bitfield('options''emailonpm'true
Hope this helps!

roarkh 11-22-2011 10:36 PM
Quote:
Originally Posted by roarkh (Post 2270898)
I am new to vBulletin so this is all new to me. I just installed the LDAP Authentication plugin referenced in this thread and for the most part it seems to be working just fine. However, I have a question. I have logged in as two different users from our LDAP server and vBulletin did indeed allow them to login and did create user accounts for them. However, I noticed that for some reason the "Primary Usergroup" for both of those users was set by default to "Super Moderators". It seems to me that they should be set to "Registered Users" instead.

If I go into the vbulletin admin panel and manually add a user the default settings does seem to be "Registered Users".

Is there any way to tell the LDAP Authentication plugin that new users should be created as "Registered Users" instead of "Super Moderators"?

Thanks in advance.
Well, I did some digging through the module code (version 1.5.1_vb4) and noticed this on line 199.
Code:
$newuser->set('usergroupid', 5);
I changed the above to the following and reinstalled the addon.
Code:
$newuser->set('usergroupid', 2);
And now the default usergroup is Registered Users instead of Super Moderators. I'm wondering if this should not be the default behavior?

Thank you.

roarkh 11-22-2011 10:41 PM
Quote:
Originally Posted by Jimbot (Post 2270945)
Yes, but you'll need to edit the plugin source, as this option hasn't been added to the LDAP settings.

If you're using my version, from the post above, you'll need to edit line 193 of the plugin, shown in the snip below. The line that sets the usergroupid to 5 makes the new user a supermoderator. The 'Registered users' group has a usergroupid of 2 (at least it does in mine). So change the 5 to a 2, and that should resolve the issue. The usergroup IDs can be found in Usergroup manager in the admin control panel.

PHP Code:
      ($debug $debug ) ? print_log("New user. Creating with info from ldap") : false;
      $newuser->set('email'strtolower($userData[0]['mail'][0]));
      $newuser->set('username'$vbulletin->GPC['vb_login_username']);
--->      $newuser->set('usergroupid'5);
      $newuser->set_bitfield('options''adminemail'true);
      $newuser->set_bitfield('options''emailonpm'true
Hope this helps!
Thanks for your response, apparently I was posting the solution I found to this at the same time you were answering me so I didn't see your post until I completed mine. Clearly we are both on the same track and that indeed did fix my problem.

Thanks again.

Jimbot 11-22-2011 11:21 PM
Quote:
Originally Posted by roarkh (Post 2270947)
And now the default usergroup is Registered Users instead of Super Moderators. I'm wondering if this should not be the default behavior?
Perhaps you are right. For my setup, though, by default LDAP users are considered 'trusted', and members using internal VB authentication are not. So all LDAP users are granted the super mod privileges.

What we really should do is make it a config setting.

Not sure when I'll get time to do this....

rguser 11-26-2011 04:53 PM
I didn't have any luck with using the original set_userfields method. The aforementioned code had:
PHP Code:
$newuser->set_userfields($userFields); 
It worked when I switched it to this:
PHP Code:
$newuser->set_userfields($userFieldstrueadmin); 
I think it's because the account I was testing was my own account which was promoted to administrator.

Has anyone conceived of the idea or attempted setting the username to the LDAP 'displayname' or 'givenname' and 'sn' while allowing the user to both login and authenticate using their LDAP credentials? ie, login as: jdoe, but username is set to John Doe so that all posts, member list, user profile and all show John Doe. My forum is internal, consists only of LDAP users all on the same domain and I've disabled registration since the LDAP auth code can create a new user. I've made a user profile field set to displayname but if I don't have to go through and modify the template to show the displayname userfield in lieu of username, that would be awesome.

Unless it's easier now to modify the template using the built-in search/replace? Suggestions or ideas?

jugbugs 12-08-2011 11:08 PM
Quote:
Originally Posted by Jimbot (Post 2257023)
I've not got that error, but I have the LDAP extension for PHP installed. You can check the status of ldap through the vbulletin admincp->Maintenance->PHP info. There's a whole section devoted to ldap in mine.

I run on Windows, so installing LDAP support for PHP was simply an option I chose in the PHP installer (under 'extensions' if I recall correctly).

Good luck!
This worked perfectly... thank you

jugbugs 12-08-2011 11:18 PM
I have another question, which is php related.

I have this plugin (vb4 version) and it is working, however, I cannot get the "Allow Built-in Accounts" (ldap_allow_builtin) setting to work when putting in a comma separated list. If I only have one userid in this setting it works for that user only, which leads me to believe this is an easy solution. Given the fact that I am php retard, the answer is not glaringly obvious, therefore, I will summarize what I know in hopes someone can help me.

In the product xml, this variable (setting) is defined as follows:

Code:
<setting varname="ldap_allow_builtin" displayorder="100">
        <datatype>free</datatype>
        <defaultvalue>1</defaultvalue>
</setting>
The piece of code that I believe to be broken that uses this variable is:

PHP Code:
//if login is on the list of allowed logins, don't use ldap authentication
$userid $vbulletin->db->query_first_slave("
   SELECT userid
   FROM ".TABLE_PREFIX."user
   WHERE userid in ('".$vbulletin->db->escape_string(htmlspecialchars_uni($vbulletin->options['ldap_allow_builtin']))."')
   AND username = '".$vbulletin->db->escape_string(htmlspecialchars_uni($vbulletin->GPC['vb_login_username']))."'");
if ($userid) {
    ($debug $debug ) ? print_log("user on the non-ldap list. " $vbulletin->GPC['vb_login_username'] . " with id: "implode(",",$userid)) : false;
    return;

So, what is wrong with the php code that is not searching "ldap_allow_builtin" as if it is an array?

Thanks.

alexm 01-24-2012 10:32 PM
Quote:
Originally Posted by Jimbot (Post 2242445)
For this to work you'll need the following files. They go in the following locations:
./includes/xml/hooks_ldap_auth.xml
./includes/devtools.php

A big thanks to everyone who has contributed to this solution: kpatten, haqa, malcolmx and zemic.

Thanks to everyone for their excellent work!

I have successfully implemented the above version on vBulletin 4.1.10

With regard to this problem:

Quote:
Originally Posted by kpatten (Post 2183860)
1. This plugin doesn't seem to work if your Search Base DN begins with a DN in AD. You must have your search base begin with an OU. This means that if you have multiple OU's at the top level of AD that contain users, you may have a problem.
I have managed to get ldap_search to properly recurse through the sub-OU's on a Server 2008 DC running in 2008/2003 mixed mode by doing the following:

After:
PHP Code:
    // Enable LDAP version 3
    ldap_set_option($ldapConnectionLDAP_OPT_PROTOCOL_VERSION3); 
Add:
PHP Code:
    ldap_set_option($ldapConnectionLDAP_OPT_REFERRALS0); 
Now if I set the Base DN to DC=domain,DC=com it will find users in all OU's in the domain.

Hope this helps someone

Alex


All times are GMT. The time now is 06:30 PM.
Page 14 of 15 « First 41213 14 15
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01501 seconds
  • Memory Usage 1,808KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (7)bbcode_php_printable
  • (8)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete