|
Quote:
please show me the content of the variables Code:
$ldapBase-malc |
the error is in your $ldapBase.
the base is just: "dc=sun,dc=com" all the other stuff like ?sub? (objectclass=*) has nothign to do with the deafault search base (=$ldapbase). my script is searching for a specific user ($ldapFilter in controller.php) below the $ldapBase in your ldap directory. if you want to want to add an (objectclass=*) to your search filter you have to add that to line 29 in controller.php Code:
$ldapFilter = "(uid=" . $vbulletin->GPC['vb_login_username'] .")";-fhs |
please user controller.debug.php and change in line 17 the debug output file location (if needed)
Code:
if(defined('LDDEBUG')) { $fp=fopen('/tmp/apache.debug', "a+"); }-malc |
Quote:
:) -malc |
please do me a favour:
on the linux commandline (if available) try the following: ldapsearch -W -D "XXXX" -x -b YYYY -h ZZZZZZ "(uid=grahamar)" exchange: XXXX: the FULL DN to your username (e.g. uid=grahamar,ou=bla=o=buh) YYYY: the ldap search base ZZZZ: the ldap server ip 1) additional questions from my side: is the wiki doing an ldapbind or is it comparing the hash values of the password? 2) are you sure you did all changes to the vbulletin php files as written in the INSTALL file? especially: PHP Code:
PHP Code:
PHP Code:
-malc |
Quote:
PHP Code:
|
when your password is shown correctly then you should have done the install instructions.
i have to do some brainwork now... no idea where the problem could be. |
Code:
ldapsearch --help 2>&1 |grep W-D is the full DN to your entity in the directory. please test if this authentication works. thanks -malc ps: i will be gone over the weekend. i am back on monday. |
Hi Malc,
any update you can give to help proceed with this? Thank you Graham |
Hi,
I now have LDAP working on another a Bulletin board from another Source. I'll leave the situation of not being able to use LDap on vbulletin as it is. Thanks for those who tried to help me. Graham |
i am sorry, but i had no time to help :( we had a cooling problem in our machine room, so i had some stressy days fixing broken and damaged machines..
if you need any help (if you give it one more try) ill help you. if it is possible for you and your company i can fix the problem for you. -malc |
I'm looking at using this mod but was wondering
#1 will it work with vB 3.6.8 #2 for users authenticated by the LDAP server but not registered in vBulletin, from what I understand a new users created? If understood correctly what user group does the new user automatically get added to? |
#1 probably yes
#2 yes, new users get created. users are added to the registered group (can be changed in the script with some vbulletin documentation reading) -fhs |
First off....THIS IS A GREAT MOD!!!
One question that I do have is I've noticed that all the "User Registration Options" on the forum get by passed. i.e send welcome email, default registration options etc. which makes sense as you are creating a user directly in the db table. But is there anyway that I can set some of these user options and send an email notification to the admin, when the user is created and assigned to the registration group? Anyone able to help with this? |
Sorry for the multiple post but I just ran into a small problem. My ID is setup as an administrator and when I attempt to log in the board will not take either my local vB password or my LDAP password? Any ideas? I'm able to log in directly to the admin cp which then provides rights to the forum but for some reason it doesn't by pass the LDAP for admins? Am I understanding this correctly that if you are an admin then it shouldn't use LDAP but instead use the vB id and password?
The info in my debug file is as follows: ++ ---------- START ------- ++ ++ LoginType: Normal Login ++ LdafFilter (uid=myUserID) ++ LdapServer connection successful ++ ldap bind did not succeed Does this mean that it doesn't think that my account is an admin account? |
Quote:
|
Quote:
PHP Code:
Steve |
Great mod, but I have another slight problem.
The 'remember me' feature isn't working on my instance and I think it may be something to do with this mod. Has anyone else had the same problem? |
Does anyone know how to modify this code to bypass the LDAP log-in for specific user groups?
|
Fantastic mod.
Thanks malcolmx for building this. had a little bit of trouble at the start, but I have it working now for me. Thought I'd share my experience. 1.) all the installation steps were easy to follow. I got tripped up on the ldap_plugin.xml vs hooks_ldap.xml, but I realized my mistake pretty quickly. Maybe an update to the documentation to state which file gets uploaded? 2.) controller.debug.php was the key for me. A note to all you linux people out there, make sure the debug logfile exists first and that apache has permissions to write to it. I changed my debug file to /var/log/vbulletin_ldap.debug, logged in as root, so I did the following : cd /var/log/ touch vbulletin_ldap.debug chmod 666 vbulletin_ldap.debug chown apache:apache: vbulletin_ldap.debug after the chmod & the chown, I started seeing output in my .debug file. Another quick observation, I didn't have openldap-clients installed, so in reading the posts in this thread, all of the instructions of running "ldapsearch" won't work unless you have openldap-clients installed. Pretty easy from fedora: yum install openldap-clients So after that work, I'm up and running. In total, it took me ~1 hr to get everything running, which isn't bad. ldap authentication for MediaWiki took me longer. Thanks again malcolmx! -Brian |
thank you for installing my mod and sharing your experience. i do not have alot of time, thats why i could not improve the whole plugin.
but its nice to see, that its still working on newser vbulletin version :) i have subscribed the thread, so whenever someone posts, i go here and read the post. i will help whenever its possible. -malc |
OK, I can't tell if this has been answered. Trying to get this mod working on our corporate intranet. IT will not allow anonymous LDAP queries
Has anybody gotten it to work without this and can explain it succinctly to a newb? |
hello,
the whole script will work without anonymous searches, if:
if you need more information just ask, i will try to help. -malc |
Do you know if I can use Cisco ACS to handle authentication rather then pointing to Ldap using this hack/add-on ?
|
hello,
i dont think that this works since cicso ACS is basically a radius server which gets the userdata itself from an ldap or active directory. -malc |
Thanks for a great plugin malcolmx! Do you know if it works with vB 3.7?
/M |
This mod is exactly what I need but I'm struggling to set it up, I've followed the instructions. We are trying to authenticate against a windows 2003 Active Directory and have allowed Anonymous Logon permissions as per the instructions. But everytime I try to login to vbulletin it says I've entered an invalid username/Password
I have tried the alternative controller.debug.php and it gives me the following ++ -------- START -------- ++ ++ LoginType: Normal Login ++ LdapFiler: (uid=test) ++ LdapServer: connection successful ++ LdapSearch: there is no such user in the directory The strange thing I always get the above output even if I put bogus info into ldapconfig.inc.php ie If I don't use the Active directory port number 3268 or put a rubbish IP addresss or hostanem for $ldapserver which makes me think that where it says its making a connection successful isn't actually the case Anyideas Any more debug that I can get out of the system, we are using vbulletin 3.6.8 on windows 2000 with php 5 Thanks |
Hi the above problem seems to of changed slightly, now when I try to log in with ldapconfig.inc.php configure correctly it just sits at the login screen
The debug output just says ++ -------- START -------- ++ ++ LoginType: Normal Login ++ LdapFiler: (uid=vbulletin) ++ LdapServer: connection successful But doesn't get any further I have checked and double checked settings, I have also tried authenticating against an old Windows 2000 domain but it does the same. If anyone has any ideas I would really appreciate as I would really like to use it Thanks John |
is there a user with the uid=xxxx ?
maybe you can find your users with cn=xxx? you can use the command line tool "ldapsearch" to search for specific attributes in your active directory. maybe that helps you. -malc |
Quote:
|
123
|
I have managed to figure out ldp.exe and have now got anonymous searchs working against our Active Directory
However still having trouble with this mod. I have modified the controller so $ldapFilter = "(sAMAccountName=" . $vbulletin->GPC['vb_login_username'] .")"; using ldp.exe I can do the above search ok Using the debug controller I can see it hangs at $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter); If I add a line before it if(defined('LDDEBUG')) { wrlog("++ presearch /t $ldapConnection,$ldapBase,$ldapFilter"); } I get this in my log file ++ presearch /t Resource id #15,dc=thebookpeople,dc=com,(sAMAccountName=test98 7) ANy ideas, desperate for this to work! Cheers John |
Quote:
- $ldapBase printed (dc=thebookpeople,dc=com) - $ldapFiler printed (sAMAccountName=test987) - $ldapConnection is working, too is it working when you print some text into debuglog right after $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter); ? -malc |
Thanks
|
Quote:
Progress! I have had some partial success. If I specify in the ldapconfig.php the actual OU that the account exists in $ldapBase = "OU=users,OU=Haydock,DC=thebookpeople,DC=com"; and use the cn for the ldapfilter $ldapFilter = "(cn=" . $vbulletin->GPC['vb_login_username'] .")"; then it works if I login with the actual fullname , ie for me cn=john ainsworth What I really need is to be able to set the Base to be our top level AD DC=thebookpeople,DC=com rather than be specific Also to be able to use their login name rather than the Active Directory Object name I did work out that I changed ldapfilter to query the Active Directory property sAMAccountName instead of cn and changed the ldapbase to be CN=John Ainsworth,OU=HayIT,OU=Haydock,DC=thebookpeople,DC= com then it would log me in Cheers |
if you can only find your user in the "long" tree but the search does not succed with the top level AD base, then it "could" be possivle that AD has a mechanism (like any other ldap) to deny a subtreee (scope) search.
if that works (test with the ldap client command), php standard search scope is subtree (LDAP_SCOPE_SUBTREE) - http://de.php.net/manual/en/function.ldap-search.php your other thoughts are right: - login with samaccountname - search for user (samaccountname=username) - bind with the full dn (cn=....) -malc |
[QUOTE=malcolmx;1510358]if you can only find your user in the "long" tree but the search does not succed with the top level AD base, then it "could" be possivle that AD has a mechanism (like any other ldap) to deny a subtreee (scope) search.
All sorted!! If you want to query sub trees in Active Directory don't use the standard port number , use 3268 instead Once I changed the port number I was able to change the filter to $ldapFilter = "(sAMAccountName=" . $vbulletin->GPC['vb_login_username'] .")"; to login using the AD login name rather than the cn name Cheers for all your help malc |
thanks for using my plugin and its nice to see another one using it :)
dont forget to click on "Mark as Installed" :) thanks for your support! -malc |
I am new to using plugins for vBulletin and the error is probaly basic.
I downloaded the plugin and followed the directions, but when I get to step 6: I receive a message "invalid file specified". Step 6 is in admin cp import the product at "Download / Upload" Plugins I am using the plugin hooks_ldap.xml located in the ./includes/xml/. Any help would be appreciated. |
I got it working.
|
| All times are GMT. The time now is 01:36 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|