Hello there,
first: Thank you very much for this plugin. It's quite useful :)

But I've got a problem. I just wanted to authenticate the admins against the LDAP, too, and tried the hint to comment out the following part:

Now trying to login with the LDAP-credentials the user gets redirected to the 'badlogin'-Message - so no authentication against the LDAP is done.

The normal password - which worked before this change - does not work any more [what is quite logical ;) ]...

Can anyone help, please?
Thanks a lot in advance!

I'm having trouble getting logged in. This, like another user here, is critical to a program we are working on internally.

++ -------- START -------- ++
++ LoginType: Normal Login
++ LdapFiler: (cn=test)
++ LdapServer: connection successful
++ presearch /t Resource id #22,cn=test,cn=users,DC=pmac,DC=internal,(cn=test)
++ LdapSearch: there is no such user in the directory

I get that in the debug. I've also based the search base just dc=pmac,dc=internal and placed the "test" user up in the top of the domain.

The username is "test" and the cn is also test (according to ldp.exe).

I get a word that there is a connection with no problem, but that the user does not exist.

Weird. Any help is greatly appreciated.

the dn is not right. that ,(cn=test) seems really wrong. what is the full dn to your user? (maybe ldp.exe show it). please post the content of the ldap config file (from my module).

-malc

Expanding base 'CN=test,DC=pmac,DC=internal'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=test,DC=pmac,DC=internal
4> objectClass: top; person; organizationalPerson; user;
1> cn: test;
1> description: leave me for randyc;
1> givenName: test;
1> distinguishedName: CN=test,DC=pmac,DC=internal;

There is a snippet of the ldp.exe results.

this is only a test account I'm trying this with.

Also, here is some more info:
Warning: ldap_search() [function.ldap-search]: Search: Operations error in [path]/ldapAuth/controller.php on line 49

Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in [path]/ldapAuth/controller.php on line 50

That is the debug controller.php. I turned on PHP debugging for the server, so now it is spitting hte errors out.

bump -- anyone able to shine some light?

Is it possible to use both this and the built in database?

We want both our employees and outside users to be able to sign up and use this service.

as you see, you have another DN here as in your first post:
please post me the ldap config as i asked some days ago.

thanks

-malc

you need to modify the plugin then:
search for the ldap user (if not found) -> make internal auth

-malc

MalcomX,

Sorry to have bugged this month. After two days of constant tweaking, I've made a change to the script.

My final problems lie here:
At the end of controller.php when it calls upon function_login.php from VB, it is giving errors about missing arguments. I get these, however, I can still login no problem. Essentially, if I shut off verbose error reporting, I can use this script error free :-).

Do you want a copy of the changes I've made? For whatever reason, before ldap_search I had to ldap_bind with a username/password in order to be able to search below the base of the tree.

i assume you use active directory as ldap server?

if you want to give me the changes, please make a diff and post it here on the boards. i will look at the changes.

-malc

I'll send ya a PM with the actual file details.

It's Active Directory on Windows Server 2003.

edit: I'll put it up tomorrow -- I'm going to clean up/comment my code additions + its easier to manipulate files at work.
Laptop keyboard -- not for me.

edit: Hold off a little more, can we fix the missing arguments issue? At the end of controller.php when it calls upon function_login.php from VB, it is giving errors about missing arguments. I get these, however, I can still login no problem. Essentially, if I shut off verbose error reporting, I can use this script error free :-).

Warning: Missing argument 4 for verify_authentication(), called in [path]/ldapAuth/controller.php on line 98 and defined in [path]/includes/functions_login.php on line 135

Warning: Missing argument 5 for verify_authentication(), called in [path]/ldapAuth/controller.php on line 98 and defined in [path]/includes/functions_login.php on line 135

Warning: Missing argument 6 for verify_authentication(), called in [path]/ldapAuth/controller.php on line 98 and defined in [path]/includes/functions_login.php on line 135

look at the file forum_root/includes/functions_login.php. there you can find the function verify_authentication().

i didnt need to pass over some parameters, since thre is no need to verify.

text from my initial post:

I'm eliminating the need for anonymous queries and modifying the script for authenticated binding.

thats nice.i didnt implement this, because some of my customers (when i sold the plugin) had problems with some tachnical aspects. the administrator of the company didnt even know what a DN is. so i never implemented this (in case there are more people that just know: right click, left click, right,...)

-malc

Would allowing (or enabling) admincp/modcp logins with this script be difficult? What would I need to do to enable it?

thats easy. but before you do that, you have to give users rights to access the admin /mod cp.

try to remove this after you have set the rights. that should be the solution.

-malc

I commented this bit out and gave the proper permissions but that didn't seem to cut it... Could there be something else?

btw thanks for the fast reply, I didn't expect that :)

maybe, that was just a shot into the blue. i will try it in the next days and give you some hint.

-malc

Did you get a chance to look at this? I'm no good with vbulletin architechture so I couldn't figure this one out myself.

I did no. 1, but have no idea how to do no. 2. Please help.

Jose

Hey Guys, I figured out the problem- my zip file was not extracting properly, so I never saw the config or plugin files for LDAP.

any more word on the "authenticated binding". My admin will not allow anonymous access to the active directory LDAP server.

Cannot figure out how to test if plugin is working. When i enter my credentials, they are not recognized, so it seems that vB is not querying active directory via the LDAP plugin. Please help.

malcolmx first I would like to say this is a great add-on. Exactly what we needed in order to move forward with utilizing vB on our intranet so thanks!!

Everything works correctly and I'm not having any problems but I have been asked a number of times if there is any way to add the users full name to the users vB account? My thought was that I could add two custom user fields called first name and last name but is there any easy way to pull the first and last name out of LDAP and add them to these fields?

what was the line of code to add for this functionality and to what file. if i may ask. thank you

Hi - first post, newbie alert, etc.
I've taken over running a forum which has around 5000 members. Now, we've got an online shop (which isn't quite live yet) running on OSCommerce and I'm just in the process of putting Joomla! on the site.

Now, I know LDAP from work, but there's a wondering I've got about how this works.

Firstly, if I install this mod on a clean LDAP database, how can I import the 5000 usernames from the vBulletin installation?

Would I be correct in assuming that when a user logs in to the forum, the LDAP would be checked, then report no such user. Then vB would be queried and report a success - with the LDAP then taking in the information from vB.

... or have I got this completely wrong. If so, any pointers on how to get the users in the LDAP DB?

Thanks in advance!

I think your understanding is the wrong way 'round.

The plugin will kick in after failed vB login. In other words, any users that are on vB already can login directly. For users that are not yet registered, they are checked from the LDAP. If they are on LDAP but not on vB then a new user is created.

So, LDAP does not get information from vB. vB is the one that gets information from LDAP. Your existing 5000 users will continue to use vB as before. There is no need to move them to LDAP.

In controller.php, there is an if condition that checks for errors before a new user is created:
How can I check what exactly the error is?

If I remove the if condition and force the new user to be created, I get the following error message:

Fantastic, I had to make a few changes to the line which logs people in once they have passed authentication, other than that - perfect.

Thanks malcolmx!

Tom - www.mouselike.org

Ok I am confused now.. Which LDAP mode has better support and has anyone got it to work on vb4 yet?

i have already installed a test system with vb4 and i think a new version with vb4 support will be out in the first week of january.

malc

Thank you Malc,

since I am testing the whole ldap functionality starting with Haqa's mod,
I am realy looking forward to see yours as well since both are very interesting implementations.

plugin is ready for vbulletin version4

https://vborg.vbsupport.ru/showthread.php?t=231909

I'm getting this, not sure how to resolve.


Also does this work ok with OpenLDAP (linux debian), seems pretty AD heavy?

sure, i am running it with sun enterprise ldap server. it doesnt matter which ldap server you use.

-malc

Sweet thanks for the reply.

I'll have another crack at it today.

OU=People,dc=host,dc=co,dc=nz
uid=

Hi,

Brilliant plugin.

Has anyone had problems with cookies. Basically when I use the hook and tick the 'Remember Me' box it doesn't remember me when I close the browser and relaunch it. If I disable the hook it works. Any idea how to fix this.

Thank you.