vb.org Archive
Page 4 of 7 « First 23 4 56 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Integration with vBulletin - LDAP Authentication (https://vborg.vbsupport.ru/showthread.php?t=145188)

zemic 05-24-2007 09:55 PM
Here it is. Stick this in your config.php

Quote:
define('DISABLE_HOOKS', true);
Instructions here:
http://www.vbulletin.com/docs/html/disable_plugins


p.s.
I'm still working on the a slight tweak for this modification to work with CRYPT as I said I would do a couple of weeks ago. I should get time to complete it this week.:)

David_McPherson 05-24-2007 10:15 PM
Fantastic... thank you sir. I'm back in.

fhs2006 05-31-2007 02:29 PM
malcolmx gives out his ldap authentication now for free. it has this feature.

David_McPherson 06-01-2007 02:27 AM
Quote:
Originally Posted by fhs2006 (Post 1258379)
malcolmx gives out his ldap authentication now for free. it has this feature.
Forgive me... Malcolmx? Do you have a link to his website, or is it here?

fhs2006 06-01-2007 04:26 AM
<a href="https://vborg.vbsupport.ru/showthread.php?p=1258715" target="_blank">https://vborg.vbsupport.ru/showthread.php?p=1258715</a>

ckm 09-16-2007 05:57 PM
I'm modifying this code to authenticate against something different, but I was looking through the code for this plugin and found a possible error.

In the section where it tries to update the VB database's user password, it seems to MD5 a password that's already MD5'd:

Code:

//MD5 the password with SALT key
$passwordsalt = md5($_POST[vb_login_md5password] . $salt[0]);
(BTW, line 89 in the XML file)

It may be my lack of understanding as to how VB holds passwords, but wouldn't you MD5 the plain text password, not something that's already been hashed? If so, would $vbulletin->GPC['vb_login_password'] still be available to do this?

And if $vbulletin->GPC['vb_login_password'] is still available, you could use it to replace $_POST[vb_login_md5password]

Thx.

Chris.

zemic 09-17-2007 03:09 PM
Hello,

Its been a few months since I've been on here. In June I moved jobs and have gone from an institution using UNIX UNIX UNIX, to MICROSOFT MICROSOFT MICROSOFT so no LDAP server for me to play around with, and therefore havent been able to develop this any more since release. Good news MalcolmX decided to release his version for free after I spent hours figuring this thing out!! I've not tried his version but its good to give people choice :).

Anyway....

ckm, yes it is correct. Vbulletin re-hashes the MD5 with a "salt" key. Its like an extra layer of protection. Salt is just a random 3 digit character made up when a new user is created. Its then used to encrypt the password. Does that make sense?



I'll try and get LDAP up and running somewhere so I can develop this a bit further. It works as is but I could add a few extra neat touches. :)

Mark Tomlinson 10-17-2007 09:00 PM
Our LDAP tree does not include an MD5 password hash field - or at least not one that is viewable with an anonymous bind. So I simply modified the IF that does the password hash comparison with an IF that does a bind with the user's name and password.

PHP Code:
//                if($info[0]["$ldapfield"][0] == $_POST[vb_login_md5password]) 
                if (@ldap_bind($ds$info[0]["dn"][0], $vbulletin->GPC['vb_login_password'])) 
It works like a champ.

zemic 10-17-2007 09:57 PM
Brill :up:

Mark Tomlinson 11-05-2007 03:14 PM
I had to make another brief modification.

Many of our users do not have a 'uid', but everyone has a 'cn'. So initially I changed the code just to look for "cn=" rather than "uid=". But I realize that may not be very flexible, so I eventually added a variable to ldapconfig.php called $ldapuid which can be set to "uid", "cn", or what-have-you. A quick change to one line in ldap_authentication.php uses the variable.
PHP Code:
            //ldap search using the username entered in the login form
//    ----    Modified by Mark Tomlinson - 10/19/2007 ----                
//            $sr=ldap_search($ds, $ldapdn, "uid=$_POST[vb_login_username]");
            $sr=ldap_search($ds$ldapdn"$ldapuid=$_POST[vb_login_username]");
//    ----    End Modifications    ---- 


All times are GMT. The time now is 07:01 AM.
Page 4 of 7 « First 23 4 56 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01238 seconds
  • Memory Usage 1,745KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (2)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete