vb.org Archive
Page 5 of 7 « First 34 5 67
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Integration with vBulletin - LDAP Authentication (https://vborg.vbsupport.ru/showthread.php?t=145188)

Mark Tomlinson 11-28-2007 09:19 PM
I need to make some corrections to my original posting about using the LDAP bind for authentication. Unfortunately, there were two errors in the code which was causing @ldap_bind to do an anonymous bind. If your directory does not allow anonymous, then the code would fail. If your directory does allow anonymous, then any password would work.

Here is the corrected code from ldap_authentication.php.
Code:
                                //... check if the username and password entered in the login form are correct (in LDAP)
                                //by default LDAP stores passwords in CRYPT format, but we'd need to know the plain text
                                //password to check against CRYPT. VB converts the password into MD5 on form submission
                                //and because we have the password already stored as MD5 in LDAP, we can do this!
//        ----        Modified by Mark Tomlinson - 11/28/2007 ----
//                                if($info[0]["$ldapfield"][0] == $_POST[vb_login_md5password])
                                if (@ldap_bind($ds, $info[0]["dn"], $_POST[vb_login_password]))
//        ----        End Modifications        ----
                                {
Also, this code has "dn" hard-coded into it. Your directory may need to use the CN or UID attributes. Chris has suggested that we can reuse $ldapfield for that purpose.

cafelatte 12-10-2007 07:12 PM
I'm a newbie, and seem to be technically challenged today.
Have installed vBulletin v3.6.8 PL2 on Solaris, w/Apache2.2, PHP5.2.4, and MySQL4.1.22.
vBulletin is working, but now I need to have LDAP support for Single Sign On authentication.

Ok, followed the simple instructions for installing the "ldapconfig.php",
but I'm stuck at step #3, where I "Add / Import the product (xml file)"

I logged in to the Admin CP, but don't see the Add/Import.
Down the left side I see:
- vBulletin Options
- Style & Template
- Language & Phrases
- FAQ
(and the list goes on)

I have expanded each and all sections, but nothing is jumping out at me
that says "Add/Import" Where is it???

Lost and wandering aimlessly.
Stacy

cafelatte 12-11-2007 05:43 PM
OK, I figured out the installation, but now its not authenticating known users?

any clues???

zemic 12-14-2007 02:24 PM
Usual culprits are UID field or no MD5 field. MD5 is not a standard LDAP field but most people create it. So if you only got CRYPT to store your passwords, this script wont work without some template changes (which is not recommended).

growler 12-14-2007 08:50 PM
Are there any logs to find out why a user isn't able to authenticate correctly? I'm using openldap for telnet/ssh access to the server, but I'm still trying to debug this plugin.

Thanks

cafelatte 12-14-2007 09:48 PM
Ok, I think I have narrowed my problem down.

I can't do an anonymous bind and refused access to the md5hash due to security reasons.

So, not I am looking to use a .htaccess mechanism, and have started to search the forum.
any recommendations???

Mark Tomlinson 01-07-2008 04:18 PM
Quote:
Originally Posted by cafelatte (Post 1401194)
Ok, I think I have narrowed my problem down.

I can't do an anonymous bind and refused access to the md5hash due to security reasons.

So, not I am looking to use a .htaccess mechanism, and have started to search the forum.
any recommendations???
Cafelatte,

You may want to try the method of binding using the user ID that I outline several posts above. Here is a reprise of the code.
PHP Code:
/**********
      *  DO NOT execute if one of the users is in VB and LDAP (list in
config file)
      ***********/
//    ----  Modified by Mark Tomlinson - 12/04/2007 ----
//    if($_POST[vb_login_username] != "$nosearch")
      if (($_POST[logintype] != 'cplogin')
      AND ($_POST[logintype] != 'modcplogin')
      AND ($_POST[vb_login_username] != '$nosearch'))
//    ----  End Modifications ----
      
PHP Code:
            if($info['count'] == '1')
            {
                //... check if the username and password entered in the login form are correct (in LDAP)
                //by default LDAP stores passwords in CRYPT format, but we'd need to know the plain text
                //password to check against CRYPT. VB converts the password into MD5 on form submission
                //and because we have the password already stored AS MD5 in LDAP, we can do this!
//    ----    Modified by Mark Tomlinson - 10/17/2007 ----
//                if($info[0]["$ldapfield"][0] == $_POST[vb_login_md5password])
                if ($_POST[vb_login_password] AND (@ldap_bind($ds$info[0]['dn'], $_POST[vb_login_password])))
//    ----    End Modifications    ----
                
Also, however, you may find that you use CN for the user name instead of UID. In that case, make the following change and set $ldapuid to "cn".

PHP Code:
            //ldap search using the username entered in the login form
//    ----    Modified by Mark Tomlinson - 10/19/2007 ----                
//            $sr=ldap_search($ds, $ldapdn, "uid=$_POST[vb_login_username]");
            $sr=ldap_search($ds$ldapdn"$ldapuid=$_POST[vb_login_username]");
//    ----    End Modifications    ---- 
-- addendum --
And here is something very important that I forgot to mention before. This only works if the login form passes the password. To make that happen, you have to modify global.php (if anyone knows a better way, please let me know). Add the following anywhere near the top.
PHP Code:
// password will be passed in clear text
define('DISABLE_PASSWORD_CLEARING'1); 
What it says is exactly what it means - the password will be passed in clear text. Not good. I know. Shouldn't be too much of an issue if your forum is SSL, but most aren't. I'm trying to find another way, but this is the only way for now.

Andy Pace 03-11-2008 02:29 PM
Has anyone got this to work with Active Directory? If so, mind lending some insight? :)

I have also set this module up correctly as far as I can tell, but I'm not seeing anything in the security event log on the domain controller...

SteveCoppin 03-12-2008 02:21 PM
Does this LDAP mod also sit on top of admincp and modcp? Currently using another mod that doesn't and it's causing some headaches..

oasi 03-31-2008 10:15 AM
Great work folks, I've tried the plugin with Mark's modifications to the CRYPT "problem" and it works...

Now, I see a little problem, we want to perform always the login towards the LDAP, so if the user changes his password in the userCP, this password isn't going to be valid.

You know if it's possible to deactivate some UserCP fields (in our case, the password and possibly the e-mail) ?

Thanks in advance


All times are GMT. The time now is 06:49 AM.
Page 5 of 7 « First 34 5 67
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01669 seconds
  • Memory Usage 1,759KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (4)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete