vb.org Archive
Page 6 of 7 « First 45 6 7
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Integration with vBulletin - LDAP Authentication (https://vborg.vbsupport.ru/showthread.php?t=145188)

SteveCoppin 04-01-2008 08:24 AM
Quote:
Originally Posted by oasi (Post 1478953)
You know if it's possible to deactivate some UserCP fields (in our case, the password and possibly the e-mail) ?
Thanks in advance
I couldn't find anywhere in the admincp to turn this off so as a temporary fix I have commented out the link from the usercp template. The page still exists, but it's unreachable unless you know the link. I'm sure you could edit the templates elsewhere too to remove the fields from the page and display a sensible message.

I'm not using this mod yet, I am using another one for LDAP. Could you tell me oasi (as someone who has installed the mod), does this one store the password in the database? Also, does it use LDAP to authenticate for modcp and admincp?

Mark Tomlinson 04-01-2008 04:20 PM
Quote:
Originally Posted by oasi (Post 1478953)
Great work folks, I've tried the plugin with Mark's modifications to the CRYPT "problem" and it works...

Now, I see a little problem, we want to perform always the login towards the LDAP, so if the user changes his password in the userCP, this password isn't going to be valid.

You know if it's possible to deactivate some UserCP fields (in our case, the password and possibly the e-mail) ?

Thanks in advance
Actually, if the user changes his or her password it's irrelevant. The plug in updates the password every time the user logs into the forums, just before vBulletin checks it. If the user passes LDAP authentication, the password and salt are MD5 hashed and stuck in the database so that vBulletin's log-in process will be successful. If the user does not pass LDAP authentication, garbage is stuck in the database so that vBulletin's log-in process will fail.

Still, it's probably a good idea to not imply that the user can update his or her password through vBulletin. I can imagine the Help Desk calls now. Since my workplace also won't allow the user to change his or her e-mail address, I've made the following code changes - it may or may not work for you. I just commented out blocks of code. Note that there are already comment tags in modifyprofile and I had to replace them with x!-- and --X to make this work.

Since I'm just a lowly user of the plug-in as well, I'd love to here what other people are doing about this.

USERCP_SHELL
PHP Code:
<!-- Commented out by Mark Tomlinson4/1/2008
<tr>
    <td class="$navclass[password]nowrap="nowrap"><class="smallfont" href="profile.php?$session[sessionurl]do=editpassword">$vbphrase[edit_email_and_password]</a></td>
</tr>
--> 
modifyprofile
PHP Code:
<!-- commented out by Mark Tomlinson4/1/2008
<table class="tborder" cellpadding="$stylevar[cellpadding]cellspacing="$stylevar[cellspacing]border="0" width="100%" align="center">
<tr>
    <td class="tcat">$vbphrase[edit_profile]<span class="normal"$bbuserinfo[username]</span></td>
</tr>
<tr>
    <td class="thead">$vbphrase[registration_required_information]</td>
</tr>
<tr>
    <td class="panelsurround" align="center">
    <div class="panel">
        <div style="width:$stylevar[formwidth_usercp]align="$stylevar[left]">
            
            <fieldset class="fieldset">
                <legend>$vbphrase[email_and_password]</legend>
                <table cellpadding="0" cellspacing="$stylevar[formspacer]border="0" width="100%">
                <tr>
                    <td>$vbphrase[click_button_below_edit_email]</td>
                </tr>
                <tr>
                    <td>
                        x!-- don't remove --x
                        <input type="image" src="$vboptions[cleargifurl]" width="1" height="1" />
                        x!-- / don't remove --x
                        <input type="submit" class="button" style="font-weight:normal" value="$vbphrase[edit_email_and_password]name="gotopassword" />
                    </td>
                </tr>
                </table>
            </fieldset>
            
            <if condition="$bbuserinfo['coppauser']">
            <fieldset class="fieldset">
                <legend><label for="tb_parentemail">$vbphrase[parent_guardian_email]</label></legend>
                <table cellpadding="0" cellspacing="$stylevar[formspacer]border="0" width="100%">
                <tr>
                    <td>$vbphrase[if_under_13_provide_parent]</td>
                </tr>
                <tr>
                    <td>
                        $vbphrase[parent_guardian_email]<br />
                        <input type="text" class="bginput" name="parentemail" id="tb_parentemail" size="50" maxlength="30" value="$bbuserinfo[parentemail]/>
                        <input type="hidden" name="coppauser" value="1" />
                    </td>
                </tr>
                </table>
            </fieldset>
            </if>
            
            <if condition="$show['birthday_required']">
                $birthdaybit
            </if>
        
            $customfields[required]
            
        </div>
    </div>
    </td>
</tr>
</table>

<br />
End modificationsMark Tomlinson4/1/2008 --> 

snunhuck 04-03-2008 12:18 PM
Quote:
Originally Posted by Andy Pace (Post 1462293)
Has anyone got this to work with Active Directory? If so, mind lending some insight? :)

I have also set this module up correctly as far as I can tell, but I'm not seeing anything in the security event log on the domain controller...
I'll try to :)

oasi 04-08-2008 05:43 AM
Hi again!

I'm having a problem with the autentication, I'm trying to find what happens, but I've put some error_log sentences that doesn't seem to work...

The problem is that the users only can be authenticated if they use a valid LDAP user name and set as password the user name again.

I only see on the error log this:

[08-Apr-2008 08:42:14] PHP Parse error: syntax error, unexpected ')' in /aplicacions/vbulletin/upload/global.php(384) : eval()'d code on line 48

I'm usign vbulletin 3.7 RC2
Some idea?

oasi 04-08-2008 10:21 AM
Ops!
It was my fault :D

But there's an other problem...
Now my administrators/moderators can't login to the admin interface/moderation interface, because the DISABLE_PASSWORD_CLEARING thing doesn't work with these validation forms.

I tried to set this definition in admin/global.php and modcp/global.php but the passwords continue to pass MD5 codified (and empty value in the vb_login_password var).

I know that i can put these login in the ldapconfig.php field to skip the LDAP validation, but there could be other way to perform this??

Thanks

Mark Tomlinson 04-10-2008 04:15 AM
Quote:
Originally Posted by oasi (Post 1485811)
Ops!
It was my fault :D

But there's an other problem...
Now my administrators/moderators can't login to the admin interface/moderation interface, because the DISABLE_PASSWORD_CLEARING thing doesn't work with these validation forms.

I tried to set this definition in admin/global.php and modcp/global.php but the passwords continue to pass MD5 codified (and empty value in the vb_login_password var).

I know that i can put these login in the ldapconfig.php field to skip the LDAP validation, but there could be other way to perform this??

Thanks
Crap. I didn't post all of the code. I will correct post #47, above. But here is the piece I missed.
PHP Code:
/**********
      *  DO NOT execute if one of the users is in VB and LDAP (list in
config file)
      ***********/
//    ----  Modified by Mark Tomlinson - 12/04/2007 ----
//    if($_POST[vb_login_username] != "$nosearch")
      if (($_POST[logintype] != 'cplogin')
      AND ($_POST[logintype] != 'modcplogin')
      AND ($_POST[vb_login_username] != '$nosearch'))
//    ----  End Modifications ----
      
What this does is avoid going through LDAP authentication for the admin and moderator control panels.

Why, you ask? What Zemic's plug-in does is put an MD5 hash of your password into the vBulletin database if you pass LDAP authentication, or garbage if you don't pass LDAP authentication. Then it returns control to vBulletin, who goes through the usual authentication process and MD5 hashes the password and compares it to the hash on file. Therefore, assuming that the moderators and admins sign into the forum first and the correct LDAP password hash is in the database, the admin and moderator sign-in pages don't have to go through this process again.

The only time this doesn't work is if the admin or moderator changes their LDAP password and then goes to the control panel without signing onto the forum. And that can happen if they check the "Remember Me" box for the forums. I haven't worked out a solution to that yet.

Suggestions welcome.

oasi 04-10-2008 11:42 AM
It also fails if you erase some user from your LDAP directory but not from the forums I think...

I was trying to do a mix between the zemick's solution and the one from sartori's, but I'm having a basic/weird problem.

I can't access the $vbulletin var, I do an isset and it is, but I print_r his value and is '1'.
I've seen you access it, and I think it's better than $_POST without processing, so, you know what could I be doing wrong?

Here is the code to test it in my xml file:

PHP Code:
<phpcode><![CDATA[//if the login form has not been submitted dont execute the code
define('THIS_SCRIPT''functions_ldap.php');
require_once('./global.php');
if (isset($vbulletin->GPC)){error_log("->".print_r($vbulletin->GPC),0);}
if(isset($_POST[vb_login_username])) {
... 
It prints '1' on my error_log, I've tried without the require for global.php, and it's the same result...

Thanks again

khan2002 10-16-2008 11:27 AM
Hello

Does anyone run this plugin on a 3.7 Forum?
I try it since days with no effort.

No error messages, the only thing I get is user unkown if i try to login with a user saved in ldap
No way to login, neither to register in ldap.

Mark Tomlinson 10-22-2008 02:37 PM
Quote:
Originally Posted by khan2002 (Post 1646269)
Hello

Does anyone run this plugin on a 3.7 Forum?
I try it since days with no effort.

No error messages, the only thing I get is user unkown if i try to login with a user saved in ldap
No way to login, neither to register in ldap.
I'm running it successfully in vBulletin 3.7.2.

asiegel 02-11-2009 07:14 PM
Hi,

I was wondering if this addon works as expected in v3.8 of vbulletin

Any feedback is appreciated!

Thanks,
a


All times are GMT. The time now is 03:15 PM.
Page 6 of 7 « First 45 6 7
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02397 seconds
  • Memory Usage 1,819KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_php_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete