vBulletin Ldap Authentication Plugin
 

I am using vbulletin for a long time now and before there was the plugin system introduces i hacked every single version of vb to enable ldap authentication. with the introduction of the plugin system i have written a little plugin that works in every version since VBulletin 3.5. This Plugin is the buyable VBulletin Ligh Authentication from http://www.sartori.at. now its FREE.

Since its working and i will not enhance this small plugin anymore, i will make it public. If there are any enhancements, i can put it into my versioning system and update this plugin.

In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.

If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.

in the admin or moderator panel no user is authenticated against the directory.

Requirements

• php with ldap support

Installation Notes:

1. copy ldapAuth directory to your vb forum installation directory
2. change the path to controller.php directory in ldap-plugin.xml
3. copy the hooks_ldap.xml to FORUM_ROOT/inclucdes/xml directory
4. in login.php search for:
   
   PHP Code:

   ---

   if ($vbulletin->GPC['vb_login_username'] == '')
         {
          eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
         } 


   ---

   insert below:
   
   PHP Code:

   ---

   ($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false; 


   ---

5. activate plugin system (if not done already) in admincp
6. in admin cp import the product at "Download / Upload" Plugins
7. in global.php search for:
   
   PHP Code:

   ---

   $show['nopasswordempty'] 


   ---

   and change:
   
   PHP Code:

   ---

   defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; 


   ---

   to:
   
   PHP Code:

   ---

   defined('DISABLE_PASSWORD_CLEARING') ? 0 : 1; 


   ---

8. configure the ldap settings in: ldapconfig.inc.php
9. test the product

Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell and Microsoft


I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal. :)

if anyone interested in working and extending this plugin take a look at http://overlord.fh-salzburg.ac.at/vblight/. I have installed a Wiki with SCM there. write me a message, and lets extend this baby.

How would you describe what this does so normal people can understand?

Interesting how there is 2 LDAP authentification mods released so close to each other. Not sure how the 2 compare but there is a complete explaination of what LDAP is and how it works here> https://vborg.vbsupport.ru/showthread.php?t=145188

More or less if you don't need it/use it already for other network related work there is no need for you to install it.

with my mod you can authenticate against a LDAP directory and not against the vbulletin user database.

i didnt want to release it some time ago. but since i do not have that much time anymore and alot of please want that stuff i release it now. when i have seen the lrease of zemic?s ldap authentication i thought "great" no need for mine anymore. but his plugin cannot authenticate against any ldap, so here is mine.

Though this is not something I can use at the moment it would be great if the 2 of you could come to terms and merge both into 1 product. The problem with VB.org is there tends to be 2, 3 or more sometimes of the same modification.

nice hack, but I'm not much of a file editor.. I like to just leave file edits out, especially when upgrades come out for vB. Nice hack though :D

i changed the name of the mod to: "vBulletin Ldap Authentication Plugin"

-malc

I still have no idea what this mod does

LDAP Authentication is basically used for people to have a server (Microsoft or Novell) many schools, colleges, university's, company's, LDAP stores the user's account details i.e. username, full name, password, address, folders etc

Basically LDAP Authentication Plugins will allow you to use your users details on your Microsoft or Novell Server for user authentication insted of your MySQL (etc) database. Would manly ideal for schools, colleges, unis, or companys who want to run a forum, but use the user's computer logon details to logon to the forum

Does a user still need to register? Or do they automatically get ability to login from existing LDAP credentials?

a user can authenticate with the existing ldap user data. no need for registering with vbulletin.

-fhs

includes/ldapAuth/controller.php line 104 shows:
includes/functions_login.php shows, line 134:
This is giving us an error:
Any recommendations?

Do you have LDAP support in php?

Yes, LDAP is showing in PHPINFO(). That took a bit of learning too, but the restart of the apache enabled the LDAP in PHP after doing the apt-get on php5-ldap module.

The problem as documented about is that the verify_authentication function is expecting 6 variables , and we are only sending 3 in the controller.php. Should we just send dummy values for the password varibles?

Not that I'm any expert on the subject but password is more than likely required.

In step 5, when I am trying to activate the plugin from admin control panel, what do I enter in the field "Plugin PHP Code" ?

Turn on the hooks system in the admincp, it should be on if you've imported any other plugins or products.

if I goto Admincp >> Plugins & products >> Add new plugin:

I specify:

Product: vBulletin
Hook location: ldap_login_hook
Title:Ldap plugin
Execution Order: 5
Plugin PHP Code: <<I dont know what ?>>
Plugin is Active: Yes

I see this to be the only way of activating the plugin, but since I dont have the Plugin PHP Code, it says "Please Complete All Required Fields"

Thanks for the help !

You need to add this to the product manager.

When I tried importing it from Product Manager, it gives following error message:
"This file appears to be a Plugin, not a Product. Please use the Plugin Manager to add this file."

So, I imported ./ldapAuth/ldap-plugin.xml and now it shows as plugin.........let me update you later.

Thanks :)

Hi,

i'm really new with this LDAP stuff but the LDAP server at my work does not support anonymous binds. Is that why this plugin is not working for me? I thought that when you put in your LDAP user name and password that you would be authenticating yourself that way.

Maybe ;)

I'm running Vbulletin on Fedora 7 :)

It shows as a plugin, within the "Plugin System". But, when I try to login to vBulletin with any credientials (correct or incorrect), it just keeps on waiting for the page to load.

I've made sure that all the settings in ldapconfig.inc.php are correct. Please let me know, what additional changes I should be making !

just looking for a little further info as to how this works with vBulletin? What I mean by this how does the security rights within vBulletin work with LDAP? Does LDAP just authenticate the password and then all other security is handled in vB with regards to forum access etc? If that is the case then is it an all or nothing? Just wondering what happens when a user is in LDAP but not setup on the board re access? or setup on the board but not in LDAP? ...hope that makes sense?

I installed everything as directed except when I try to log in on a blank page appears. This is occuring on the admincp panel as well. My company does not allow anonymous queries so I was given a username/pass for this specific project. Where would I use this information?

I've been trying to get this mod to work.

I've had to slightly alter it a bit to get it to work without needing anonymous queries. Now I've got it working to the point where it tries to create the user in vBulletin. When it get to this part of the controller.php file vBulletin gives me an error message saying Database error, the database has encountered a problem.

It happens when it tries to run the "$newuserid = $newuser->save();" command. Any ideas as to what the problem might be?

Downgrading for MySQL 5 to 4.1 fixed my problem.

Return from LONG vacation. Problems still exist. Here is current status.

a) Yes, LDAP is enabled per PHPInfo().

b) After hacking the calls to verify_authentication in includes/ldapAuth/controller.php the behaviour changes and we have varied success but new users cannot join.
Here are the changes applied:
The "dummy" variables were added to correct the function call.

Current Problem:
LDAP now works for one user (previously registered) and fails for another (never registered).
user kthompso is able to be deleted (via admincp or MySQL data row delete). User kthompso can then use LDAP to register and shows as logged in.

Another user (never having logged in before) is able to login with LDAP and it gives a success screen, but then returns to the NON-logged in screen. The user is NOT added to the vb_users table.

Why is ldapAuth/controller.php calling the variable with three parameters when 6 are required by includes/function_login.php

This LDAP integration is critical to our design. Any help is appreciated.

I'm currently having some problems getting this plugin to work as well - after logging in I only get to see an empty screen (...login.php?do=login)

If anyone has some advice or if anyone experienced this problem as well, please let me know...

Thanks in advance!

Anyone had any success modifying this to use ldap_bind instead? Then you would not have to use anonymous bind for Microsoft as an example. I've been playing around trying to change the ldap_connect to bind but not too much success unfortunately.

Cheers!

Nice hack, works like a charm. Except...

[S]I set up vBulletin with the usual "Admin" account. After adding the hack, I logged in as myself with my LDAP ID - which automagically created my user ID in the user database. Then I logged on as Admin again gave my user ID administrative permissions. (I'll be wanting to give a couple of other users subsets of admin privledges as well).

Well, what happens is that I can not log into the Admin CP with my LDAP ID.
* I can log into the forums with my LDAP ID just fine.
* And I can log into the Admin CP with 'Admin' just fine.
* But I can't log into the Admin CP with my LDAP ID.
* And I can't log into the forums with 'Admin'.
My theory here is that there is a different log-in process for the Admin CP and it is trying to verify my password against the vBulletin database.

Familiar with this problem? Am I just missing something?[/S]

Nevermind! Missed the comment in the description that says LDAP is not used for the admin or moderation control panels. That's not going to work for me. I need it to check the LDAP directory and the database in all cases. I will settle for just checking LDAP, but would rather it check both.

Sounds like I need to do some digging.

Thought I'd throw this out there for everyone's consideration. We're looking at using vBulletin for our intranet, so LDAP became very important. What also became important is that we remove any hint of anonymity. My LDAP ID, for instance, is A000657 - which says nothing about who I am. It would be far better if my full name appeared in my profile somewhere.

So here's what I did. I added a bit of code to controller.php that would retrieve my full name, location, and title from LDAP and stick them in the additional user profile fields. Then I went into the Admin CP and made sure the user can not modify these fields. Here's what the code looks like. The attributes "l", "title", and "fullName" may be different in your configuration.

Next up - plugging the full name and title in the signiture field.

A blank page usually indicates a PHP error. You will want to double check your work and look in the Apache error_log for a clue.

If you are absolutly sure that all the code is correct, then the problem might be that you don't have the LDAP extension in PHP. Check your php.ini file for "extension=php_ldap.dll". If it's not there, you may need to reinstall PHP and include the LDAP extension.

Gabbs - did you solve it? I am having the same problem and I dont have a clue.

he< guys, i am sorry i did not help anyone of you. was a really busy early/mid/end summer. i move to my new house, had wedding, was on honeymoon, at the university the winter semesters started, but now i do have more time again.

so anything i can help with, or any patch i should look at? any feature request?

thanks to those like, zachery, who helped others out of their problems. i read that one of you added that problem with displaying the "real" name. i solved that in another version of the plugin, probably ill add that stuff later on to this realease. (small database change and template change).

so then,

let the postin begin :)

-malc

you are runnign linux or windows? can you please post the error message from the httpd error log?

-malc

Does php have LDAP support compiled into it?