vBulletin Ldap Authentication Plugin 1.0.1
 

This is a very small plugin for enabling ldap authentication for vBulletin Suite 4. The original version is from www.sartori.at.

if you need any help installing the plugin, please post into this thread here.

if you need any extra changes i will modify the plugin for extra charge.

In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.

If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.

in the admin or moderator panel no user is authenticated against the directory.

Requirements

• php with ldap support

Installation Notes:

1. copy ldapAuth directory to your vb forum installation directory
2. change the path to controller.php directory in ldap-plugin.xml
3. copy the hooks_ldap.xml to FORUM_ROOT/includes/xml directory
4. in login.php search for:
   
   PHP Code:

   ---

   if ($vbulletin->GPC['vb_login_username'] == '')
         {
          eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
         } 


   ---

   add hook after if statement, becomes:
   
   PHP Code:

   ---

   (if ($vbulletin->GPC['vb_login_username'] == '') 
{ 
  eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], .... 
} 
($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false; 


   ---

5. activate plugin system (if not done already) in admincp
6. in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'
7. recheck if the include for controller.php is right
8. in includes/class_bootstrap.php search for:
   
   PHP Code:

   ---

   $show['nopasswordempty'] 


   ---

   and change:
   
   PHP Code:

   ---

   defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; 


   ---

   to:
   
   PHP Code:

   ---

   defined('DISABLE_PASSWORD_CLEARING') ? 0 : 1; 


   ---

9. configure the ldap settings in: ldapconfig.inc.php
10. test the product

Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell and Microsoft


I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal. :)

vBulletin 3.6 version

Does this support native vb functions such as changing password, username or email address?

hello,

since this addon does not use vb functions to authenticate the users, those features are not available. if you want to change passwords / email addresses in your ldap / active directory then use
software that is available on the open source market.

if you want ldap functions implemented in vBulletin, you need another addon or need a request for paid services.

greetings

-malc

A few things that could be more clear on the installation notes:

4. in login.php search for:

add hook after if statement, becomes:
6. in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'

thanks for the suggestions. changes made!

-malc

Dear malcolmx !

Thanks for your plugin. Now I want to a question for you: How to config plugin if my LDAP don't allow anonymous queries.

Because my company don't allow anonymous queries.

Please help me !!!

as there habe been alot of questions for this feature (in the "old" plugin, too) i will add it to the code. see it online within 2 days.

kind regards

-malc

Oh ... I'm feeling happy with your answer. I will waiting for your plugin. I donate this plugin :).
Thanks so much

I hope this helps but I modified the controller.php so you can bind a username and password, so you do not need to open your ldap server.

My changes are below.

Add the following at

For every instance of $ldapConnection add the follow below the line. Should be two instances.
Make some changes to the if else statement, delete or comment out the following and change one variable.
Now you should be able to connect to a more secure ldap server. Anonymous queries against my AD makes it hard for me to sleep at night.

Oh thanks danlavu. I will check it.

I can't connect to my LDAP with danlavu's code.

Dear Malcolmx,

I'm waiting your new plugin. I hope it will successful.

If you want, pastebin what you have and I can take a look at it, because its working fine for me. Also if you modify controller.debug.php and make the changes, it'll give you a lot more information on what the error is, if you can pastebin that I certain i can help you get it working.

Dear danlavu,

Thanks for support. Can you send me your "controller.php" file you have repair it or you send me your plugin you config.

Thanks so much

Dracula,

I found a bug in my code, if I can it working without this bug I'll post a solution but in the meanwhile please disregard my solution, it allows users to login as long as they match a username in ldap, no actual authentication occurs.

So I apologize for prematurely posting any code.

Dan

OK, I finally got it working properly, here is my controller.php and ldapconfig.inc.php

controller.php (modified ldap parameters to bind to a database, and because I'm using AD, I changed my search filter to 'samaccountname' instead of uid.
ldapconfig.inc.php (Add user bind and pass variable)
I hope this helps.

For those of you using OpenLDAP, you may need to specify:

Immediately following your call to ldap_connect. This will avoid a protocol error when binding.

Also that whole second connect/bind/search just to get the email address isn't necessary -- we already have in $searchResult. So just do:

i am sorry, that i am was not that active in the last weeks. lots of work to do :( thanks for every one helping the other vbulletin users!

-malc

Just to help others, it's important to check that you have the php_ldap module, your php info should show something like this:
https://vborg.vbsupport.ru/external/2010/03/47.jpg

But I am currently having this problem:
Any idea?

show me the contents of the ldapconfig file.
-malc

Here is :)

Tried this with vbulletin 4-0-2 Patch Level 1 and Server 2003 AD with no luck. Installed Haqa's LDAP mod version 1.5 (which I had previously used with version 3.8.2 without issues) and it worked on the first try without any other tweaking:

https://vborg.vbsupport.ru/showthread.php?t=196596

can ldap login work while also enabling non-ldap users to register ? Even if registration is done manually by the administrator? I like to have users who are'nt on the ldap directory to be able to be members of the forum. Any help would be much appreciated.

thanks

I might have found a solution.

I have changed the 'Hook Location' for the Ldap plugin from 'ldap_login_hook(ldap)' to 'login_failure'. I presumed that this would force it to login as usual and on failure it will try ldap. This works now.

Can you see any problems with this?

These are the worst instructions I have encountered in a long time. Your target audience varies, I am not stupid, and there doesnt seem tot be that many steps, yet this thread is unclear and I couldnt get it to work. I will move on to another LDAP plugin in hopes it works. Would be great if you could write them step by step.

The are the worst instructions. Why write a program if you arent taking the time to write instructions properly. I will review other ldap plugins.

jgarland,

That is completely unnecessary, a lot of people here do this on their spare time and all we're trying to do is help. So why don't we help you get it working, because it does work and you can contribute like the rest of us and write some better documentation?

Auth works but fails to create the user if the user does not already exist in vB, so you get logged out as soon as it redirects after logging in.

Hi,

I have tried this add on in 4.0.0 and i'm it is not functioning.
Is there a log file i can check to see if it trying to log onto the server? how can i troubleshoot this?

Keith

I have the same request. Is there any way to debug the process?

Dave

I'm sure this has been asked (and hopefully solved) somewhere, but I'm not having luck with my searches here or on Google. What I'd really like is a full complete LDAP solution for vBulletin. This LDAP mod is great, but only integrates the login and nothing else. Is there a full integration hack somewhere or do I need to hack it up myself? Or do most people use some sort of central account management hub on their sites and disable the broken pieces? i.e. multiple subdomains for each piece: account.mycoolsite.com, forum.mycoolsite.com, www.mycoolsite.com

Thanks! Looking forward to feedback.

Jeff

Does this mod allow for LDAPS (secure LDAP)? I am trying with OpenLDAP and have no idea how I would set encryption types, certs, etc.
Any help would be much appreciated, thanks.

Hi,
I've been through the steps and added the code and put the files in the places told. When i try log in i get the error shown below right at the top of the window. Could you give me some suggestions to try?

Cheers Ben

"Warning: include(/Forums/ldapAuth/controller.php) [function.include]: failed to open stream: No such file or directory in [path]\login.php(109) : eval()'d code on line 1

Warning: include() [function.include]: Failed opening '/Forums/ldapAuth/controller.php' for inclusion (include_path='.;C:\xampp\php\pear\') in [path]\login.php(109) : eval()'d code on line 1"

Please help me, I install this mod and work perfect, but I need give administrator privileges to an Active Directory User, and when I try to enter with this user to Admin Panel, dispay the error on user or password.

I Think this is because in controller.php are this condition:

// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
return;
}

How fix this that when this user try to access to admin panel, work.

Tanks a lot.

Same

I've updated the code from this add-on to include the code for authenticated (non-anonymous) binds, and well as having added the ability to keep the in-database password in-sync with the password stored in LDAP. The allows the user to use the same password for the admin/mod control panels as they do for the forum main pages.

There are a few things I'd like to do in the near future:

1. Update LDAP password from vB profile update page.
2. Update email from vB profile update page
3. Update email from LDAP front-end.

Please take these code changes and let me know what you think.

Hello,
Does anyone know if this plugin has been worked on recently? I've followed the directions and notes from this thread fairly extensively but still cannot get it to work entirely.

Using: AD, ldapAuth_1.0.2 (non-anonymous)

I can verify that my credential is binding correctly. However when I try to log in, i see the following errors:

controller.php
ldapconfig
Any Ideas?

thank you for this mod, its little complicated but i'm trying to learn more about it.

as i know ldap mostly used for emails (microsoft outlook)

Hi there,
I have downloaded the plugin and done up to point 5 but I don't understand point 6 (in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'

Where do I find this?

Frustrated
thanks

I noticed that malcolmx has a supported tag on this. Has anyone had success installing it on 4.2?