[Mark Tomlinson]

Quote:

Originally Posted by cafelatte

Ok, I think I have narrowed my problem down.

I can't do an anonymous bind and refused access to the md5hash due to security reasons.

So, not I am looking to use a .htaccess mechanism, and have started to search the forum.
any recommendations???

Cafelatte,

You may want to try the method of binding using the user ID that I outline several posts above. Here is a reprise of the code.

PHP Code:

/**********
      *  DO NOT execute if one of the users is in VB and LDAP (list in
config file)
      ***********/
//    ----  Modified by Mark Tomlinson - 12/04/2007 ----
//    if($_POST[vb_login_username] != "$nosearch")
      if (($_POST[logintype] != 'cplogin')
      AND ($_POST[logintype] != 'modcplogin')
      AND ($_POST[vb_login_username] != '$nosearch'))
//    ----  End Modifications ----
      { 


PHP Code:

            if($info['count'] == '1')
            {
                //... check if the username and password entered in the login form are correct (in LDAP)
                //by default LDAP stores passwords in CRYPT format, but we'd need to know the plain text
                //password to check against CRYPT. VB converts the password into MD5 on form submission
                //and because we have the password already stored AS MD5 in LDAP, we can do this!
//    ----    Modified by Mark Tomlinson - 10/17/2007 ----
//                if($info[0]["$ldapfield"][0] == $_POST[vb_login_md5password])
                if ($_POST[vb_login_password] AND (@ldap_bind($ds, $info[0]['dn'], $_POST[vb_login_password])))
//    ----    End Modifications    ----
                { 


Also, however, you may find that you use CN for the user name instead of UID. In that case, make the following change and set $ldapuid to "cn".

PHP Code:

            //ldap search using the username entered in the login form
//    ----    Modified by Mark Tomlinson - 10/19/2007 ----                
//            $sr=ldap_search($ds, $ldapdn, "uid=$_POST[vb_login_username]");
            $sr=ldap_search($ds, $ldapdn, "$ldapuid=$_POST[vb_login_username]");
//    ----    End Modifications    ---- 


-- addendum --
And here is something very important that I forgot to mention before. This only works if the login form passes the password. To make that happen, you have to modify global.php (if anyone knows a better way, please let me know). Add the following anywhere near the top.

PHP Code:

// password will be passed in clear text
define('DISABLE_PASSWORD_CLEARING', 1); 


What it says is exactly what it means - the password will be passed in clear text. Not good. I know. Shouldn't be too much of an issue if your forum is SSL, but most aren't. I'm trying to find another way, but this is the only way for now.