Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
LDAP Authentication Details »»
LDAP Authentication
Version: 1.1, by zemic zemic is offline
Developer Last Online: Apr 2010 Show Printable Version Email this Page

Category: Integration with vBulletin - Version: 3.6.5 Rating:
Released: 04-17-2007 Last Update: 05-20-2007 Installs: 38
Uses Plugins
Additional Files  
No support by the author.

I've been using Vbulletin for a few years, and have had some great modifications from this community, so having had to recently integrate Vbulletin with LDAP for my University discussion boards I decided to release this as a modification. This is my present to the community .

Description:

LDAP authentication for Vbulletin.

How it works:

This does not modify Vbulletin files or Vbulletin login code in anyway. We simple stick some script infront of the login process so we can validate against LDAP. Below is a breakdown of what this thing does:
  • First looks to see if login form has been submitted
  • Checks if it should look up "this" user in LDAP (defined in ldapconfig)
  • Queries LDAP for the username
    • If user is returned check if VB MD5 password matches LDAP MD5 password
      • If it does, check the VB user table to see if the user is already in the table. If yes, update VB user table password with LDAP password by encrypting MD5 password with the users 'salt' key
      • If not, create a new user in database using VB classes/functions.
    • If user/pass do not match in LDAP then check if user is in VB user table.
      • If they are, change the password to something random so they cannot login with an old password
  • If a user is not returned from LDAP, assume the user has registered on the boards in the normal way and dont do anything to the VB user table.
Requirements:

The requirements are based on the system we use. It may / may not work with other Vbulletin versions:
  • PHP 4.3+
  • LDAP System
  • uid (username), mail (email address), and a field containing MD5 password
Installation:
  1. Download and unzip the file
  2. Edit "ldapconfig.php" and then upload into your "includes" folder
  3. Login to Admin CP and Add / Import the product (xml file)
Extra Info / Future Plans / Help:

This LDAP integration script currently requires you to have an LDAP field with the users password stored as MD5. From my understanding, CRYPT is the default password storage for LDAP so some of you may not have an MD5 field in LDAP with the users password encrypted as MD5.

It would be possible to modify the script to check against CRYPT, but it would also require a template edit as the login form converts the password field "onSubmit" to MD5. I did not do this because we already have the MD5 in LDAP as we use it on a number of different system already, and I did not want to change VB templates.

Also, I was unable to find documentation on doing a script / releasing a modification, so in future if someone could explain to me or change the script slightly to allow editing of LDAP configuration file within ADMIN CP interface, that would be great. This would also mean not having to upload a file into the includes folder.

I'm sure there will be something I havent thought of, or will make it easier if this script had this and that, so feel free to post your ideas, and suggestions on improving this modification.

Important Info:
Hack is provided free of charge (but if you really want to get rid of money PM me ). I make no guarantee it will work on your system, but it does on mine with 15,000 users .

Version:
  • 1.1 - You can now specify the field to authenticate against in ldapconfig.php (19/05/2007)
  • 1.0.1 - Corrected 'mysql_num_rows' query to use VB DB class call (19/04/2007)
  • 1.0 - First release (18/04/2007)
Hope its useful for some of you :up:

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #22  
Old 04-22-2007, 06:42 AM
Iceboxer Iceboxer is offline
 
Join Date: Jan 2006
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi, Zemic:

Brilliant bit, thanks (for those of us desperately trying to integrate VB with a CMS)...may I ask what Directory Server you are using? Red Hat, or Sun, or...? I note you mentioned Active Directory as something you are clearly NOT using. Did you write your own directory server?

Second, do I take it from your explanation that your hack authenticates but does not populate the directory?

Thanks,

Iceboxer
Reply With Quote
  #23  
Old 04-22-2007, 06:23 PM
zemic zemic is offline
 
Join Date: Sep 2004
Posts: 47
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Iceboxer View Post
Hi, Zemic:

Brilliant bit, thanks (for those of us desperately trying to integrate VB with a CMS)...may I ask what Directory Server you are using? Red Hat, or Sun, or...? I note you mentioned Active Directory as something you are clearly NOT using. Did you write your own directory server?

Second, do I take it from your explanation that your hack authenticates but does not populate the directory?

Thanks,

Iceboxer
Thanks !

You could integrate the code with pretty much anything i.e. a CMS. Just change the bit of code that speaks to VB to talk to your CMS. Making a connection to LDAP, authenticating etc. is standard PHP/LDAP code, nothing fancy. Read through the plugin code. I've commented on every bit of the login process.

We are on SUN systems, with the look of bringing in Active Directory during this year (not my idea! those upstairs ). I didnt write the directory server and im not responsible for any part of the LDAP system. Leave the headache of that to the system admins , but I know we have extra fields over a standard "installation" of LDAP i.e. MD5.

As mentioned earlier.......Ideally this script would authenticate against CRYPT, but without changing Vb code it wont. *I THINK* most establishments that use ldap will have the password stored in MD5 as well as crypt anyway, so this is probably not as big of an issue as I think it is, but I point it out incase someone scratches their heads for hours trying to figure out why this script might not work with their system. I can post some extra CRYPT instructions if neccessary.

My hack does not change anything in LDAP. I assume that LDAP is always correct. We have other tools to change password in LDAP so this was not needed. If you want to though, you could add a bit of code so that when the user changes his/her password in Vbulletin it would update LDAP, but here, I've removed the link to "Change Password" from USER CP in Vbulletin just incase the users get confused; we have another website/tool for users to manage their computer account.
Reply With Quote
  #24  
Old 04-23-2007, 06:18 AM
Iceboxer Iceboxer is offline
 
Join Date: Jan 2006
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Zemic:

Thanks again. I'm struggling to "get" the LDAP concept - not so much in straight-up validation, LDIF, etc., but in populating the Directory db in an automatic fashion and in figuring out how to make this work regardless of which (VB, my CMS, etc.) program is used for user registration - which from your earlier posts, isn't a problem with which you've had to concern yourself. :-)

I'm slogging through some tutorials on LDAP now, and hopefully I can figure this out. :erm: However, that being said, it's a GREAT help to those of us out here trying to create fully integrated sites to have this Add-on from you, and I just wanted to express my gratitude...it's made my day to see this here.

Thx,

Iceboxer
Reply With Quote
  #25  
Old 04-23-2007, 07:24 AM
zemic zemic is offline
 
Join Date: Sep 2004
Posts: 47
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No problem, if its useful for someone other than me then thats made my day . I've not populated LDAP myself before so dont think I could be of any help. We have other (mainly payroll) type software / system to do that automatically, as well as perl scripts which can be run on a server - code written "in-house" by other people so cannot share im afraid.

Let me know how you get on. :up:
Reply With Quote
  #26  
Old 04-30-2007, 07:22 AM
fhs2006 fhs2006 is offline
 
Join Date: Apr 2006
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i am sorry to say, but as long as i have to use md5 in ldap so the hashes match, this thing is not really useful. most of the time, people want to use an existing ldap directory, where 99% of the time another password mechanism is used (crypt, sha1). i stick with the plugin from www.sartori.at
Reply With Quote
  #27  
Old 04-30-2007, 08:00 AM
zemic zemic is offline
 
Join Date: Sep 2004
Posts: 47
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Like I said in a previous post, this could be modified to work with CRYPT. All that is required is changing the VBulletin login form (template) so it doesnt MD5 the password as soon as you hit enter ( I would need to look into possibility of this breaking something else) or leave the MD5 thing, and pass plain text password, or crypt the password on submit. A simple template edit would do this.

Give me a couple of days to fit this in around work and I'll do it.

Cant see what that script at the above URL does any different to mine. If you've got the code to share, or could give me a hint, I'm sure I could add something into mine to do the same. Could save people 100euro's
Reply With Quote
  #28  
Old 04-30-2007, 08:03 AM
fhs2006 fhs2006 is offline
 
Join Date: Apr 2006
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

yes i do have the code, because i bought this plugin. but to be honest, i will not share the code. it would not be fair towards the developer. selling php code is always pain in the ass and a developer who sells his piece of code trusts his customers.
Reply With Quote
  #29  
Old 04-30-2007, 08:50 AM
zemic zemic is offline
 
Join Date: Sep 2004
Posts: 47
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Fair enough .

If anyone has feature requests, just reply to the topic or PM me.
Reply With Quote
  #30  
Old 05-24-2007, 07:17 PM
David_McPherson David_McPherson is offline
 
Join Date: Oct 2002
Posts: 166
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Zemic,
You have no idea what this means for me at this moment.. If I can get this to function I'll be a happy, happy man.

I'm getting this... when I attempt to login with a known user in our LDAP system.
Code:
Fatal error: Call to undefined function: ldap_connect() in D:\Intranet\links\forum\global.php(356) : eval()'d code on line 25
Idea? And... I cannot even log into the forum under my admin to reverse the process.
Reply With Quote
  #31  
Old 05-24-2007, 09:51 PM
zemic zemic is offline
 
Join Date: Sep 2004
Posts: 47
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hello !

To me, that looks like your running PHP in a Windows environment, and it doesnt support LDAP. I've just downloaded my code again from here just incase I'd done a little mistake in the code after a recent update, but deffo havent.

To remove the Product / Plugin you'll need to edit your config.php file to disable plugins. I'll have a search on the forums for the variable to put into your config.php now, because I cant remember off the top of my head....
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:13 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10868 seconds
  • Memory Usage 2,317KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete