Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons

Reply
 
Thread Tools
vBulletin Ldap Authentication Plugin Details »»
vBulletin Ldap Authentication Plugin
Version: 1.00, by malcolmx malcolmx is offline
Developer Last Online: Mar 2020 Show Printable Version Email this Page

Category: Integration with vBulletin - Version: 3.6.10 Rating:
Released: 05-30-2007 Last Update: Never Installs: 44
Uses Plugins
Re-useable Code Code Changes Additional Files Translations  
No support by the author.

I am using vbulletin for a long time now and before there was the plugin system introduces i hacked every single version of vb to enable ldap authentication. with the introduction of the plugin system i have written a little plugin that works in every version since VBulletin 3.5. This Plugin is the buyable VBulletin Ligh Authentication from http://www.sartori.at. now its FREE.

Since its working and i will not enhance this small plugin anymore, i will make it public. If there are any enhancements, i can put it into my versioning system and update this plugin.

In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.

If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.

in the admin or moderator panel no user is authenticated against the directory.

Requirements
  • php with ldap support

Installation Notes:
  1. copy ldapAuth directory to your vb forum installation directory
  2. change the path to controller.php directory in ldap-plugin.xml
  3. copy the hooks_ldap.xml to FORUM_ROOT/inclucdes/xml directory
  4. in login.php search for:
    PHP Code:
    if ($vbulletin->GPC['vb_login_username'] == '')
             {
              eval(
    standard_error(fetch_error('badlogin'$vbulletin->options['bburl'], ....
             } 
    insert below:
    PHP Code:
    ($hook vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false
  5. activate plugin system (if not done already) in admincp
  6. in admin cp import the product at "Download / Upload" Plugins
  7. in global.php search for:
    PHP Code:
    $show['nopasswordempty'
    and change:
    PHP Code:
    defined('DISABLE_PASSWORD_CLEARING') ? 0
    to:
    PHP Code:
    defined('DISABLE_PASSWORD_CLEARING') ? 1
  8. configure the ldap settings in: ldapconfig.inc.php
  9. test the product


Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell and Microsoft


I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal.

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #42  
Old 10-28-2007, 08:45 AM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by grahamar View Post
Hi
I tried this plugin and followed the instructions but I get the following error:

Warning: ldap_search() [function.ldap-search]: Search: No such object in /ldapAuth/controller.php on line 37

Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in /ldapAuth/controller.php on line 38


I'm not technical at all - but line 37 in the code is this:

36: // search for the username and get the DN
37: $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter);
38: $searchResult=ldap_get_entries($ldapConnection,$se archDn);

Can any one offer some help as to how I can fix this. I would really like to get this working. We want touse VB within our intranet and LDAP is used extensively.

Thanks

Graham
hey,

please show me the content of the variables
Code:
$ldapBase
$ldapFilter
thanks

-malc
Reply With Quote
  #43  
Old 10-29-2007, 06:53 AM
fhs2006 fhs2006 is offline
 
Join Date: Apr 2006
Posts: 12
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

the error is in your $ldapBase.

the base is just: "dc=sun,dc=com"

all the other stuff like ?sub? (objectclass=*) has nothign to do with the deafault search base (=$ldapbase).

my script is searching for a specific user ($ldapFilter in controller.php) below the $ldapBase in your ldap directory.

if you want to want to add an (objectclass=*) to your search filter you have to add that to line 29 in controller.php
Code:
$ldapFilter = "(uid=" . $vbulletin->GPC['vb_login_username'] .")";
you do not have to add ?sub? to your query, because phps ldapsearch scope defaults to SUB.

-fhs
Reply With Quote
  #44  
Old 10-29-2007, 10:52 AM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

please user controller.debug.php and change in line 17 the debug output file location (if needed)
Code:
 if(defined('LDDEBUG')) { $fp=fopen('/tmp/apache.debug', "a+"); }
then show me the content of that file.

-malc
Reply With Quote
  #45  
Old 10-29-2007, 01:13 PM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by grahamar View Post
Hi Malc,

Just to confirm: Do you want me to run controller.debug.php from the browser after the login fails? or do you mean something else?

Graham
easiest you can do is:
  1. rename controller.php to controller.php.orig
  2. rename controller.debug.php to controller.php



-malc
Reply With Quote
  #46  
Old 10-29-2007, 02:39 PM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

please do me a favour:

on the linux commandline (if available) try the following:
ldapsearch -W -D "XXXX" -x -b YYYY -h ZZZZZZ "(uid=grahamar)"

exchange:
XXXX: the FULL DN to your username (e.g. uid=grahamar,ou=bla=o=buh)
YYYY: the ldap search base
ZZZZ: the ldap server ip

1) additional questions from my side:
is the wiki doing an ldapbind or is it comparing the hash values of the password?

2) are you sure you did all changes to the vbulletin php files as written in the INSTALL file?
especially:
PHP Code:
defined('DISABLE_PASSWORD_CLEARING') ? 0
to check that, add in the debug controller file below line 63
PHP Code:
 // bind to the ldap server with specified credentials (dn, password) 
the following piece of code:
PHP Code:
if(defined('LDDEBUG')) {
   
$pass $vbulletin->GPC['vb_login_password']; 
    
wrlog("++ your password  is:\t  $pass");

i dont have an working vb installation at home, but that should do fine. now if you login, you should see your password in plaintext in the debug output file. if this is not your password, please check all the installation steps.

-malc
Reply With Quote
  #47  
Old 10-29-2007, 02:43 PM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Mark Tomlinson View Post
Nice hack, works like a charm. Except...

[S]I set up vBulletin with the usual "Admin" account. After adding the hack, I logged in as myself with my LDAP ID - which automagically created my user ID in the user database. Then I logged on as Admin again gave my user ID administrative permissions. (I'll be wanting to give a couple of other users subsets of admin privledges as well).

Well, what happens is that I can not log into the Admin CP with my LDAP ID.
* I can log into the forums with my LDAP ID just fine.
* And I can log into the Admin CP with 'Admin' just fine.
* But I can't log into the Admin CP with my LDAP ID.
* And I can't log into the forums with 'Admin'.
My theory here is that there is a different log-in process for the Admin CP and it is trying to verify my password against the vBulletin database.

Familiar with this problem? Am I just missing something?[/S]

Nevermind! Missed the comment in the description that says LDAP is not used for the admin or moderation control panels. That's not going to work for me. I need it to check the LDAP directory and the database in all cases. I will settle for just checking LDAP, but would rather it check both.

Sounds like I need to do some digging.
just comment out the following code:
PHP Code:
// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
        return;

Reply With Quote
  #48  
Old 10-29-2007, 03:15 PM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

when your password is shown correctly then you should have done the install instructions.

i have to do some brainwork now... no idea where the problem could be.
Reply With Quote
  #49  
Old 10-31-2007, 04:10 PM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Code:
ldapsearch --help 2>&1 |grep W
  -W         prompt for bind password
-W is for password austhentication
-D is the full DN to your entity in the directory.

please test if this authentication works.

thanks

-malc

ps: i will be gone over the weekend. i am back on monday.
Reply With Quote
  #50  
Old 11-08-2007, 06:29 AM
grahamar's Avatar
grahamar grahamar is offline
 
Join Date: Oct 2007
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi Malc,

any update you can give to help proceed with this?

Thank you

Graham
Reply With Quote
  #51  
Old 11-11-2007, 11:16 AM
grahamar's Avatar
grahamar grahamar is offline
 
Join Date: Oct 2007
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi,

I now have LDAP working on another a Bulletin board from another Source.
I'll leave the situation of not being able to use LDap on vbulletin as it is.

Thanks for those who tried to help me.

Graham
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:38 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04558 seconds
  • Memory Usage 2,330KB
  • Queries Executed 28 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (4)bbcode_code
  • (9)bbcode_php
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete