Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons

Reply
 
Thread Tools
vBulletin Ldap Authentication Plugin Details »»
vBulletin Ldap Authentication Plugin
Version: 1.00, by malcolmx malcolmx is offline
Developer Last Online: Mar 2020 Show Printable Version Email this Page

Category: Integration with vBulletin - Version: 3.6.10 Rating:
Released: 05-30-2007 Last Update: Never Installs: 44
Uses Plugins
Re-useable Code Code Changes Additional Files Translations  
No support by the author.

I am using vbulletin for a long time now and before there was the plugin system introduces i hacked every single version of vb to enable ldap authentication. with the introduction of the plugin system i have written a little plugin that works in every version since VBulletin 3.5. This Plugin is the buyable VBulletin Ligh Authentication from http://www.sartori.at. now its FREE.

Since its working and i will not enhance this small plugin anymore, i will make it public. If there are any enhancements, i can put it into my versioning system and update this plugin.

In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.

If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.

in the admin or moderator panel no user is authenticated against the directory.

Requirements
  • php with ldap support

Installation Notes:
  1. copy ldapAuth directory to your vb forum installation directory
  2. change the path to controller.php directory in ldap-plugin.xml
  3. copy the hooks_ldap.xml to FORUM_ROOT/inclucdes/xml directory
  4. in login.php search for:
    PHP Code:
    if ($vbulletin->GPC['vb_login_username'] == '')
             {
              eval(
    standard_error(fetch_error('badlogin'$vbulletin->options['bburl'], ....
             } 
    insert below:
    PHP Code:
    ($hook vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false
  5. activate plugin system (if not done already) in admincp
  6. in admin cp import the product at "Download / Upload" Plugins
  7. in global.php search for:
    PHP Code:
    $show['nopasswordempty'
    and change:
    PHP Code:
    defined('DISABLE_PASSWORD_CLEARING') ? 0
    to:
    PHP Code:
    defined('DISABLE_PASSWORD_CLEARING') ? 1
  8. configure the ldap settings in: ldapconfig.inc.php
  9. test the product


Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell and Microsoft


I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal.

Supporters / CoAuthors

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #72  
Old 05-06-2008, 07:43 AM
j_ainsworth j_ainsworth is offline
 
Join Date: Apr 2008
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

123
Reply With Quote
  #73  
Old 05-06-2008, 09:37 AM
j_ainsworth j_ainsworth is offline
 
Join Date: Apr 2008
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have managed to figure out ldp.exe and have now got anonymous searchs working against our Active Directory
However still having trouble with this mod.

I have modified the controller so
$ldapFilter = "(sAMAccountName=" . $vbulletin->GPC['vb_login_username'] .")";
using ldp.exe I can do the above search ok

Using the debug controller I can see it hangs at
$searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter);

If I add a line before it
if(defined('LDDEBUG')) { wrlog("++ presearch /t $ldapConnection,$ldapBase,$ldapFilter"); }
I get this in my log file
++ presearch /t Resource id #15,dc=thebookpeople,dc=com,(sAMAccountName=test98 7)

ANy ideas, desperate for this to work!

Cheers
John
Reply With Quote
  #74  
Old 05-06-2008, 09:48 AM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by j_ainsworth View Post
I get this in my log file
++ presearch /t Resource id #15,dc=thebookpeople,dc=com,(sAMAccountName=test98 7)

ANy ideas, desperate for this to work!

Cheers
John
great that you got ldap working on windows. the logfile entry shows
- $ldapBase printed (dc=thebookpeople,dc=com)
- $ldapFiler printed (sAMAccountName=test987)
- $ldapConnection is working, too

is it working when you print some text into debuglog right after $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter); ?

-malc
Reply With Quote
  #75  
Old 05-06-2008, 10:13 AM
g9g6.com g9g6.com is offline
 
Join Date: May 2008
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks
Reply With Quote
  #76  
Old 05-06-2008, 11:49 AM
j_ainsworth j_ainsworth is offline
 
Join Date: Apr 2008
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by malcolmx View Post
great that you got ldap working on windows. the logfile entry shows
- $ldapBase printed (dc=thebookpeople,dc=com)
- $ldapFiler printed (sAMAccountName=test987)
- $ldapConnection is working, too

is it working when you print some text into debuglog right after $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter); ?

-malc
Hi Malc
Progress! I have had some partial success.

If I specify in the ldapconfig.php the actual OU that the account exists in
$ldapBase = "OU=users,OU=Haydock,DC=thebookpeople,DC=com";

and use the cn for the ldapfilter
$ldapFilter = "(cn=" . $vbulletin->GPC['vb_login_username'] .")";

then it works if I login with the actual fullname , ie for me cn=john ainsworth

What I really need is to be able to set the Base to be our top level AD DC=thebookpeople,DC=com rather than be specific
Also to be able to use their login name rather than the Active Directory Object name

I did work out that I changed ldapfilter to query the Active Directory property sAMAccountName instead of cn
and
changed the ldapbase to be
CN=John Ainsworth,OU=HayIT,OU=Haydock,DC=thebookpeople,DC= com

then it would log me in

Cheers
Reply With Quote
  #77  
Old 05-06-2008, 12:22 PM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

if you can only find your user in the "long" tree but the search does not succed with the top level AD base, then it "could" be possivle that AD has a mechanism (like any other ldap) to deny a subtreee (scope) search.

if that works (test with the ldap client command), php standard search scope is subtree (LDAP_SCOPE_SUBTREE) - http://de.php.net/manual/en/function.ldap-search.php

your other thoughts are right:
- login with samaccountname
- search for user (samaccountname=username)
- bind with the full dn (cn=....)

-malc
Reply With Quote
  #78  
Old 05-06-2008, 01:29 PM
j_ainsworth j_ainsworth is offline
 
Join Date: Apr 2008
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[QUOTE=malcolmx;1510358]if you can only find your user in the "long" tree but the search does not succed with the top level AD base, then it "could" be possivle that AD has a mechanism (like any other ldap) to deny a subtreee (scope) search.

All sorted!! If you want to query sub trees in Active Directory don't use the standard port number , use 3268 instead

Once I changed the port number I was able to change the filter to
$ldapFilter = "(sAMAccountName=" . $vbulletin->GPC['vb_login_username'] .")";

to login using the AD login name rather than the cn name

Cheers for all your help malc
Reply With Quote
  #79  
Old 05-06-2008, 01:40 PM
malcolmx malcolmx is offline
 
Join Date: May 2003
Posts: 45
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks for using my plugin and its nice to see another one using it

dont forget to click on "Mark as Installed"

thanks for your support!

-malc
Reply With Quote
  #80  
Old 06-09-2008, 07:00 PM
rrusinko rrusinko is offline
 
Join Date: May 2008
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am new to using plugins for vBulletin and the error is probaly basic.
I downloaded the plugin and followed the directions, but when I get to step 6:
I receive a message "invalid file specified".
Step 6 is in admin cp import the product at "Download / Upload" Plugins
I am using the plugin hooks_ldap.xml located in the ./includes/xml/.

Any help would be appreciated.
Reply With Quote
  #81  
Old 06-10-2008, 06:25 PM
rrusinko rrusinko is offline
 
Join Date: May 2008
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I got it working.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:13 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04467 seconds
  • Memory Usage 2,316KB
  • Queries Executed 28 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete