Integration with vBulletin - vBulletin Ldap Authentication Plugin 1.0.1

This is a very small plugin for enabling ldap authentication for vBulletin Suite 4. The original version is from www.sartori.at.

if you need any help installing the plugin, please post into this thread here.

if you need any extra changes i will modify the plugin for extra charge.

In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.

If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.

in the admin or moderator panel no user is authenticated against the directory.

Requirements

• php with ldap support

Installation Notes:

1. copy ldapAuth directory to your vb forum installation directory
2. change the path to controller.php directory in ldap-plugin.xml
3. copy the hooks_ldap.xml to FORUM_ROOT/includes/xml directory
4. in login.php search for:
   
   PHP Code:

   if ($vbulletin->GPC['vb_login_username'] == '')
         {
          eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
         } 

   add hook after if statement, becomes:
   
   PHP Code:

   (if ($vbulletin->GPC['vb_login_username'] == '') 
{ 
  eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], .... 
} 
($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false; 

5. activate plugin system (if not done already) in admincp
6. in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'
7. recheck if the include for controller.php is right
8. in includes/class_bootstrap.php search for:
   
   PHP Code:

   $show['nopasswordempty'] 

   and change:
   
   PHP Code:

   defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; 

   to:
   
   PHP Code:

   defined('DISABLE_PASSWORD_CLEARING') ? 0 : 1; 

9. configure the ldap settings in: ldapconfig.inc.php
10. test the product

Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell and Microsoft


I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal.

vBulletin 3.6 version

[DraculaVN]

I can't connect to my LDAP with danlavu's code.

Dear Malcolmx,

I'm waiting your new plugin. I hope it will successful.

[danlavu]

If you want, pastebin what you have and I can take a look at it, because its working fine for me. Also if you modify controller.debug.php and make the changes, it'll give you a lot more information on what the error is, if you can pastebin that I certain i can help you get it working.

[DraculaVN]

Dear danlavu,

Thanks for support. Can you send me your "controller.php" file you have repair it or you send me your plugin you config.

Thanks so much

[danlavu]

Dracula,

I found a bug in my code, if I can it working without this bug I'll post a solution but in the meanwhile please disregard my solution, it allows users to login as long as they match a username in ldap, no actual authentication occurs.

So I apologize for prematurely posting any code.

Dan

[danlavu]

OK, I finally got it working properly, here is my controller.php and ldapconfig.inc.php

controller.php (modified ldap parameters to bind to a database, and because I'm using AD, I changed my search filter to 'samaccountname' instead of uid.

Code:

<?php
//
// main php file for vBulletin authentication against LDAP
// (c) andreas sartori, 2006
//

error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'controller.php');

// some basic requirements
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/ldapAuth/ldapfunctions.inc.php');
require_once(DIR . '/ldapAuth/ldapconfig.inc.php');

// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
        return;
}

// if there is no password submitted, redirect to standard error
if ($vbulletin->GPC['vb_login_password'] == '')
{
        eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}

// create the ldap search filter
$ldapFilter = "(samaccountname=" . $vbulletin->GPC['vb_login_username'] .")";

// connect to the LDAP Server
$ldapConnection = ldap_connect($ldapServer, $ldapPort);

if($ldapConnection)
{
        $ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
        // search for the username and get the DN
        $searchDn=ldap_search($ldapConnection,$ldapBase,$ldapFilter);
        $searchResult=ldap_get_entries($ldapConnection,$searchDn);

        // if no user is found in ldap, redirect to standard error
        if(sizeof($searchResult) < 2)
        {
                eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'],$strikes)));
        }

        // write the FIRST found DN to $bindDn;
        $bindDn=$searchResult[0]['dn'];

        // bind to the ldap server with specified credentials (dn, password)
        $ldap_bind = @ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);

        // close the server connection
        ldap_close($ldapConnection);

        // ldap bind did not succeed, wrong username/password combination
        if ($ldap_bind != 1)
        {
                eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
        }
        else
        {
                // generate a template for vBulletin user database
                $randomSalt=genSalt();
                $randomPass=md5(crypt($randomSalt,$randomSalt));
                $newuser =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
                $newuser->set('username', $vbulletin->GPC['vb_login_username']);

                // get the email address from ldap
                $ldapConnection = ldap_connect($ldapServer, $ldapPort);
                if($ldapConnection)
                {
                        $ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
                        $searchEmail=ldap_search($ldapConnection,$ldapBase,$ldapFilter, $ldapEmailAttr);
                        $userEmail=ldap_get_entries($ldapConnection,$searchEmail);
                        if(sizeof($userEmail) < 2)
                        {
                                $newuser->set('email', $noEmailExists);
                        }
                        else
                        {
                                $newuser->set('email', $userEmail[0]['mail'][0]);
                        }
                }

                ldap_close($ldapConnection);

                $newuser->set('password', $randomPass);
                $newuser->set('usergroupid', 2);

                $newuser->pre_save();

                // try to create the user in vBulletin; if it works save the dataset else just login
                if (!empty($newuser->errors))
                {
                        $vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
                        $vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
                        verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
                        exec_unstrike_user($vbulletin->GPC['vb_login_username']);
                        process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
                        do_login_redirect();
                }
                else
                {
                        $newuser->set_info('coppauser', false);
                        $vbulletin->userinfo['userid']
                        = $userid
                        = $newuser->save();
                        $vbulletin->GPC['vb_login_username']=$vbulletin->GPC['vb_login_username'];
                        $vbulletin->GPC['cookieuser']=$vbulletin->GPC['vb_login_username'];
                        verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['cookieuser'], true);
                        exec_unstrike_user($vbulletin->GPC['vb_login_username']);
                        process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
                        do_login_redirect();
                }
        }
}
?>

ldapconfig.inc.php (Add user bind and pass variable)

Code:

<?php
//
// ldap configuration for vBulletin authentication against LDAP
// (c) andreas sartori, 2006
//

error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'ldapconfig.php');

// Server Settings
$ldapBindUser = "ldapuser";
$ldapBindPassword = "ilikeldap";
$ldapServer = "0.0.0.0";
$ldapPort = 389;
$ldapBase = "ou=users,dc=vbulletin,dc=org";

// Search Settings
$ldapEmailAttr = array( "mail" );
$noEmailExists = ""

?>

I hope this helps.

[evilchili]

For those of you using OpenLDAP, you may need to specify:

PHP Code:

ldap_set_option($LdapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); 


Immediately following your call to ldap_connect. This will avoid a protocol error when binding.

[evilchili]

Also that whole second connect/bind/search just to get the email address isn't necessary -- we already have in $searchResult. So just do:

PHP Code:

$newuser->set( 'email', $searchResult[0]['mail'][0] ); 


[malcolmx]

i am sorry, that i am was not that active in the last weeks. lots of work to do thanks for every one helping the other vbulletin users!

-malc

[tuwebfacil]

Just to help others, it's important to check that you have the php_ldap module, your php info should show something like this:


But I am currently having this problem:

Code:

Warning: ldap_search() [function.ldap-search]: Search: Can't contact LDAP server in [path]/ldapAuth/controller.php on line 37

Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in [path]/ldapAuth/controller.php on line 38

Any idea?

[malcolmx]

Quote:

Originally Posted by tuwebfacil

Just to help others, it's important to check that you have the php_ldap module, your php info should show something like this:


But I am currently having this problem:

Code:

Warning: ldap_search() [function.ldap-search]: Search: Can't contact LDAP server in [path]/ldapAuth/controller.php on line 37

Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in [path]/ldapAuth/controller.php on line 38

Any idea?

show me the contents of the ldapconfig file.
-malc