Integration with vBulletin - vBulletin Ldap Authentication Plugin 1.0.1

This is a very small plugin for enabling ldap authentication for vBulletin Suite 4. The original version is from www.sartori.at.

if you need any help installing the plugin, please post into this thread here.

if you need any extra changes i will modify the plugin for extra charge.

In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.

If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.

in the admin or moderator panel no user is authenticated against the directory.

Requirements

• php with ldap support

Installation Notes:

1. copy ldapAuth directory to your vb forum installation directory
2. change the path to controller.php directory in ldap-plugin.xml
3. copy the hooks_ldap.xml to FORUM_ROOT/includes/xml directory
4. in login.php search for:
   
   PHP Code:

   if ($vbulletin->GPC['vb_login_username'] == '')
         {
          eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
         } 

   add hook after if statement, becomes:
   
   PHP Code:

   (if ($vbulletin->GPC['vb_login_username'] == '') 
{ 
  eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], .... 
} 
($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false; 

5. activate plugin system (if not done already) in admincp
6. in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'
7. recheck if the include for controller.php is right
8. in includes/class_bootstrap.php search for:
   
   PHP Code:

   $show['nopasswordempty'] 

   and change:
   
   PHP Code:

   defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; 

   to:
   
   PHP Code:

   defined('DISABLE_PASSWORD_CLEARING') ? 0 : 1; 

9. configure the ldap settings in: ldapconfig.inc.php
10. test the product

Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell and Microsoft


I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal.

vBulletin 3.6 version

[Zate]

Does this support native vb functions such as changing password, username or email address?

[malcolmx]

hello,

since this addon does not use vb functions to authenticate the users, those features are not available. if you want to change passwords / email addresses in your ldap / active directory then use
software that is available on the open source market.

if you want ldap functions implemented in vBulletin, you need another addon or need a request for paid services.

greetings

-malc

[yambert]

A few things that could be more clear on the installation notes:

4. in login.php search for:

PHP Code:

if ($vbulletin->GPC['vb_login_username'] == '')
{
  eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
} 


add hook after if statement, becomes:

PHP Code:

if ($vbulletin->GPC['vb_login_username'] == '')
{
  eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
}
($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false; 


6. in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'

[malcolmx]

thanks for the suggestions. changes made!

-malc

[DraculaVN]

Dear malcolmx !

Thanks for your plugin. Now I want to a question for you: How to config plugin if my LDAP don't allow anonymous queries.

Because my company don't allow anonymous queries.

Please help me !!!

[malcolmx]

Quote:

Originally Posted by DraculaVN

Dear malcolmx !

Thanks for your plugin. Now I want to a question for you: How to config plugin if my LDAP don't allow anonymous queries.

Because my company don't allow anonymous queries.

Please help me !!!

as there habe been alot of questions for this feature (in the "old" plugin, too) i will add it to the code. see it online within 2 days.

kind regards

-malc

[DraculaVN]

Oh ... I'm feeling happy with your answer. I will waiting for your plugin. I donate this plugin .
Thanks so much

[danlavu]

I hope this helps but I modified the controller.php so you can bind a username and password, so you do not need to open your ldap server.

My changes are below.

Add the following at

Code:

// connect to the LDAP Server

++$ldapBindUser = 'YOUR_BIND_USER';
++$ldapPassword = 'YOUR_BIND_USER_PASSWORD';

For every instance of $ldapConnection add the follow below the line. Should be two instances.

Code:

 
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
++$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapPassword);

Make some changes to the if else statement, delete or comment out the following and change one variable.

Code:

 // write the FIRST found DN to $bindDn;
        --$bindDn=$searchResult[0]['dn'];

        // bind to the ldap server with specified credentials (dn, password)
        --$ldap_bind = @ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);

        // close the server connection
        ldap_close($ldapConnection);

        // ldap bind did not succeed, wrong username/password combination
        ++if ($ldapBind != 1)
        --if ($ldap_bind != 1)

Now you should be able to connect to a more secure ldap server. Anonymous queries against my AD makes it hard for me to sleep at night.

[DraculaVN]

Oh thanks danlavu. I will check it.