The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
![]() |
|||||||||||||||||||||||||
I am using vbulletin for a long time now and before there was the plugin system introduces i hacked every single version of vb to enable ldap authentication. with the introduction of the plugin system i have written a little plugin that works in every version since VBulletin 3.5. This Plugin is the buyable VBulletin Ligh Authentication from http://www.sartori.at. now its FREE.
Since its working and i will not enhance this small plugin anymore, i will make it public. If there are any enhancements, i can put it into my versioning system and update this plugin. In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type. If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory. in the admin or moderator panel no user is authenticated against the directory. Requirements
Installation Notes:
Additional Notes: If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at Novell and Microsoft I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal. ![]() Supporters / CoAuthors Show Your Support
|
Comments |
#72
|
|||
|
|||
![]()
123
|
#73
|
|||
|
|||
![]()
I have managed to figure out ldp.exe and have now got anonymous searchs working against our Active Directory
However still having trouble with this mod. I have modified the controller so $ldapFilter = "(sAMAccountName=" . $vbulletin->GPC['vb_login_username'] .")"; using ldp.exe I can do the above search ok Using the debug controller I can see it hangs at $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter); If I add a line before it if(defined('LDDEBUG')) { wrlog("++ presearch /t $ldapConnection,$ldapBase,$ldapFilter"); } I get this in my log file ++ presearch /t Resource id #15,dc=thebookpeople,dc=com,(sAMAccountName=test98 7) ANy ideas, desperate for this to work! Cheers John |
#74
|
|||
|
|||
![]() Quote:
- $ldapBase printed (dc=thebookpeople,dc=com) - $ldapFiler printed (sAMAccountName=test987) - $ldapConnection is working, too is it working when you print some text into debuglog right after $searchDn=ldap_search($ldapConnection,$ldapBase,$l dapFilter); ? -malc |
#75
|
|||
|
|||
![]()
Thanks
|
#76
|
|||
|
|||
![]() Quote:
Progress! I have had some partial success. If I specify in the ldapconfig.php the actual OU that the account exists in $ldapBase = "OU=users,OU=Haydock,DC=thebookpeople,DC=com"; and use the cn for the ldapfilter $ldapFilter = "(cn=" . $vbulletin->GPC['vb_login_username'] .")"; then it works if I login with the actual fullname , ie for me cn=john ainsworth What I really need is to be able to set the Base to be our top level AD DC=thebookpeople,DC=com rather than be specific Also to be able to use their login name rather than the Active Directory Object name I did work out that I changed ldapfilter to query the Active Directory property sAMAccountName instead of cn and changed the ldapbase to be CN=John Ainsworth,OU=HayIT,OU=Haydock,DC=thebookpeople,DC= com then it would log me in Cheers |
#77
|
|||
|
|||
![]()
if you can only find your user in the "long" tree but the search does not succed with the top level AD base, then it "could" be possivle that AD has a mechanism (like any other ldap) to deny a subtreee (scope) search.
if that works (test with the ldap client command), php standard search scope is subtree (LDAP_SCOPE_SUBTREE) - http://de.php.net/manual/en/function.ldap-search.php your other thoughts are right: - login with samaccountname - search for user (samaccountname=username) - bind with the full dn (cn=....) -malc |
#78
|
|||
|
|||
![]()
[QUOTE=malcolmx;1510358]if you can only find your user in the "long" tree but the search does not succed with the top level AD base, then it "could" be possivle that AD has a mechanism (like any other ldap) to deny a subtreee (scope) search.
All sorted!! If you want to query sub trees in Active Directory don't use the standard port number , use 3268 instead Once I changed the port number I was able to change the filter to $ldapFilter = "(sAMAccountName=" . $vbulletin->GPC['vb_login_username'] .")"; to login using the AD login name rather than the cn name Cheers for all your help malc |
#79
|
|||
|
|||
![]()
thanks for using my plugin and its nice to see another one using it
![]() dont forget to click on "Mark as Installed" ![]() thanks for your support! -malc |
#80
|
|||
|
|||
![]()
I am new to using plugins for vBulletin and the error is probaly basic.
I downloaded the plugin and followed the directions, but when I get to step 6: I receive a message "invalid file specified". Step 6 is in admin cp import the product at "Download / Upload" Plugins I am using the plugin hooks_ldap.xml located in the ./includes/xml/. Any help would be appreciated. |
#81
|
|||
|
|||
![]()
I got it working.
|
![]() |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|