The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
LDAP Authentication Details »» | |||||||||||||||||||||||||||
I've only recently started using vBulletin, and this is my first mod so if you use this, please click Installed!
This mod (which builds on the fine work from malcomx and zemic) is intended to lower the barriers to using and LDAP directory as an external authentication source for your board. The idea is simple; capture a login attempt before authentication and test it against LDAP first, if that succeeds, see if there is already a matching user in vBulletin. If there is not, create one, using data from the LDAP to fill in the required fields, if there is already a matching user (Determined by comparing email addresses) then update the user. You might be asking why this mod is better than the two mods I've mentioned above? Well firstly the only additional file is the XML file for the new hooks (See below), and no changes to vBulletin code so installation is simple, and upgrades to vBulletin don't get over complicated by re-applying changes. Secondly, all the settings are controlled from the admincp rather than an external config file. Thirdly (as if two wasn't enough) I've added some hook points so this mod can be extended, for example to get additional data from the LDAP and put it in user profile fields. One important similarity with the two earlier mods is that in the admincp and modcp no LDAP authentication is performed, this is a safety feature, so even if the mod or an extending to it, breaks your board, you shouldn't ever get locked out of the admincp so you'll be able to turn if off quickly. Additional Hooks The mod is essentially a single plugin (plus options and help) which runs at global_complete which is before most other things have happened, but just after all the global setup has occurred. To enable the additional hooks, you need to upload the file hooks_ldap_auth.xml to /includes/xml under your forum. The following new hooks are created by this mod:
By requesting new attributes at ldap_auth_start and then applying them at either ldap_auth_all_user, ldap_auth_new_user or ldap_auth_existing_user you can setup your users easily without having to write all the LDAP code yourself! AdminCP Settings This mod creates a new options group called LDAP Authentication between email options and user registration options where you set the host name and port number of the LDAP server, the initial authentication type (Anonymous or authenticated), optionally the BindDN and Password for the LDAP server. You also set which attribute matches the vBulletin username (The default is cn which works well for inetOrgPerson based entries). You can set additional attributes to retrieve (If you want to quickly knock up a simple plugin which uses them at one of the hook points above). There is also the facility to disable (or rather make unavailable) accounts which exist in vBulletin but not in LDAP. Given that your initial admin may fall into this group, there is also a list of userids who should be allowed to log in anyway. Requirements
I'll try to provide support to users of my mod, but please bear in mind I fairly new to all this, so I may not be able to solve all problems immediately. Support will only be provided via this thread (Don't PM or email me unless I ask you to). Priority will be given to users who have clicked Installed. Release Notes
Installation
Haqa... Download Now
Show Your Support
|
Благодарность от: | ||
Jimbot |
Comments |
#92
|
|||
|
|||
Okay, so I got it working, somewhat...I basically added uid into the Naming Attribute field and now LDAP users are able to login, however, I get the following error message....
Error creating/updating user Array Now, what I did was the following: 1) Removed the hooks_ldap.xml 2) Removed the codes in the login.php file 3) Left the codes in the global.php file 4) Using the following LDAP settings: HOST: My LDAP Server LDAP PORT: 389 ANONYMOUS BIND: Yes BIND DN: [Blank] BIND PASSWORD: [Blank] NAMING ATTRIBUTE: uid SEARCH BASE DN: dc=colorado,dc=edu LDAP ATTRIBUTES: cn=nsidc,ou=group,ou=people DISABLE VBULLETIN USERS: Yes ALLOW BUILT-IN ACCOUNTS: 1 I am so close, if anyone can assist me with overcoming this latest error, I would greatly appreciate it. |
#93
|
|||
|
|||
Okay, so I fixed it by changing the following setting:
NAMING ATTRIBUTE: uid to the followng: NAMING ATTRIBUTE: mail But I would like to username/uid instead. Any thoughts of getting that to work correctly? |
#94
|
|||
|
|||
Haqa,
If you use a sniffer on the client's network port you see this. POST /forum/login.php?do=login HTTP/1.1 (application/x-www-form-urlencoded) vb_login_username=abek&vb_login_password=ThePlainT extPasswordOfAbeK&s=&securityt oken=guest&do=login&vb_login_md5password=dbfe6013c 281e40468727267d7441951&vb_log in_md5password_utf=dbfe6013c281e40468727267d744195 1 Is there anyway to stop the contents of vb_login_password from being sent as plain text from the client PC to the server? Other than this issue, this is a great mod. --------------------------------- EDIT The answer to my question seems to be to serve the pages from a https server. I have it working, vB3.8.4 |
#95
|
|||
|
|||
I just spent hours trying to get this mod to work. For anyone that is having problems, follow the directions for the mod, then:
Disable vBulletin Users: YES |
#96
|
|||
|
|||
Quote:
:up: Yeap - this is missing for 3.8.4 great work Thank you both |
#97
|
|||
|
|||
I cannot delete a few users using admincp under vB3.8.4, PHP 5.2.9, MySQL 5.0.84
I receive no error, instead I always receive a 'Deleted User Successfully' message. And the user is always still there. The user does not show as banned, has no threads or posts, is not a moderator. The pattern is: users created by admincp or through vB registration can be deleted. Users created by logging in with LDAP authentication cannot be deleted. even after the LDAP mod is disabled, uninstalled, files removed and config.php changed back. These users also seem to be uneditable. The only other mod is vBGallery. And I am serving https pages to protect the LDAP passwords. I have looked at the code and the XXXXXuser table without seeing anything. My searches on un-deletable vB users do not turn up any clues. The funny thing is other users delete just fine. Any thoughts? |
#98
|
|||
|
|||
I have this plugin working beautifully with our active directory. my only objection is that since we do not allow anonymous BIND, in the LDAP options control panel after setup it continues to display the BIND password in plain text. We have more than one vBulletin admin, but they do not need to know the LDAP setup, and as far as I can tell, I can't restrict the LDAP Authentication options by individual admin, nor can I figure out how to have the LDAP control panel just display a blank box or dots, rather than the actual value for that parameter. Ideas anyone?
|
#99
|
|||
|
|||
If no one told you it should work using sAMAccountName that gives you your Windows login account. If you have an account like john.smith LDAP will see it as john smith, sAMAccountName tosses in the dot.
|
#100
|
|||
|
|||
After installing this product as listed in the instructions I don't belive it is working properly. The odd part is I receive no error messages. Everything looks to be correct in the LDAP settings. Anyone run into this before?
Do users still have to register or does it create the user automatically? |
#101
|
|||
|
|||
Hello,
I'm using this Addon with vBulletin 3.8.4. It basically works, but: - I had to add another ldap_bind, because I can only fetch data with a proxy user. After the ldap_auth_start-Hook: PHP Code:
When he tries right again, the login works. How could I fix that? Anyway, great mod! Thanks. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|