Go Back   vb.org Archive > vBulletin Modifications > Archive > Modification Graveyard
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
LDAP Authentication Details »»
LDAP Authentication
Version: 1.5, by Haqa Haqa is offline
Developer Last Online: Jun 2010 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.7.x Rating:
Released: 11-17-2008 Last Update: 03-18-2009 Installs: 65
Uses Plugins
Re-useable Code Additional Files Translations  
No support by the author.

I've only recently started using vBulletin, and this is my first mod so if you use this, please click Installed!

This mod (which builds on the fine work from malcomx and zemic) is intended to lower the barriers to using and LDAP directory as an external authentication source for your board. The idea is simple; capture a login attempt before authentication and test it against LDAP first, if that succeeds, see if there is already a matching user in vBulletin. If there is not, create one, using data from the LDAP to fill in the required fields, if there is already a matching user (Determined by comparing email addresses) then update the user.

You might be asking why this mod is better than the two mods I've mentioned above? Well firstly the only additional file is the XML file for the new hooks (See below), and no changes to vBulletin code so installation is simple, and upgrades to vBulletin don't get over complicated by re-applying changes. Secondly, all the settings are controlled from the admincp rather than an external config file. Thirdly (as if two wasn't enough) I've added some hook points so this mod can be extended, for example to get additional data from the LDAP and put it in user profile fields.

One important similarity with the two earlier mods is that in the admincp and modcp no LDAP authentication is performed, this is a safety feature, so even if the mod or an extending to it, breaks your board, you shouldn't ever get locked out of the admincp so you'll be able to turn if off quickly.

Additional Hooks

The mod is essentially a single plugin (plus options and help) which runs at global_complete which is before most other things have happened, but just after all the global setup has occurred.

To enable the additional hooks, you need to upload the file hooks_ldap_auth.xml to /includes/xml under your forum.

The following new hooks are created by this mod:
  • ldap_auth_start - After the list of attributes to fetch has been created, this list is in $ldapAttrs. You can simply add your own attributes to this array here.
  • ldap_auth_all_user - After a new user has been added to vBulletin or existing user has been updated, but before the user has been saved. The new user is in $newuser and the LDAP data is in $userData. This happens before ldap_auth_new_user or ldap_auth_existing_user.
  • ldap_auth_new_user - After a new user has been added to vBulletin, but before the user has been saved. The new user is in $newuser and the LDAP data is in $userData.
  • ldap_auth_existing_user - After an existing user has been updated, but before the user has been saved. The new user is in $newuser and the LDAP data is in $userData.

By requesting new attributes at ldap_auth_start and then applying them at either ldap_auth_all_user, ldap_auth_new_user or ldap_auth_existing_user you can setup your users easily without having to write all the LDAP code yourself!

AdminCP Settings

This mod creates a new options group called LDAP Authentication between email options and user registration options where you set the host name and port number of the LDAP server, the initial authentication type (Anonymous or authenticated), optionally the BindDN and Password for the LDAP server. You also set which attribute matches the vBulletin username (The default is cn which works well for inetOrgPerson based entries). You can set additional attributes to retrieve (If you want to quickly knock up a simple plugin which uses them at one of the hook points above). There is also the facility to disable (or rather make unavailable) accounts which exist in vBulletin but not in LDAP. Given that your initial admin may fall into this group, there is also a list of userids who should be allowed to log in anyway.

Requirements
  • PHP 4.3+ with LDAP support.

I'll try to provide support to users of my mod, but please bear in mind I fairly new to all this, so I may not be able to solve all problems immediately. Support will only be provided via this thread (Don't PM or email me unless I ask you to). Priority will be given to users who have clicked Installed.

Release Notes
  • 1.0 - Initial release
  • 1.1 - Corrected SQL queries to use TABLE_PREFIX
  • 1.2 - Corrected a bug which prevented the settings page from being created correctly
  • 1.3 - Corrected where the existing, new and all user hooks are called (Before, not after the user profile fields are set) to support dependant plugins
  • 1.4 - Added the ability to set a search base for directories which do not permit searching from the root
  • 1.5 - Fixed reported bug where hooks were called in the wrong order

Installation
  1. Add the command define('DISABLE_PASSWORD_CLEARING', 1); to your includes/config.php - This will NOT be overwritten by upgrades, so only needs doing once.
  2. Upload the file hooks_ldap_auth.xml to includes/xml under your forum.
  3. Install the latest product file (below) using the Add/Import Product link on the Manage Products page under Plugins & Products in your AdminCP.

Haqa...

Download Now

File Type: (21.4 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Благодарность от:
Jimbot

Comments
  #112  
Old 05-23-2010, 10:07 PM
john.parlane john.parlane is offline
 
Join Date: Aug 2008
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yep agreed, these are all things you could do to make it more robust.
Reply With Quote
  #113  
Old 06-23-2010, 09:01 AM
Teamghost Teamghost is offline
 
Join Date: Aug 2009
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My user try to get the password - I thought this is disabled with the
PHP Code:
define('DISABLE_PASSWORD_CLEARING'1); 
in the config file. How can I disable this function for Ldap User?

'Disable vBulletin Users' is No - I think this is related to this problem.

I'm using 3.8.4 and ldap 1.5 with the 'first logIn' fix
Reply With Quote
  #114  
Old 07-16-2010, 04:54 PM
fth fth is offline
 
Join Date: Jun 2010
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks for such a great plugin easy to use is there anyone try to transfer dateof birth and avatar from ldap to vbulletin? its because this plugin is only transfer email username and password

thanks.
Reply With Quote
  #115  
Old 07-17-2010, 05:04 AM
fth fth is offline
 
Join Date: Jun 2010
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Haqa View Post
The issue here is that the one thing which must not change is the users' email addresses.

You will have to manually update the email address for each account, I'm afraid...

H.
Anyone fix this problem? if ldap user change their email address from ldap and then try to login again it says
Error creating/updating user
Array

vb 4.02
Reply With Quote
  #116  
Old 07-28-2010, 08:54 AM
fth fth is offline
 
Join Date: Jun 2010
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

is there anyone help me how can i set language for this plugin some non english characters on the location doesnt appear properly if not english at all thanks
Reply With Quote
  #117  
Old 09-24-2010, 03:36 PM
jjuarez jjuarez is offline
 
Join Date: Sep 2010
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi, Does anyone has make ldap work on vb 4.0.7?

I follow install instructions, but when I try to login with a AD valid user, display error "500 Internal Server Error" page.

Please help me...

Tanks a Lot.

jjuarez
Reply With Quote
  #118  
Old 09-28-2010, 06:16 PM
ginab143 ginab143 is offline
 
Join Date: Apr 2010
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by jjuarez View Post
Hi, Does anyone has make ldap work on vb 4.0.7?

I follow install instructions, but when I try to login with a AD valid user, display error "500 Internal Server Error" page.

Please help me...

Tanks a Lot.

jjuarez
I really need help as well. All I get is a blank page with this in the address field: http://hostname/login.php?do=login

No errors or anything else. I know I have the LDAP connections setup properly because I have other apps that I connect with LDAP that use the same parameters.

I haven't made any mods to the code that I see others talking about. If someone could provide a little direction I can figure it out from there.

Thanks
Reply With Quote
  #119  
Old 09-28-2010, 06:30 PM
Abe Koenghiem Abe Koenghiem is offline
 
Join Date: Feb 2009
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
I really need help as well. All I get is a blank page with this in the address field: http://hostname/login.php?do=login
When I get blank pages it is usually caused by permissions problems. If you are using apache then the user you configured in the httpd.conf file (usually apache) must have permission to read the vBulletin files. There may be a better explaination of this on the board somewhere, if someone knows, please post a link.

If this is the cause; then it is just a webserver configuration problem and not a problem with LDAP or this mod.

Good luck ginab143
Reply With Quote
  #120  
Old 09-29-2010, 02:32 PM
ginab143 ginab143 is offline
 
Join Date: Apr 2010
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Abe Koenghiem View Post
When I get blank pages it is usually caused by permissions problems. If you are using apache then the user you configured in the httpd.conf file (usually apache) must have permission to read the vBulletin files. There may be a better explaination of this on the board somewhere, if someone knows, please post a link.

If this is the cause; then it is just a webserver configuration problem and not a problem with LDAP or this mod.

Good luck ginab143
Thanks for the suggestion Abe. I played with this all day yesterday and couldn't get it to work. I get the 500 error on IE and blank on FF. I'm hosting this on an in-house 2003 IIS server to 2003 AD. I tried adding full permissions on the files, playing around with the IIS security, tried the mods from some of these posts... Nada. If there is anywhere else I should look at permissions I would love to know.

I can also connect over ldap from the command line using the same credentials so I know it is not a host connection issue. I just don't get it. I was really hoping to use ldap because I want to use VB as the front end for my end users. If they have to remember another password I may be in trouble.

If anyone else has any ideas I'm all ears.

Thanks
Reply With Quote
  #121  
Old 10-01-2010, 01:48 PM
jjuarez jjuarez is offline
 
Join Date: Sep 2010
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi, the error 500 is because I don´t have Ldap support on Php installation.

Just install or reinstall PHP with LDAP Support and this resolve the Blank page.

Now, there are some way to debug the Ldap connection, because I configure the LDAP Settings and when I try authenticate with an Active ¿Directory valid user, only say thar I entered an invalid username or password.

Tanks a Lot
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:13 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04651 seconds
  • Memory Usage 2,345KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (1)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete