Integration with vBulletin - vBulletin Ldap Authentication Plugin 1.0.1

This is a very small plugin for enabling ldap authentication for vBulletin Suite 4. The original version is from www.sartori.at.

if you need any help installing the plugin, please post into this thread here.

if you need any extra changes i will modify the plugin for extra charge.

In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.

If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.

in the admin or moderator panel no user is authenticated against the directory.

Requirements

• php with ldap support

Installation Notes:

1. copy ldapAuth directory to your vb forum installation directory
2. change the path to controller.php directory in ldap-plugin.xml
3. copy the hooks_ldap.xml to FORUM_ROOT/includes/xml directory
4. in login.php search for:
   
   PHP Code:

   if ($vbulletin->GPC['vb_login_username'] == '')
         {
          eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
         } 

   add hook after if statement, becomes:
   
   PHP Code:

   (if ($vbulletin->GPC['vb_login_username'] == '') 
{ 
  eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], .... 
} 
($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false; 

5. activate plugin system (if not done already) in admincp
6. in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'
7. recheck if the include for controller.php is right
8. in includes/class_bootstrap.php search for:
   
   PHP Code:

   $show['nopasswordempty'] 

   and change:
   
   PHP Code:

   defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; 

   to:
   
   PHP Code:

   defined('DISABLE_PASSWORD_CLEARING') ? 0 : 1; 

9. configure the ldap settings in: ldapconfig.inc.php
10. test the product

Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell and Microsoft


I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal.

vBulletin 3.6 version

[jeffsawyer]

I'm sure this has been asked (and hopefully solved) somewhere, but I'm not having luck with my searches here or on Google. What I'd really like is a full complete LDAP solution for vBulletin. This LDAP mod is great, but only integrates the login and nothing else. Is there a full integration hack somewhere or do I need to hack it up myself? Or do most people use some sort of central account management hub on their sites and disable the broken pieces? i.e. multiple subdomains for each piece: account.mycoolsite.com, forum.mycoolsite.com, www.mycoolsite.com

Thanks! Looking forward to feedback.

Jeff

[lluu]

Does this mod allow for LDAPS (secure LDAP)? I am trying with OpenLDAP and have no idea how I would set encryption types, certs, etc.
Any help would be much appreciated, thanks.

[northerndoctors]

Hi,
I've been through the steps and added the code and put the files in the places told. When i try log in i get the error shown below right at the top of the window. Could you give me some suggestions to try?

Cheers Ben

"Warning: include(/Forums/ldapAuth/controller.php) [function.include]: failed to open stream: No such file or directory in [path]\login.php(109) : eval()'d code on line 1

Warning: include() [function.include]: Failed opening '/Forums/ldapAuth/controller.php' for inclusion (include_path='.;C:\xampp\php\pear\') in [path]\login.php(109) : eval()'d code on line 1"

[jjuarez]

Please help me, I install this mod and work perfect, but I need give administrator privileges to an Active Directory User, and when I try to enter with this user to Admin Panel, dispay the error on user or password.

I Think this is because in controller.php are this condition:

// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
return;
}

How fix this that when this user try to access to admin panel, work.

Tanks a lot.

[VirginBlue]

Quote:

Originally Posted by FFSBC

Tried this with vbulletin 4-0-2 Patch Level 1 and Server 2003 AD with no luck. Installed Haqa's LDAP mod version 1.5 (which I had previously used with version 3.8.2 without issues) and it worked on the first try without any other tweaking:

https://vborg.vbsupport.ru/showthread.php?t=196596

Same

[ecrist]

I've updated the code from this add-on to include the code for authenticated (non-anonymous) binds, and well as having added the ability to keep the in-database password in-sync with the password stored in LDAP. The allows the user to use the same password for the admin/mod control panels as they do for the forum main pages.

There are a few things I'd like to do in the near future:

1. Update LDAP password from vB profile update page.
2. Update email from vB profile update page
3. Update email from LDAP front-end.

Please take these code changes and let me know what you think.

[Swarm]

Hello,
Does anyone know if this plugin has been worked on recently? I've followed the directions and notes from this thread fairly extensively but still cannot get it to work entirely.

Using: AD, ldapAuth_1.0.2 (non-anonymous)

I can verify that my credential is binding correctly. However when I try to log in, i see the following errors:

Code:

Warning: ldap_search() [function.ldap-search]: Search: Bad search filter in [path]\ldapAuth\controller.php on line 38

Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in [path]\ldapAuth\controller.php on line 39

controller.php

Code:

<?php

error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'controller.php');

// some basic requirements
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/ldapAuth/ldapfunctions.inc.php');
require_once(DIR . '/ldapAuth/ldapconfig.inc.php');

// if login form is admin or moderator login, dont use ldap authentication
if(($vbulletin->GPC['logintype'] == "cplogin") || ($vbulletin->GPC['logintype'] == "modcplogin"))
{
	return;
}

// if there is no password submitted, redirect to standard error
if ($vbulletin->GPC['vb_login_password'] == '')
{
	eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}

// create the ldap search filter
$ldapFilter = "($samaccountname=" . $vbulletin->GPC['vb_login_username'] .")";

// connect to the LDAP Server
$ldapConnection = ldap_connect($ldapServer, $ldapPort);
//ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);

if($ldapConnection){
	$ldapBind = ldap_bind($ldapConnection, $ldapBindUser, $ldapBindPassword);
	// search for the username and get the DN
	$searchDn = ldap_search($ldapConnection,$ldapBase,$ldapFilter);
	$searchResult = ldap_get_entries($ldapConnection,$searchDn);
	
	// if no user is found in ldap, redirect to standard error
	if(sizeof($searchResult) < 2)
	{
		eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'],$strikes)));
	}

	// write the FIRST found DN to $bindDn;
	$bindDn=$searchResult[0]['dn'];

	// bind to the ldap server with specified credentials (dn, password)
	$ldap_bind = ldap_bind($ldapConnection, $bindDn, $vbulletin->GPC['vb_login_password']);

	// close the server connection
	ldap_close($ldapConnection);

	if ($ldap_bind != 1){
		// ldap bind did not succeed, wrong username/password combination
		eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
	} else {
		// generate a template for vBulletin user database
		[...]

ldapconfig

Code:

<?php

error_reporting(E_ALL & ~E_NOTICE); 
define('THIS_SCRIPT', 'ldapconfig.php');  

// Server Settings
$ldapBindUser = "mydomainadminusername";
$ldapBindPassword = "mypass";
$ldapServer = "x.x.x.x";
$ldapPort = 389;
$ldapBase = "ou=users,dc=domain,dc=local";

// Search Settings
//$samaccountname = "cn";
$ldapEmailAttr = array( "mail" );
$noEmailExists = ""

?>

Any Ideas?

[Eslob]

thank you for this mod, its little complicated but i'm trying to learn more about it.

as i know ldap mostly used for emails (microsoft outlook)

[J29953E37A78]

Hi there,
I have downloaded the plugin and done up to point 5 but I don't understand point 6 (in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'

Where do I find this?

Frustrated
thanks

[miklr]

Quote:

Originally Posted by J29953E37A78

Hi there,
I have downloaded the plugin and done up to point 5 but I don't understand point 6 (in admin cp import the product at "Plugins & Products -> Download / Upload Plugins", use "Import Plugin Definitions XML File" at the bottom of the page, example import input './ldapAuth/ldap-plugin.xml'


Where do I find this?

Frustrated
thanks

I noticed that malcolmx has a supported tag on this. Has anyone had success installing it on 4.2?