The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
LDAP Authentication Details »» | |||||||||||||||||||||||||||
I've only recently started using vBulletin, and this is my first mod so if you use this, please click Installed!
This mod (which builds on the fine work from malcomx and zemic) is intended to lower the barriers to using and LDAP directory as an external authentication source for your board. The idea is simple; capture a login attempt before authentication and test it against LDAP first, if that succeeds, see if there is already a matching user in vBulletin. If there is not, create one, using data from the LDAP to fill in the required fields, if there is already a matching user (Determined by comparing email addresses) then update the user. You might be asking why this mod is better than the two mods I've mentioned above? Well firstly the only additional file is the XML file for the new hooks (See below), and no changes to vBulletin code so installation is simple, and upgrades to vBulletin don't get over complicated by re-applying changes. Secondly, all the settings are controlled from the admincp rather than an external config file. Thirdly (as if two wasn't enough) I've added some hook points so this mod can be extended, for example to get additional data from the LDAP and put it in user profile fields. One important similarity with the two earlier mods is that in the admincp and modcp no LDAP authentication is performed, this is a safety feature, so even if the mod or an extending to it, breaks your board, you shouldn't ever get locked out of the admincp so you'll be able to turn if off quickly. Additional Hooks The mod is essentially a single plugin (plus options and help) which runs at global_complete which is before most other things have happened, but just after all the global setup has occurred. To enable the additional hooks, you need to upload the file hooks_ldap_auth.xml to /includes/xml under your forum. The following new hooks are created by this mod:
By requesting new attributes at ldap_auth_start and then applying them at either ldap_auth_all_user, ldap_auth_new_user or ldap_auth_existing_user you can setup your users easily without having to write all the LDAP code yourself! AdminCP Settings This mod creates a new options group called LDAP Authentication between email options and user registration options where you set the host name and port number of the LDAP server, the initial authentication type (Anonymous or authenticated), optionally the BindDN and Password for the LDAP server. You also set which attribute matches the vBulletin username (The default is cn which works well for inetOrgPerson based entries). You can set additional attributes to retrieve (If you want to quickly knock up a simple plugin which uses them at one of the hook points above). There is also the facility to disable (or rather make unavailable) accounts which exist in vBulletin but not in LDAP. Given that your initial admin may fall into this group, there is also a list of userids who should be allowed to log in anyway. Requirements
I'll try to provide support to users of my mod, but please bear in mind I fairly new to all this, so I may not be able to solve all problems immediately. Support will only be provided via this thread (Don't PM or email me unless I ask you to). Priority will be given to users who have clicked Installed. Release Notes
Installation
Haqa... Download Now
Show Your Support
|
Благодарность от: | ||
Jimbot |
Comments |
#52
|
|||
|
|||
Is it possible to put a wait somewhere in the process so that if it's just a random time delay issue that this could circumvent that? Maybe a 3 second wait with a message saying "One moment, checking your account status."
|
#53
|
|||
|
|||
I've now tried the instructions using 3.7.6 and have the same issue. Doesn't even look like it's trying to access LDAP. I just get an invalid username/password. Not sure about configuring the login.php and where you set the plugin firing order? Any detailed instructions on how to configure this step-by-step would be greatly appreciated as I'm new to vBulletin. Thanks.
|
#54
|
|||
|
|||
Hi,
I have managed to get the plug-in working with v3.7.6. However I am also facing the same issue as n0manarmy whereby a user who logs in to vB for the first time (who doesn't have an account in vB) using this LDAP plug-in will not be successful. Subsequent log-ins will then be OK. Reason is that first timer needs to have his/her account created in vB and this plug-in is used to create that account. Therefore only on 2nd and subsequent log-ins will he/she be successful. Any workaround yet? Also I found that once this plug-in is installed, the admin cannot log-in directly from the vB mainpage (user page). The admin can only log in from the admin page. Why is that so? Please help. Thanks. |
#55
|
|||
|
|||
I have finally gotten this to work with both 3.7.6 and 3.8.2 using Windows 2003 Active Directory. The problem that I was having was the search base dn and the bind dn were causing issues. One thing to note was the bind dn requires domain\username to function correctly. The search base needed the ou that contains the user accounts in it.
The plugin creates a new user and logs them in succesfully on the first try. |
#56
|
|||
|
|||
I'm very sorry but due to personal reasons I'm finding I am unable to dedicate the time that a "supported" module deserves. As a result I'm removing the "supported" flag from this plugin.
This doesn't mean I'll stop helping anyone, but I'll feel a bit less bad if it takes me a week to get to it.. Once again sorry, and I hope you'll understand. H. |
#57
|
|||
|
|||
Quote:
Are you still using the global_complete hook for this? I used this plugin as an example to create a version that works on a SOAP API for our custom account system, but am running into the problem that other described of getting a failed login on first attempt with new account, but being successful upon refreshing the login page. I'd rather not add new hooks to the VB code if it can be avoided. |
#58
|
|||
|
|||
I use the default global_complete hook, yes. Everything seems to be working fine, except password changes in Active directory aren't transferring to vBulletin... not sure why?
|
#59
|
|||
|
|||
Quote:
Interestingly I was having your problem of password changes not updating from the external source. I added some debug code and found that without define('DISABLE_PASSWORD_CLEARING', 1); in config.php, the first test in the plugin was failing $vbulletin->GPC['vb_login_password'] == '' was true so the plugin was exiting. I re-added the line to config.php, and password changes work. However, I did notice that, because of the way my plugin is written, the old VB password will continue to work until the new external password is entered. This is because my plugin fails over to internal users if external auth fails. Unforunately when the new external password for an existing user is set in VB upon login, I still get the failed login error message, even though the new password gets set, and you can log in using the new password by refreshing the page. There's obviously something missing from my plugin that should be setting some cookies and/or session stuff correctly. Can't figure it out. |
#60
|
|||
|
|||
Quote:
|
#61
|
|||
|
|||
Okay looks like I got lucky.. here's what I did to fix the first time login failure..
edit the product-ldap_auth-1.5.xml either in notepad and reimport or edit the plugin in admin panel->plugin manager Find: Code:
} else { $newuserid = $newuser->save(); Add: Code:
verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true); exec_unstrike_user($vbulletin->GPC['vb_login_username']); process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']); do_login_redirect(); So here is the quick retrace of steps. Installation 1. Add the command define('DISABLE_PASSWORD_CLEARING', 1); to your includes/config.php - This will NOT be overwritten by upgrades, so only needs doing once. 2. Upload the file hooks_ldap_auth.xml to includes/xml under your forum. 3a. Edit product-ldap_auth-1.5.xml with the changes as above 3b. Install the modified product file using the Add/Import Product link on the Manage Products page under Plugins & Products in your AdminCP. 4. Edit LDAP Authentication Options and fill in your ldap details 5. Done. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|