Integration with vBulletin - vBulletin Ldap Authentication Plugin

I am using vbulletin for a long time now and before there was the plugin system introduces i hacked every single version of vb to enable ldap authentication. with the introduction of the plugin system i have written a little plugin that works in every version since VBulletin 3.5. This Plugin is the buyable VBulletin Ligh Authentication from http://www.sartori.at. now its FREE.

Since its working and i will not enhance this small plugin anymore, i will make it public. If there are any enhancements, i can put it into my versioning system and update this plugin.

In contrast to the ldap authentication from zemic my board can authenticate against every - already deployed - ldap directory without changeing the encryption type.

If the ldap user is not added in the VBulletin database, the user is automatically added the first time he authenticates against the ldap. if the user already exists then nothing is changed, except the authentication against the directory.

in the admin or moderator panel no user is authenticated against the directory.

Requirements

• php with ldap support

Installation Notes:

1. copy ldapAuth directory to your vb forum installation directory
2. change the path to controller.php directory in ldap-plugin.xml
3. copy the hooks_ldap.xml to FORUM_ROOT/inclucdes/xml directory
4. in login.php search for:
   
   PHP Code:

   if ($vbulletin->GPC['vb_login_username'] == '')
         {
          eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], ....
         } 

   insert below:
   
   PHP Code:

   ($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false; 

5. activate plugin system (if not done already) in admincp
6. in admin cp import the product at "Download / Upload" Plugins
7. in global.php search for:
   
   PHP Code:

   $show['nopasswordempty'] 

   and change:
   
   PHP Code:

   defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; 

   to:
   
   PHP Code:

   defined('DISABLE_PASSWORD_CLEARING') ? 0 : 1; 

8. configure the ldap settings in: ldapconfig.inc.php
9. test the product

Additional Notes:
If you are running a Microsoft Active Directory as Ldap server you have to change some settings to allow anonymous queries. This is described at
Novell and Microsoft


I would be happy if you support my modification in any way. Install or nominate it or donate some cents at paypal.

[malcolmx]

thank you for installing my mod and sharing your experience. i do not have alot of time, thats why i could not improve the whole plugin.

but its nice to see, that its still working on newser vbulletin version

i have subscribed the thread, so whenever someone posts, i go here and read the post. i will help whenever its possible.

-malc

[jeilers]

OK, I can't tell if this has been answered. Trying to get this mod working on our corporate intranet. IT will not allow anonymous LDAP queries
Has anybody gotten it to work without this and can explain it succinctly to a newb?

[malcolmx]

hello,

the whole script will work without anonymous searches, if:

• all users are below the same leaf in the ldap tree (then you do not have to search for the user DN)
• you bind to your ldap with a user that is allowed to do searches

if you need more information just ask, i will try to help.

-malc

[bada_bing]

Do you know if I can use Cisco ACS to handle authentication rather then pointing to Ldap using this hack/add-on ?

[malcolmx]

hello,

i dont think that this works since cicso ACS is basically a radius server which gets the userdata itself from an ldap or active directory.

-malc

[Martin Belak]

Thanks for a great plugin malcolmx! Do you know if it works with vB 3.7?

/M

[j_ainsworth]

This mod is exactly what I need but I'm struggling to set it up, I've followed the instructions. We are trying to authenticate against a windows 2003 Active Directory and have allowed Anonymous Logon permissions as per the instructions. But everytime I try to login to vbulletin it says I've entered an invalid username/Password
I have tried the alternative controller.debug.php and it gives me the following
++ -------- START -------- ++
++ LoginType: Normal Login
++ LdapFiler: (uid=test)
++ LdapServer: connection successful
++ LdapSearch: there is no such user in the directory

The strange thing I always get the above output even if I put bogus info into ldapconfig.inc.php
ie If I don't use the Active directory port number 3268 or put a rubbish IP addresss or hostanem for $ldapserver
which makes me think that where it says its making a connection successful isn't actually the case
Anyideas
Any more debug that I can get out of the system, we are using vbulletin 3.6.8 on windows 2000 with php 5
Thanks

[j_ainsworth]

Hi the above problem seems to of changed slightly, now when I try to log in with ldapconfig.inc.php configure correctly it just sits at the login screen
The debug output just says
++ -------- START -------- ++
++ LoginType: Normal Login
++ LdapFiler: (uid=vbulletin)
++ LdapServer: connection successful

But doesn't get any further

I have checked and double checked settings, I have also tried authenticating against an old Windows 2000 domain but it does the same.

If anyone has any ideas I would really appreciate as I would really like to use it
Thanks
John

[malcolmx]

is there a user with the uid=xxxx ?
maybe you can find your users with cn=xxx?

you can use the command line tool "ldapsearch" to search for specific attributes in your active directory.
maybe that helps you.

-malc

[malcolmx]

Quote:

Originally Posted by Martin Belak

Thanks for a great plugin malcolmx! Do you know if it works with vB 3.7?

/M

maybe.. i have no license to check with. newest vbulletin i have is a 3.6 license.