Go Back   vb.org Archive > vBulletin Modifications > Archive > Modification Graveyard
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
LDAP Authentication Details »»
LDAP Authentication
Version: 1.5, by Haqa Haqa is offline
Developer Last Online: Jun 2010 Show Printable Version Email this Page

Category: Miscellaneous Hacks - Version: 3.7.x Rating:
Released: 11-17-2008 Last Update: 03-18-2009 Installs: 65
Uses Plugins
Re-useable Code Additional Files Translations  
No support by the author.

I've only recently started using vBulletin, and this is my first mod so if you use this, please click Installed!

This mod (which builds on the fine work from malcomx and zemic) is intended to lower the barriers to using and LDAP directory as an external authentication source for your board. The idea is simple; capture a login attempt before authentication and test it against LDAP first, if that succeeds, see if there is already a matching user in vBulletin. If there is not, create one, using data from the LDAP to fill in the required fields, if there is already a matching user (Determined by comparing email addresses) then update the user.

You might be asking why this mod is better than the two mods I've mentioned above? Well firstly the only additional file is the XML file for the new hooks (See below), and no changes to vBulletin code so installation is simple, and upgrades to vBulletin don't get over complicated by re-applying changes. Secondly, all the settings are controlled from the admincp rather than an external config file. Thirdly (as if two wasn't enough) I've added some hook points so this mod can be extended, for example to get additional data from the LDAP and put it in user profile fields.

One important similarity with the two earlier mods is that in the admincp and modcp no LDAP authentication is performed, this is a safety feature, so even if the mod or an extending to it, breaks your board, you shouldn't ever get locked out of the admincp so you'll be able to turn if off quickly.

Additional Hooks

The mod is essentially a single plugin (plus options and help) which runs at global_complete which is before most other things have happened, but just after all the global setup has occurred.

To enable the additional hooks, you need to upload the file hooks_ldap_auth.xml to /includes/xml under your forum.

The following new hooks are created by this mod:
  • ldap_auth_start - After the list of attributes to fetch has been created, this list is in $ldapAttrs. You can simply add your own attributes to this array here.
  • ldap_auth_all_user - After a new user has been added to vBulletin or existing user has been updated, but before the user has been saved. The new user is in $newuser and the LDAP data is in $userData. This happens before ldap_auth_new_user or ldap_auth_existing_user.
  • ldap_auth_new_user - After a new user has been added to vBulletin, but before the user has been saved. The new user is in $newuser and the LDAP data is in $userData.
  • ldap_auth_existing_user - After an existing user has been updated, but before the user has been saved. The new user is in $newuser and the LDAP data is in $userData.

By requesting new attributes at ldap_auth_start and then applying them at either ldap_auth_all_user, ldap_auth_new_user or ldap_auth_existing_user you can setup your users easily without having to write all the LDAP code yourself!

AdminCP Settings

This mod creates a new options group called LDAP Authentication between email options and user registration options where you set the host name and port number of the LDAP server, the initial authentication type (Anonymous or authenticated), optionally the BindDN and Password for the LDAP server. You also set which attribute matches the vBulletin username (The default is cn which works well for inetOrgPerson based entries). You can set additional attributes to retrieve (If you want to quickly knock up a simple plugin which uses them at one of the hook points above). There is also the facility to disable (or rather make unavailable) accounts which exist in vBulletin but not in LDAP. Given that your initial admin may fall into this group, there is also a list of userids who should be allowed to log in anyway.

Requirements
  • PHP 4.3+ with LDAP support.

I'll try to provide support to users of my mod, but please bear in mind I fairly new to all this, so I may not be able to solve all problems immediately. Support will only be provided via this thread (Don't PM or email me unless I ask you to). Priority will be given to users who have clicked Installed.

Release Notes
  • 1.0 - Initial release
  • 1.1 - Corrected SQL queries to use TABLE_PREFIX
  • 1.2 - Corrected a bug which prevented the settings page from being created correctly
  • 1.3 - Corrected where the existing, new and all user hooks are called (Before, not after the user profile fields are set) to support dependant plugins
  • 1.4 - Added the ability to set a search base for directories which do not permit searching from the root
  • 1.5 - Fixed reported bug where hooks were called in the wrong order

Installation
  1. Add the command define('DISABLE_PASSWORD_CLEARING', 1); to your includes/config.php - This will NOT be overwritten by upgrades, so only needs doing once.
  2. Upload the file hooks_ldap_auth.xml to includes/xml under your forum.
  3. Install the latest product file (below) using the Add/Import Product link on the Manage Products page under Plugins & Products in your AdminCP.

Haqa...

Download Now

File Type: (21.4 KB, 0 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Благодарность от:
Jimbot

Comments
  #82  
Old 06-12-2009, 02:07 PM
manchu_fire manchu_fire is offline
 
Join Date: Mar 2009
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hello all...
New to the vBulletin and I'm currently using v3.8.2 and wanted to use this mod for Active Directory Authentication, using Win 2003 Server.
Reading this thread from start to finish I'm getting confused on the install??? Any thoughts of posting an updated install process that is working with v3.8.x here or maybe in the v3.8.x mod thread?
Reply With Quote
  #83  
Old 06-15-2009, 09:17 AM
RoCF RoCF is offline
 
Join Date: Mar 2009
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by manchu_fire View Post
Hello all...
Reading this thread from start to finish I'm getting confused on the install??? Any thoughts of posting an updated install process that is working with v3.8.x here or maybe in the v3.8.x mod thread?
I've got it running on a Windows 2003 Server with the installation notes given in the description. Try that step by step.

Thank you Haqa for the programming. Great Work!

My situation was a bit unique, because I our websites are programmed in Cold Fusion. Some time ago I programmed a database with users that have access to a secured website. The user data is held in a mssql database.

So I added some extra code to your script to authenticate those users against my "coldfusion" database too. When success it adds the user to the vBulletin. And I have both internal users user LDAP and external users using my other database.

It also handles password changes aswell, although either LDAP oder my SQL Database is the master.

Now if there were a method where I could pass the ColdFusion login crecedentials to the vBulletin Board, so it would be single sign-on, this would be my perfect szenerio

But thank you again. This is already great enough.

Regards
Charles
Reply With Quote
  #84  
Old 06-29-2009, 02:07 PM
Blinker Blinker is offline
 
Join Date: Apr 2009
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I want to allow some external users, but only the first one comes in. The others gets a bad username/password message. Any ideas?

Thanks

Reply With Quote
  #85  
Old 07-06-2009, 03:29 AM
john.parlane john.parlane is offline
 
Join Date: Aug 2008
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi Haqa

Great job on this plugin. I have got it working great on our 3.8.2 test vB installation with Active Directory no bother at all. :up:

I have a challenge in production however. Effectively we will need to search two 'Search Base DNs' as our users are split between two high level DN nodes. Is there any way I can tell the plugin to search two DNs? The admin panel appears to allow only one.

I don't want to set the Search Base DN to the level above the two DNs as this is effectively the root and will include masses of nodes that we are not interested in.

Any help would be greatly appreciated.

Thanks again
John.
Reply With Quote
  #86  
Old 07-07-2009, 01:58 PM
Johnny G Johnny G is offline
 
Join Date: Mar 2009
Location: Liverpool, England
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi - first post, newbie alert, etc.
I've taken over running a forum which has around 5000 members. Now, we've got an online shop (which isn't quite live yet) running on OSCommerce and I'm just in the process of putting Joomla! on the site.

Now, I know LDAP from work, but there's a wondering I've got about how this works.

Firstly, if I install this mod on a clean LDAP database, how can I import the 5000 usernames from the vBulletin installation?

Would I be correct in assuming that when a user logs in to the forum, the LDAP would be checked, then report no such user. Then vB would be queried and report a success - with the LDAP then taking in the information from vB.

... or have I got this completely wrong. If so, any pointers on how to get the users in the LDAP DB?

Thanks in advance!
Reply With Quote
  #87  
Old 07-16-2009, 10:34 AM
Blinker Blinker is offline
 
Join Date: Apr 2009
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi!

What could be the reason for this "creating/updating user" - error? Two of 1500 users get it after some weeks of normal use. I can?t find any special configuration ....

Reply With Quote
  #88  
Old 07-20-2009, 05:21 AM
Blinker Blinker is offline
 
Join Date: Apr 2009
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Blinker View Post
Hi!

What could be the reason for this "creating/updating user" - error? Two of 1500 users get it after some weeks of normal use. I can?t find any special configuration ....


I found the difference: the user gets a new e-mailadress in our user-management-system ...
Reply With Quote
  #89  
Old 07-28-2009, 03:31 PM
paul41598's Avatar
paul41598 paul41598 is offline
 
Join Date: Jun 2004
Location: MI
Posts: 732
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So I've finally gotten this to work! It took adding the OU to the search DN. Anyways, one issue I've noticed is that if I changed my testusers AD password or reset it from the AD Users & Computers my testuser can log in with both the OLD password and the NEW password.

So for some reason it still takes the old password and he's able to log in. So weird...
Reply With Quote
  #90  
Old 08-17-2009, 08:35 PM
nsidcwww nsidcwww is offline
 
Join Date: Aug 2009
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am stuck with getting this MOD to work with 3.8.4. I have done the following:

1) Uploaded the hooks_ldap_auth.xml to the includes/xml directory.

2) Uploaded the hooks_ldap.xml (from the previous LDAPAuth for creating a hook in the /login.php file) to the includes/xml directory.

3) Imported this product via the Manage Product option in the vBulletin admin interface

4) Added the following line in the login.php file as instructed in the previous LDAPAuth module for creating a hook...

($hook = vBulletinHook::fetch_hook('ldap_login_hook')) ? eval($hook) : false;

after the following codes:

if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}

5) Changed the following line in the global.php file....

$show['nopasswordempty'] = defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; // this nees to be an int for the templates

to the following codes:

$show['nopasswordempty'] = defined('DISABLE_PASSWORD_CLEARING') ? 0 : 1; // this nees to be an int for the templates

The main configuration in the LDAP Authorization window that I am most confused about the LDAPBase DN, which I have configured as follows:

cn=nsidc,dc=colorado,dc=edu,ou=people

Any assistance with getting this to work would be great!
Reply With Quote
  #91  
Old 08-18-2009, 02:40 AM
kamalrij kamalrij is offline
 
Join Date: May 2009
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

We're using this plugin along with Full Name support for LDAP Auth plugin to connect to our corporate LDAP directory.

The official email ID of people in our company is to change from handle@company.com to firstname.lastname@company.com.

When people try to login after their email ID has changed they get the following error

vBulletin Message
Error creating/updating user
Array


Once the email ID updated to firstname.lastname@company.com from the admin control panel they are able to login.

Is there a way to be dynamically updated every time everytime a user logs in through this plugin OR for the user to be allowed to login with his ldap credentials but reflecting his handle@company.com ID (i.e. for the authentication to work without the error mentioned earlier).
handle@company.com would be set as an alias to firstname.lastname@company.com on the mail servers so the email notifications would continue to work.

Thanks you in advance
Kamal
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:01 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05396 seconds
  • Memory Usage 2,347KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (1)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete