Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
LDAP Authentication Details »
LDAP Authentication
Mod Version: 1.1, by zemic (Member) zemic is offline
Developer Last Online: Apr 2010 I like it Show Printable Version Email this Page

This modification is in the archives.
vB Version: 3.6.5 Rating: (7 votes - 4.86 average) Installs: 36
Released: 18 Apr 2007 Last Update: 21 May 2007 Downloads: 369
Not Supported Uses Plugins Additional Files  

I've been using Vbulletin for a few years, and have had some great modifications from this community, so having had to recently integrate Vbulletin with LDAP for my University discussion boards I decided to release this as a modification. This is my present to the community .

Description:

LDAP authentication for Vbulletin.

How it works:

This does not modify Vbulletin files or Vbulletin login code in anyway. We simple stick some script infront of the login process so we can validate against LDAP. Below is a breakdown of what this thing does:
  • First looks to see if login form has been submitted
  • Checks if it should look up "this" user in LDAP (defined in ldapconfig)
  • Queries LDAP for the username
    • If user is returned check if VB MD5 password matches LDAP MD5 password
      • If it does, check the VB user table to see if the user is already in the table. If yes, update VB user table password with LDAP password by encrypting MD5 password with the users 'salt' key
      • If not, create a new user in database using VB classes/functions.
    • If user/pass do not match in LDAP then check if user is in VB user table.
      • If they are, change the password to something random so they cannot login with an old password
  • If a user is not returned from LDAP, assume the user has registered on the boards in the normal way and dont do anything to the VB user table.
Requirements:

The requirements are based on the system we use. It may / may not work with other Vbulletin versions:
  • PHP 4.3+
  • LDAP System
  • uid (username), mail (email address), and a field containing MD5 password
Installation:
  1. Download and unzip the file
  2. Edit "ldapconfig.php" and then upload into your "includes" folder
  3. Login to Admin CP and Add / Import the product (xml file)
Extra Info / Future Plans / Help:

This LDAP integration script currently requires you to have an LDAP field with the users password stored as MD5. From my understanding, CRYPT is the default password storage for LDAP so some of you may not have an MD5 field in LDAP with the users password encrypted as MD5.

It would be possible to modify the script to check against CRYPT, but it would also require a template edit as the login form converts the password field "onSubmit" to MD5. I did not do this because we already have the MD5 in LDAP as we use it on a number of different system already, and I did not want to change VB templates.

Also, I was unable to find documentation on doing a script / releasing a modification, so in future if someone could explain to me or change the script slightly to allow editing of LDAP configuration file within ADMIN CP interface, that would be great. This would also mean not having to upload a file into the includes folder.

I'm sure there will be something I havent thought of, or will make it easier if this script had this and that, so feel free to post your ideas, and suggestions on improving this modification.

Important Info:
Hack is provided free of charge (but if you really want to get rid of money PM me ). I make no guarantee it will work on your system, but it does on mine with 15,000 users .

Version:
  • 1.1 - You can now specify the field to authenticate against in ldapconfig.php (19/05/2007)
  • 1.0.1 - Corrected 'mysql_num_rows' query to use VB DB class call (19/04/2007)
  • 1.0 - First release (18/04/2007)
Hope its useful for some of you

Download Now

Only licensed members can download files, Click Here for more information.

Supporters / CoAuthors

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Integration with vBulletin vBulletin Ldap Authentication Plugin malcolmx vBulletin 3.6 Add-ons 117 19 Jun 2013 13:18
Miscellaneous Hacks LDAP Authentication Haqa Modification Graveyard 148 10 May 2013 14:50

Comments
  #2  
Old 18 Apr 2007, 19:51
Reeve of shinra's Avatar
Reeve of shinra Reeve of shinra is offline
 
Join Date: Oct 2001
This has been requested for ages, you may find yourself crowned as a king for this. =p
Reply With Quote
  #3  
Old 18 Apr 2007, 20:55
projectego's Avatar
projectego projectego is offline
 
Join Date: Feb 2006
Location: UK
Real name: Steve
Cheers!

/me clicks install
__________________
Reply With Quote
  #4  
Old 18 Apr 2007, 21:04
M-Tuning's Avatar
M-Tuning M-Tuning is offline
 
Join Date: Jul 2005
Real name: Martin Venema
maybe usefull to explain what LDAP means?

Maybe I will install it, when I know what it is
Reply With Quote
  #5  
Old 18 Apr 2007, 21:10
nexialys
Guest
 
Originally Posted by m-tuning View Post
maybe usefull to explain what LDAP means?
Maybe I will install it, when I know what it is
If you don't know what it is, 100% chances you don't need it... search for LDAP on google for more details...
Reply With Quote
  #6  
Old 18 Apr 2007, 21:37
rjmjr69's Avatar
rjmjr69 rjmjr69 is offline
 
Join Date: Jan 2007
Nice work. Although I have no use for it. I've seen much call for it in the past.
Reply With Quote
  #7  
Old 18 Apr 2007, 23:08
Wayne Luke's Avatar
Wayne Luke Wayne Luke is offline
 
Join Date: Jan 2002
Real name: Wayne
Originally Posted by m-tuning View Post
maybe usefull to explain what LDAP means?
Lightweight Directory Access Protocol

From Wikipedia, the free encyclopedia

(Redirected from LDAP)
Jump to: navigation, search
The Lightweight Directory Access Protocol, or LDAP (IPA: [ˈɛl dp]), is an application protocol for querying and modifying directory services running over TCP/IP.
A directory is a set of information with similar attributes organized in a logical and hierarchical manner. The most common example is the telephone directory, which consists of a series of names (either of a person or organization) organized alphabetically, with an address and phone number attached.
An LDAP directory often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain Name System (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else which represents a given tree entry (or multiple entries).
Its current version is LDAPv3. LDAPv3 is specified in a series of IETF Standard Track RFCs as detailed in RFC 4510.


Maybe I will install it, when I know what it is
It is one of those things that if you don't know what it does, you don't need it.
__________________
Wayne Luke
Get started with your own social network. Purchase and download vBulletin today.
Reply With Quote
  #8  
Old 18 Apr 2007, 23:14
rjmjr69's Avatar
rjmjr69 rjmjr69 is offline
 
Join Date: Jan 2007
Just for my own satisfaction

can you give an example or two as to what this would be used for please?
Reply With Quote
  #9  
Old 18 Apr 2007, 23:17
maamon maamon is offline
 
Join Date: Apr 2007
Just for my own satisfaction

can you give an example or two as to what this would be used for please?
Reply With Quote
  #10  
Old 18 Apr 2007, 23:28
KevNJ KevNJ is offline
 
Join Date: Jan 2005
As said above... It is one of those things that if you don't know what it does, you don't need it.
Reply With Quote
  #11  
Old 18 Apr 2007, 23:30
rjmjr69's Avatar
rjmjr69 rjmjr69 is offline
 
Join Date: Jan 2007
Originally Posted by KevNJ View Post
As said above... It is one of those things that if you don't know what it does, you don't need it.
I agree I dont need it but regardless I would like to LEARN more about it. And the question was directed to the author thank you.
Reply With Quote
  #12  
Old 18 Apr 2007, 23:49
zemic's Avatar
zemic zemic is offline
 
Join Date: Oct 2004
Its one of them things, if you dont use it you dont need it as said above but....

Best example I can give is of my work..... we use LDAP to authenticate users accross different services we offer on campus - logging into computers, access programs, databases, and web sites. On the web for example our CMS, Blackboard, Campus Pipeline, Intranet and now VBulletin all authenticate against LDAP. This allows us to give out 1 username and password to every staff and student to access any service we offer; we can restrict access via LDAP as well.

There's a bit more to it than that. You've got to have someone to populate LDAP, or some program to automatically insert / update records i.e. our finance department enter a new staff member onto the pay roll system, and in an overnight job LDAP is synchronised with it, creating new usernames if neccessary or expire accounts if someone has left.

Its our "yellow pages" of staff and students. Benefit to us is 1 username and password to access all our services. Less maintenance. Also in time it will allow us to roll out "single sign on". Sign into a computer on the network, and then you are automatically logged into our web sites or Vbulletin when you go to that site. No need for cookies.

You may have heard of Active Directory which is similar.

Does that make sense? :s
Reply With Quote
  #13  
Old 19 Apr 2007, 00:19
rjmjr69's Avatar
rjmjr69 rjmjr69 is offline
 
Join Date: Jan 2007
Actually that makes PERFECT sense as to the definition of the acronym. thank you very much for answering. Now you will get ALLOT less questions
Reply With Quote
  #14  
Old 19 Apr 2007, 00:27
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
I notice that you are using mysql_num_rows() - you should update that to the equivelent vb database class call.
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
Reply With Quote
  #15  
Old 19 Apr 2007, 01:38
zemic's Avatar
zemic zemic is offline
 
Join Date: Oct 2004
True!! Fixed , thanks for pointing that out

(attachment updated)
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 02:07.

Layout Options | Width: Wide Color: