Advertisment

LDAP Mod for phpBB Forums

author-image
PCQ Bureau
New Update

In our March 2005 issue, we saw how to set up online forums

using phpBB on PCQLinux 2005. In this article, we'll explore ways to install

and configure LDAP (Lightweight Directory Access Protocol) mod on an already

running phpBB forum. The mechanism explained is OS independent and would work

fine on any OS that can run phpBB.

Advertisment

LDAP



Organizations use single server for authentication purposes for various

intranet applications such as e-mail, defect registers and ticket-logging

system. Most often, this server uses LDAP (Lightweight Directory Access

Protocol) authentication. phpBB, by default, creates its own user and password

database. If one wants phpBB to use LDAP authentication, one has to use 'LDAP

Auth MOD (phpBB)' available at http://sourceforge.net/projects/ldapauthmod/

Direct

Hit!

Applies to: Forum administrators

USP: Configure and install a platform-independent LDAP mod on phpBB forums

Primary Link:

http://sourceforge.net/projects/ldapauthmod/

Google keywords:

LDAP mod + phpBB, LDAP authentication

Enabling LDAP will let you authenticate users against a

Windows ADS domain on using Samba/LDAP on Linux.

Advertisment

Configuring php



LDAP support in PHP is not enabled by default. You will need to use the
'--with-ldap<=DIR>' configuration option when compiling PHP to enable LDAP

support. DIR is the LDAP base install directory. For Windows users, to enable

this module, copy files from the DLL folder of the php/Win32 binary package to

the SYSTEM folder of your Windows machine ( c:\windows\system32). Next you need

to copy some files as follows. If you are running a PHP version up to 4.2.0,

copy only 'libsasl.dll' to the Windows system 32 folder. For PHP 4.3.0 and

above you need to copy both 'libeay.dll' and 'ssleay32.dll' to this

folder. Then you need to edit php.ini to uncomment the line below.

extension = php_ldap.so (or

php_ldap.dll for windows)

Also, `extension_dir' is set to a directory where the

extension files are actually present.

Advertisment

Installing LDAP mod



Extract the file (downloaded from  Sourceforge) to a directory of your

choice. This mod comes with files that need to be replaced over original ones

but a manual installation of the mod is highly recommended. 'Install.txt'

explains manual installation in a lucid way. Before applying the patch, follow

the good old practice of backing up the current installation. Also, make sure

that you have created an admin account in phpBB with the same name as in LDAP or

you will not have admin access.

After installing the LDAP mod in your phpBB server you can authenticate users through your Windows 2000 machine

After this, simply apply the patch as explained in 'install.txt'.

The document uses the following conventions.

Advertisment

---< OPEN >---

       

Open the file to be edited.

Advertisment

---< FIND >---

around line

Advertisment

This would find the line number xxx, in/around which

modifications/addition needs to be done. It must be noted that this line number

might not always be exact, depending on the version of phpBB you are using. So,

a better idea is to search for the code in the file rather than the line number.

---< AFTER, ADD >---

Advertisment

after the lines found, add .

---< REPLACE WITH>---

replace the code found previously by

A couple of other conspicuous labels are used, which are

easily understandable. After editing 17 files, a couple of files, namely

functions_ldap.php and functions_ldap_ groups.php, have to be copied to

'includes' directory in phpBB installation.

Also, one has to connect to MySQL/MS SQL/other database

(whichever is used as the forum database) and run about 20 SQL queries. These

queries, essentially, add LDAP specific fields in the database.  phpBB code

has already been modified in previous steps to use these fields.

phpBB and mods

phpBB is a popular discussion forum software that can be used to host forums on the Internet or the intranet. phpBB's functionality can be extended using add-on software called mods or modifications. There are many mods available. In the last issue (Mod up your Forum, page 51, PCQuest), we have given an overview of how to install mods. Popular mods include the poll mod, the attachment mod and so on.

You can view a comprehensive list of mods in the mods database at

www.phpbb.com/mods. Mods are fairly easy to install and manage.

It should be noted that the mod's installation guide

shows you how to modify only the default template-SubSilver. If you are using

any other custom template, make sure that you do similar changes in that

template as well.

Configuring LDAP Mod



Manual installation of the mod is tedious and takes  half an hour.

Before, making your forum available to the public, it is a good idea to get

LDAPCheck.php (available with the mod) running. This is a small php script,

which connects to the LDAP server you specify and searches for a specific user.

If everything goes fine, it displays all the details related to that user.

After installing the mod, login as admin to the forums (do

not use LDAP password, yet). Go to Admin Panel>General Admin>

Configuration>Authentication Setting. Set Authentication mode to LDAP; LDAP

host name to your server name; LDAP port to 389 (or whatever is used by your

server).

Often, the LDAP server that you will want to connect to

would contain user-related information of several divisions/locations of your

organization. For performance and security reasons, you might like only a few

specific users to be authenticated for using phpBB forums.

In such cases, you should specify Base DN (Base Directory

Name) of the LDAP directory server. To identify the actual values, an LDAP

client like GQ or LDAP Browser from Softerra (http://www.softerra.com/products/ldapbrowser.php)

should be used.

One should also fill fields, namely, LDAP User ID Field (LDAP

property/field that you want to use as your forum user names, default = 'uid');

LDAP property/field containing user e-mail addresses; LDAP property/field

containing user website addresses, etc based on actual fields used on the LDAP

server. 

Once all these settings are saved, you can use LDAP

usernames and passwords for logging on to the forums.

Sandeep Gupta

Advertisment