by June 2, 2005 0 comments



In our March 2005 issue, we saw how to set up online forums
using phpBB on PCQLinux 2005. In this article, we’ll explore ways to install
and configure LDAP (Lightweight Directory Access Protocol) mod on an already
running phpBB forum. The mechanism explained is OS independent and would work
fine on any OS that can run phpBB.

LDAP
Organizations use single server for authentication purposes for various
intranet applications such as e-mail, defect registers and ticket-logging
system. Most often, this server uses LDAP (Lightweight Directory Access
Protocol) authentication. phpBB, by default, creates its own user and password
database. If one wants phpBB to use LDAP authentication, one has to use ‘LDAP
Auth MOD (phpBB)’ available at http://sourceforge.net/projects/ldapauthmod/

Direct
Hit!

Applies to: Forum administrators

USP: Configure and install a platform-independent LDAP mod on phpBB forums

Primary Link:
http://sourceforge.net/projects/ldapauthmod/

Google keywords:
LDAP mod + phpBB, LDAP authentication

Enabling LDAP will let you authenticate users against a
Windows ADS domain on using Samba/LDAP on Linux.

Configuring php
LDAP support in PHP is not enabled by default. You will need to use the
‘–with-ldap[=DIR]’ configuration option when compiling PHP to enable LDAP
support. DIR is the LDAP base install directory. For Windows users, to enable
this module, copy files from the DLL folder of the php/Win32 binary package to
the SYSTEM folder of your Windows machine ( c:\windows\system32). Next you need
to copy some files as follows. If you are running a PHP version up to 4.2.0,
copy only ‘libsasl.dll’ to the Windows system 32 folder. For PHP 4.3.0 and
above you need to copy both ‘libeay.dll’ and ‘ssleay32.dll’ to this
folder. Then you need to edit php.ini to uncomment the line below.

extension = php_ldap.so (or
php_ldap.dll for windows)

Also, `extension_dir’ is set to a directory where the
extension files are actually present.

Installing LDAP mod
Extract the file (downloaded from  Sourceforge) to a directory of your
choice. This mod comes with files that need to be replaced over original ones
but a manual installation of the mod is highly recommended. ‘Install.txt’
explains manual installation in a lucid way. Before applying the patch, follow
the good old practice of backing up the current installation. Also, make sure
that you have created an admin account in phpBB with the same name as in LDAP or
you will not have admin access.

After installing the LDAP mod in your phpBB server you can authenticate users through your Windows 2000 machine

After this, simply apply the patch as explained in ‘install.txt’.
The document uses the following conventions.

—[ OPEN ]—

[file name]       

Open the file to be edited.

—[ FIND ]—

around line [xxx]

[code]

This would find the line number xxx, in/around which
modifications/addition needs to be done. It must be noted that this line number
might not always be exact, depending on the version of phpBB you are using. So,
a better idea is to search for the code in the file rather than the line number.

—[ AFTER, ADD ]—

[code]

after the lines found, add [code].

—[ REPLACE WITH]—

[code]

replace the code found previously by [code]

A couple of other conspicuous labels are used, which are
easily understandable. After editing 17 files, a couple of files, namely
functions_ldap.php and functions_ldap_ groups.php, have to be copied to
‘includes’ directory in phpBB installation.

Also, one has to connect to MySQL/MS SQL/other database
(whichever is used as the forum database) and run about 20 SQL queries. These
queries, essentially, add LDAP specific fields in the database.  phpBB code
has already been modified in previous steps to use these fields.

phpBB and mods

phpBB is a popular discussion forum software that can be used to host forums on the Internet or the intranet. phpBB’s functionality can be extended using add-on software called mods or modifications. There are many mods available. In the last issue (Mod up your Forum, page 51, PCQuest), we have given an overview of how to install mods. Popular mods include the poll mod, the attachment mod and so on.

You can view a comprehensive list of mods in the mods database at
www.phpbb.com/mods. Mods are fairly easy to install and manage.

It should be noted that the mod’s installation guide
shows you how to modify only the default template-SubSilver. If you are using
any other custom template, make sure that you do similar changes in that
template as well.

Configuring LDAP Mod
Manual installation of the mod is tedious and takes  half an hour.
Before, making your forum available to the public, it is a good idea to get
LDAPCheck.php (available with the mod) running. This is a small php script,
which connects to the LDAP server you specify and searches for a specific user.
If everything goes fine, it displays all the details related to that user.

After installing the mod, login as admin to the forums (do
not use LDAP password, yet). Go to Admin Panel>General Admin>
Configuration>Authentication Setting. Set Authentication mode to LDAP; LDAP
host name to your server name; LDAP port to 389 (or whatever is used by your
server).

Often, the LDAP server that you will want to connect to
would contain user-related information of several divisions/locations of your
organization. For performance and security reasons, you might like only a few
specific users to be authenticated for using phpBB forums.

In such cases, you should specify Base DN (Base Directory
Name) of the LDAP directory server. To identify the actual values, an LDAP
client like GQ or LDAP Browser from Softerra (http://www.softerra.com/products/ldapbrowser.php)
should be used.

One should also fill fields, namely, LDAP User ID Field (LDAP
property/field that you want to use as your forum user names, default = ‘uid’);
LDAP property/field containing user e-mail addresses; LDAP property/field
containing user website addresses, etc based on actual fields used on the LDAP
server. 

Once all these settings are saved, you can use LDAP
usernames and passwords for logging on to the forums.

Sandeep Gupta

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.