Username and LDAP (Alternative Username)

Looking for a MOD? Have a MOD request? Post here for help. (Note: This forum is community supported; phpBB does not have official MOD authors)
Anti-Spam Guide
kevinp63
Registered User
Posts: 33
Joined: Tue Jan 29, 2008 3:22 pm

Username and LDAP (Alternative Username)

Post by kevinp63 »

Recently installed 3.0 and connected it to the company LDAP server all is great!

In our company, LDAP credentials are Employee Number/password. Anyone in the company can login but it uses their Employee Number for their board username. Not very user friendly... Is there a way to alter this to display FirstName LastName instead? I can (probably)figure out the getting the FName & LName into the database on login, but how would I then display those 2 instead of Employee Number for all instances of username??

Thanks in advance for any suggestions...
hawkbat05
Registered User
Posts: 3
Joined: Thu Jan 31, 2008 5:00 am

Re: Username and LDAP (Alternative Username)

Post by hawkbat05 »

I just got this working tonight on phpBB 3. You can change the username that it looks for by changing the LDAP UID field in the LDAP settings. If you're using Active Directory just use Active Directory Explorer to find all the available fields. For example my setting is simply 'cn' (don't put those quotes in the textbox). I haven't figured out how to merge them like you want. I'm looking to do the same thing. I hope that helps.

**********UPDATE**********
In Active Directory I just set mine to use the displayName field.
kevinp63
Registered User
Posts: 33
Joined: Tue Jan 29, 2008 3:22 pm

Re: Username and LDAP (Alternative Username)

Post by kevinp63 »

Thanks, good to know I am not the only one looking for this...

Question - Do your users still log in with their Emp#? Or their DisplayName?
We have several Tom Smiths etc...

I am hoping to leave the login as is but just like it retrieves email from LDAP at every login, I want to also grab DisplayName and update the DB... Would need to add a DisplayName field in the DB

Then once logged in, replace all instances of UserName with DisplayName.

Not sure where to begin.
hawkbat05
Registered User
Posts: 3
Joined: Thu Jan 31, 2008 5:00 am

Re: Username and LDAP (Alternative Username)

Post by hawkbat05 »

I took a look at the '_users' table and there are two user name columns in it. 'username' and 'username_clean'. The first one looks like a case sensitive version (perhaps just to act as the display name) and the other is all lower case. In my table it's the same as the 'username' column but all lowercase. I don't know if you could modify the php code to fill those two columns with different LDAP query results. Maybe I'll create a dummy user and manually edit the table to see what happens. Obviously modifying the code will be required but this might provide some insight into how it's working without digging in to the code.


******UPDATE******
I manually went into my database and updated my 'username' column (after backing up of course). I was only able to login with my login name that LDAP was set to use and when I made a new post it logged my username as 'test' (which is what I changed that entry to). I was not able to login with 'test' as my login name. I also tried logging in with a mix of caps in my LDAP login name and it looks like the login is case insensitive. So it looks like all you'd have to do is find in the php code where it writes in the username_clean field and add some code after it to modify the 'username' column to whatever you want their username to look like. Or if you want it to query LDAP at every login you'd want to add it after the email address check.
kevinp63
Registered User
Posts: 33
Joined: Tue Jan 29, 2008 3:22 pm

Re: Username and LDAP (Alternative Username)

Post by kevinp63 »

hawkbat05 wrote:Or if you want it to query LDAP at every login you'd want to add it after the email address check.
I am hoping to add to the login process a query for FName & LName...
Do you know what page I should edit for this?
hawkbat05
Registered User
Posts: 3
Joined: Thu Jan 31, 2008 5:00 am

Re: Username and LDAP (Alternative Username)

Post by hawkbat05 »

You'll probably want to look at the 'user_add' function in the functions_user.php file. I'm not 100% sure on this so you might want to mess around on a test BB. I'm fairly new to both php and phpBB so I can't offer any promises. From what I'm seeing on my side of things the LDAP email address is only getting pulled at registration time. You'll probably want to look at the 'login' function in 'auth.php' or the 'login_ldap' function in the 'auth_ldap.php' file. The 'login' function calls the 'login_ldap' function.
User avatar
simonallen
Registered User
Posts: 1
Joined: Mon Feb 04, 2008 11:13 am

Re: Username and LDAP (Alternative Username)

Post by simonallen »

Hey,

Thought it was about time I registered.

I've two test boards setup, one using the CN and the other FULLNAME (Novell LDAP), my only concern about using the FULLNAME is how does it handle duplicate names in the system - does it just fail or try and match the password to all users with that name and then authenticate if the correct user is found?

I've been trying ta do the same as kevinp63 - i.e. using the 'Employee Number' as the login name but showing their full name are the PHPBB username but still no joy.
kevinp63
Registered User
Posts: 33
Joined: Tue Jan 29, 2008 3:22 pm

Re: Username and LDAP (Alternative Username)

Post by kevinp63 »

I have REALNAME as my Custom profile field where I store the persons name.

So far I have edited viewtopic_body.html and replaced username with this:

Code: Select all

<b><a href={postrow.U_PROFILE}><span style="color: {postrow.POST_AUTHOR_COLOUR}">{postrow.PROFILE_REALNAME_VALUE}</span></a></b>
And on memberlist_body.html I replaced username with this:

Code: Select all

<b><a href={memberrow.U_VIEW_PROFILE}>{memberrow.PROFILE_REALNAME_VALUE}</a></b>
This page doesn't really let you search by letter though...

Anyway, I am stuck at the Index page trying to make Moderator, Last post author, and Registered Users use my custom profile field.

If that can be figured out I am sure it could carry over to viewforum...
soddy
Registered User
Posts: 11
Joined: Fri Jan 04, 2008 11:30 am

Re: Username and LDAP (Alternative Username)

Post by soddy »

I had the same problem so I added a custom field fullname in profile. I edited the auth_ldap.php such that each time the user login, his name is read from LDAP and inserted into phpbb_profile_fields_data. But I have one problem...The custom field can be edited by user. I cannot make the field hidden. If user edits his name, it will remain as it is until the user login again. Is there anyway to prevent the user from editing the custom field?

EDIT: I edited the file ucp_profile_profile_info.html and commented the custom profile field part. But this can't be a solution in case I need some of the custom fields to be edited by user.
z3frog
Registered User
Posts: 3
Joined: Fri Jan 25, 2008 8:30 pm

Re: Username and LDAP (Alternative Username)

Post by z3frog »

Hey soddy, can you post some instructions on how you did this? It seems like you have done what I want to do. Thanks!
errormaster
Registered User
Posts: 2
Joined: Tue Mar 25, 2008 3:58 pm

Re: Username and LDAP (Alternative Username)

Post by errormaster »

I would also be interested in a solution for it .. does anyone have a solution for it?

It tried it by myself but failed :(
excalibur_
Registered User
Posts: 4
Joined: Mon Sep 08, 2008 1:32 am

Re: Username and LDAP (Alternative Username)

Post by excalibur_ »

I'm trying to get this to work too...without much success.

The problem is that I don't know how phpBB pulls data out of LDAP - what is stored in $ldap_result?

Does auth_ldap.login_ldap.$ldap_user_row (as Array) have anything to do with $user_row in function_user.user_add() ?

I'm trying to achieve something like this - populate _users.username with 'Firstname Lastname (empCode)' and _users.username_clean with 'empCode'. I've tested changing the username to this format directly through the MySQL console, whilst leaving username_clean as is. Login using LDAP with the old username_clean + password works fine and posts display the new (more descriptive) username, which is exactly the behaviour I want.

Can anyone shed some light?

(forgive me but I'm very new to PHP code hacking - have come across from the dark side that is Java).
paul_manning22
Registered User
Posts: 1
Joined: Thu Jun 26, 2008 1:51 am

Re: Username and LDAP (Alternative Username)

Post by paul_manning22 »

I've got this working by using an unused profile field in my environment - Being "Location"

This enables users to sign on with the true "samaccountname", but return the more descriptive "displayname" field shown when viewing posts and so on..

I've included to the required code mods here;

File:- /includes/auth/auth_ldap.php
Original

Code: Select all

 $search = @ldap_search(
                $ldap,
                $config['ldap_base_dn'],
                ldap_user_filter($username),
                (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
                0,
                1
        );
Changed To:

Code: Select all

  $search = @ldap_search(
                $ldap,
                $config['ldap_base_dn'],
                ldap_user_filter($username),
                (empty($config['ldap_email'])) ? array($config['ldap_uid'], $config['ldap_email'], 'displayName'),
                0,
                1
        );
Original

Code: Select all

$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
Changed To:

Code: Select all

$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_from
Original

Code: Select all

$ldap_user_row = array(
     'username'              => $username,
     'user_password' => phpbb_hash($password),
     'user_email'    => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
     'group_id'              => (int) $row['group_id'],
     'user_type'             => USER_NORMAL,
     'user_ip'               => $user->ip,
  );
Changed To:

Code: Select all

$ldap_user_row = array(
'username'              => $username,
'user_password' => phpbb_hash($password),
'user_email'    => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
'group_id'              => (int) $row['group_id'],
'user_type'             => USER_NORMAL,
'user_ip'               => $user->ip,
'user_from'             => $ldap_result[0]['displayname'][0],
);
File:- /includes/functions_content.php
Original

Code: Select all

if ($guest_username === false)
        {
       $username = ($username) ? $username : $user->lang['GUEST'];
        }
Changed To:

Code: Select all

if ($guest_username === false)
        {
        $sql = "SELECT * FROM `phpbb_users` WHERE `user_id` = '" . $user_id . "'";
        $result = $db->sql_query($sql);
        $row = $db->sql_fetchrow($result);
        $username = $row['user_from'];
        $db->sql_freeresult($result);
        }
File:- viewtopic.php
Original

Code: Select all

'POST_AUTHOR_FULL'              => get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']),
Changed To:

Code: Select all

$postrow = array(
  	'POST_AUTHOR_FULL'              => $user_cache[$poster_id]['from'],
File:- /language/en/common.php
Original

Code: Select all

'LOCATION'	=> 'Location',
Changed To:

Code: Select all

'LOCATION'	=> 'Full Name',
ztkirby
Registered User
Posts: 10
Joined: Fri Apr 04, 2008 3:55 pm

Re: Username and LDAP (Alternative Username)

Post by ztkirby »

paul_manning22 wrote:
File:- /includes/auth/auth_ldap.php
Original

Code: Select all

 $search = @ldap_search(
                $ldap,
                $config['ldap_base_dn'],
                ldap_user_filter($username),
                (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
                0,
                1
        );
Changed To:

Code: Select all

  $search = @ldap_search(
                $ldap,
                $config['ldap_base_dn'],
                ldap_user_filter($username),
       >>>>>(empty($config['ldap_email'])) ? array($config['ldap_uid'], $config['ldap_email'], 'displayName'),
                0,
                1
        );
<-- snip -->
I'm having a problem with this. I get the following error:
Parse error: syntax error, unexpected ',' in /www/docs/forum/includes/auth/auth_ldap.php on line 165
The line marked by >>>>> is the line in question. Any ideas?
masterkeedu
Registered User
Posts: 5
Joined: Tue Jan 20, 2009 8:15 pm

Re: Username and LDAP (Alternative Username)

Post by masterkeedu »

Some enhancements if I may...




First in regards to the last comment, this will resolve the error.

File:- /includes/auth/auth_ldap.php ~ line 161
Original

Code: Select all

    $search = @ldap_search(
                    $ldap,
                    $config['ldap_base_dn'],
                    ldap_user_filter($username),
                    (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']),
                    0,
                    1
            );
Changed To:

Code: Select all

   	 $search = @ldap_search(
                    $ldap,
                    $config['ldap_base_dn'],
                    ldap_user_filter($username),
                    (empty($config['ldap_email'])) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email'], 'displayName'),
                    0,
                    1
       );
Basically as I read that statement
"If they haven't specified which field is email, just load username, otherwise load username, email (and now full name)"


We'll want to pull the username from the table from now on.

Original ~line 180

Code: Select all

    $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
Changed To:

Code: Select all

    $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_from
But most importantly we'll need to save it on the user's first login for future retrieval.

Original ~line 226

It worth noting this will only be applied to new users authenticating against LDAP. Existing users (like you most likely) will need to manually change the Full Name value in your profile (after making all these changes)

Code: Select all

    $ldap_user_row = array(
         'username'              => $username,
         'user_password' => phpbb_hash($password),
         'user_email'    => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
         'group_id'              => (int) $row['group_id'],
         'user_type'             => USER_NORMAL,
         'user_ip'               => $user->ip,
      );

Changed To:

Code: Select all

 
    $ldap_user_row = array(
    'username'              => $username,
    'user_password' => phpbb_hash($password),
    'user_email'    => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
    'group_id'              => (int) $row['group_id'],
    'user_type'             => USER_NORMAL,
    'user_ip'               => $user->ip,
    'user_from'             => $ldap_result[0]['displayname'][0],
    );

File:- /includes/functions_content.php

line ~1179

Orginal

Code: Select all

	global $phpbb_root_path, $phpEx, $user, $auth;
Change to

Code: Select all

	global $phpbb_root_path, $phpEx, $user, $auth, $db;
Otherwise the next part has no idea what $db is!

line ~1183

Original

Code: Select all

    if ($guest_username === false)
            {
           $username = ($username) ? $username : $user->lang['GUEST'];
            }

Changed To:

Code: Select all

    if ($guest_username === false)
            {
            $sql = "SELECT * FROM `phpbb_users` WHERE `user_id` = '" . $user_id . "'";
            $result = $db->sql_query($sql);
            $row = $db->sql_fetchrow($result);
            $username = ($row['user_from']) ? $row['user_from'] : $username;
            $db->sql_freeresult($result);
            }
This is different then the code by Paul as it allows existing users to still be visible under their username if they have not yet added a Full Name. Otherwise administering old users becomes impossible!


File:- viewtopic.php

line ~1409
Original

Code: Select all

  $postrow = array(
    'POST_AUTHOR_FULL'              => get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']),

Changed To:

Code: Select all

    $postrow = array(
'POST_AUTHOR_FULL'		=> get_username_string('full', $poster_id, $user_cache[$poster_id]['from'], $row['user_colour'], $row['post_username']),

This will keep the username clickable and colored!


This part just changes the reference of Location to Full Name

File:- /language/en/common.php
Original

Code: Select all

    'LOCATION'   => 'Location',

Changed To:

Code: Select all

    'LOCATION'   => 'Full Name',



Thanks to paul_manning22 for getting me started down the road.
Locked

Return to “[3.0.x] MOD Requests”