[OpenSIPS-Users] LDAP authentication issue

Leon Li Leon.Li at aarnet.edu.au
Tue Jun 2 06:23:16 CEST 2009 

Hi,

 

I am facing some problems when try to authenticate via a current LDAP
server, and 401 is always the error. My config is as below:

 

                if(is_present_hf("Authorization"))

                {

                        # ldap search

                        if
(!ldap_search("ldap://sipaccounts/ou=People,dc=aarnet,dc=edu,dc=au?uid,u
serPassword?one?(&(uid=$fU)(objectclass=posixAccount))"))

                        {

                                switch ($retcode)

                                {

                                        case -1:

                                           # no LDAP entry found

                                           xlog("L_INFO", "Ldap user not
found\n");

                                           sl_send_reply("404", "User
Not Found");

                                           exit;

                                        case -2:

                                           # internal error

                                           xlog("L_INFO", "Internal
Server Error during Authentication\n");

                                           sl_send_reply("500",
"Internal server error");

                                           exit;

                                        default:

                                           exit;

                                }

                        }

                        if
(ldap_search("ldap://sipaccounts/ou=People,dc=aarnet,dc=edu,dc=au?uid,us
erPassword?one?(&(uid=$fU)(objectclass=posixAccount))"))

                        {

                                xlog("L_INFO", "Returned
Code=$retcode\n");

                        }

                        xlog("L_INFO", "Ldap user=$fU found\n");

                        ldap_result("uid/$avp(s:username)");

                        xlog("L_INFO", "Ldap user=$avp(s:username)\n");

                        ldap_result("userPassword/$avp(s:password)");

                        xlog("L_INFO", "Ldap
password=$avp(s:password)\n");

                        if(!pv_www_authorize(""))

                        {

                                xlog("L_INFO", "Returned
Code=$retcode\n");

                                xlog("L_INFO", "Register authentication
failed - M=$rm RURI=$ru D=$td F=$fu Fuser=$fU RUser=$rU T=$tu IP=$si
ID=$ci\n");

                                www_challenge(""/*realm*/,"0"/*qop*/);

                                exit;

                        }

                        save("location");

                        sl_send_reply("200", "ok");

                        exit;

                } else {

                        xlog("L_INFO", "Challenging - M=$rm RURI=$ru
D=$td F=$fu Fuser=$fU RUser=$rU T=$tu IP=$si ID=$ci\n");

                        www_challenge("","0");

                        exit;

                        }

 

The problem is

1.       if using anonymous binding, ldap_search returns uid fine, but
it will never return password. (This is set by the admin to not expose
password) The ldap_result for $avp(s:password) is always null.

2.       If I bind with my DN first in ldap.cfg. $avp(s:password) will
returned SHA code (assumedly my password), but still failed.

 

Anyone had the same situation before?

 

Thanks

Leon

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090602/73e4fc69/attachment-0001.htm

More information about the Users mailing list