[OpenSIPS-Users] LDAP authentication issue
Gavin Henry
gavin.henry at gmail.com
Wed Jun 3 12:16:30 CEST 2009
Correct, if you are allowed to get it. Then you have to create your
own sha hash with the correct salt to compare it. I submitted a
feature request to add ldap_sasl_bind to the LDAP module so you can:
1. Search for an entry as normal (already possible)
2. Retrieve the user dn of that entry (already possible)
3. Use the new bind function to bind with the user DN from 2. And the
password from the registration. If you get a successful bind, you're
done.
This is much better and how things like pam_ldap can work.
On 03/06/2009, Leon Li <Leon.Li at aarnet.edu.au> wrote:
> Hi Henry,
>
> Correct me if I understand is wrong. As in LDAP module, ldap_search will
> search the given LDAP URL and store results. Then
> ldap_result("ldap_attr/avp_spec") will write LDAP values into AVPs and
> compare with the one send by SIP request. So I think at least
> ldap_result should return a hashed password?
>
> Thanks
> Leon
>
> -----Original Message-----
> From: users-bounces at lists.opensips.org
> [mailto:users-bounces at lists.opensips.org] On Behalf Of Gavin Henry
> Sent: Wednesday, 3 June 2009 1:07 AM
> To: users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] LDAP authentication issue
>
> Why do you need to get the password? How does the LDAP module do it's
> authentication checks?
>
> Usually an LDAP client will just bind with the username and password
> supplied by client and if successful you've passed the test. There are
> other ways, but I need to check what the LDAP module docs.
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
http://www.suretectelecom.com
More information about the Users
mailing list