[OpenSIPS-Users] LDAP Authentication
Alan Rubin
Alan.Rubin at nt.gov.au
Tue Jun 16 01:30:45 CEST 2009
Bogdan,
Thanks for the help. Is the script part inside of the main route or is
it a separate section?
Regards,
Alan Rubin
Unix Systems Administrator
DCS Midrange Services
Phone: +61 (08) 8999 5111
Fax: +61 (08) 8999 7493
e-Mail: alan.rubin at nt.gov.au
-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
Sent: Tuesday, 16 June 2009 8:58 AM
To: Alan Rubin
Cc: Thiago Rondon; users at lists.opensips.org
Subject: Re: [OpenSIPS-Users] LDAP Authentication
Hi Alan,
The way to do it is like:
1) configure the auth module to do authentication via Pseudo-variables:
# -- auth params --
modparam("auth", "nonce_expire", 30)
modparam("auth", "secret", "my-deepest-and-darkest-secret")
modparam("auth", "disable_nonce_check", 0)
modparam("auth", "username_spec", "$avp(i:2)")
modparam("auth", "password_spec", "$avp(i:1)")
modparam("auth", "calculate_ha1", 1)
2) and in script do:
# are any credentials available in the request ?
if (!is_present_hf("Proxy-Authorization")) {
proxy_challenge("", "0");
exit;
}
# run the ldap_query() and load the passwd into $avp(i:1)
# TODO
# username to authenticate
$avp(i:2) = $fU;
# do the authentication
if(!pv_proxy_authorize("")){
proxy_challenge("", "0");
exit;
}
Regards,
Bogdan
Alan Rubin wrote:
> Bogdan,
>
> I want to use LDAP to authenticate clients. We're using it for our
XMPP
> server (amongst other services) without issues.
>
> Regards,
>
> Alan Rubin
> Unix Systems Administrator
> DCS Midrange Services
> Phone: +61 (08) 8999 5111
> Fax: +61 (08) 8999 7493
> e-Mail: alan.rubin at nt.gov.au
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
> Sent: Tuesday, 16 June 2009 8:24 AM
> To: Alan Rubin
> Cc: Thiago Rondon; users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>
> Hi Alan,
>
> Do you want to use LDAP to authenticate clients or to authenticate
> opensips against other SIP server?
>
> Regards,
> Bogdan
>
>
> Alan Rubin wrote:
>
>> Thiago,
>>
>> Thanks for the reply; however, the module documentation does not seem
>>
> to
>
>> give examples on how to configure LDAP with the auth mechanism. Or
is
>> that not necessary?
>>
>> This is the section from the tutorial I found, mentioned previously:
>>
>> modparam("auth", "username_spec", "$avp(s:username)")
>> modparam("auth", "password_spec", "$avp(s:password)")
>> modparam("auth", "calculate_ha1", 1)
>> ...
>>
>> The possible difference (typo?) that concerns me is this next
>>
> reference
>
>> in the tutorial:
>>
>> route[11] {
>> if(is_method("REGISTER"))
>> {
>> if(is_present_hf("Authorization"))
>> {
>> # ldap search
>> if
>>
>>
>
(!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,S
>
>> IPPassword?one?(cn=$fU)"))
>> {
>> switch ($retcode)
>> {
>> ...
>>
>> I have no "route[11]" in my configuration file. Am I meant to create
>>
> a
>
>> new route section to handle LDAP authentication?
>>
>> What I am trying to do, if it is not clear, is use LDAP as a
mechanism
>> for authentication/registration of SIP accounts rather than having to
>> configure, by hand and with a separate password, a SIP account for
>>
> each
>
>> user of my SIP server.
>>
>> Regards,
>>
>> Alan
>>
>> -----Original Message-----
>> From: users-bounces at lists.opensips.org
>> [mailto:users-bounces at lists.opensips.org] On Behalf Of Thiago Rondon
>> Sent: Monday, 15 June 2009 1:47 PM
>> To: Alan Rubin
>> Cc: users at lists.opensips.org
>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>
>>
>>
>> Alan,
>>
>> How about the document of ldap module ?
>>
>> http://www.opensips.org/html/docs/modules/1.5.x/ldap.html
>>
>> -Thiago Rondon
>>
>> Alan Rubin escreveu:
>>
>>
More information about the Users
mailing list