[OpenSIPS-Users] LDAP Authentication
Gavin Henry
gavin.henry at gmail.com
Thu Jun 18 00:22:34 CEST 2009
What format does the LDAP password need to be in?
On 16/06/2009, Alan Rubin <Alan.Rubin at nt.gov.au> wrote:
> Bogdan,
>
> Thanks for the help. Is the script part inside of the main route or is
> it a separate section?
>
> Regards,
>
> Alan Rubin
> Unix Systems Administrator
> DCS Midrange Services
> Phone: +61 (08) 8999 5111
> Fax: +61 (08) 8999 7493
> e-Mail: alan.rubin at nt.gov.au
>
> -----Original Message-----
> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
> Sent: Tuesday, 16 June 2009 8:58 AM
> To: Alan Rubin
> Cc: Thiago Rondon; users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>
> Hi Alan,
>
> The way to do it is like:
>
> 1) configure the auth module to do authentication via Pseudo-variables:
>
> # -- auth params --
> modparam("auth", "nonce_expire", 30)
> modparam("auth", "secret", "my-deepest-and-darkest-secret")
> modparam("auth", "disable_nonce_check", 0)
> modparam("auth", "username_spec", "$avp(i:2)")
> modparam("auth", "password_spec", "$avp(i:1)")
> modparam("auth", "calculate_ha1", 1)
>
> 2) and in script do:
>
> # are any credentials available in the request ?
> if (!is_present_hf("Proxy-Authorization")) {
> proxy_challenge("", "0");
> exit;
> }
>
> # run the ldap_query() and load the passwd into $avp(i:1)
> # TODO
>
> # username to authenticate
> $avp(i:2) = $fU;
>
> # do the authentication
> if(!pv_proxy_authorize("")){
> proxy_challenge("", "0");
> exit;
> }
>
>
> Regards,
> Bogdan
>
>
> Alan Rubin wrote:
>> Bogdan,
>>
>> I want to use LDAP to authenticate clients. We're using it for our
> XMPP
>> server (amongst other services) without issues.
>>
>> Regards,
>>
>> Alan Rubin
>> Unix Systems Administrator
>> DCS Midrange Services
>> Phone: +61 (08) 8999 5111
>> Fax: +61 (08) 8999 7493
>> e-Mail: alan.rubin at nt.gov.au
>>
>> -----Original Message-----
>> From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro]
>> Sent: Tuesday, 16 June 2009 8:24 AM
>> To: Alan Rubin
>> Cc: Thiago Rondon; users at lists.opensips.org
>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>
>> Hi Alan,
>>
>> Do you want to use LDAP to authenticate clients or to authenticate
>> opensips against other SIP server?
>>
>> Regards,
>> Bogdan
>>
>>
>> Alan Rubin wrote:
>>
>>> Thiago,
>>>
>>> Thanks for the reply; however, the module documentation does not seem
>>>
>> to
>>
>>> give examples on how to configure LDAP with the auth mechanism. Or
> is
>>> that not necessary?
>>>
>>> This is the section from the tutorial I found, mentioned previously:
>>>
>>> modparam("auth", "username_spec", "$avp(s:username)")
>>> modparam("auth", "password_spec", "$avp(s:password)")
>>> modparam("auth", "calculate_ha1", 1)
>>> ...
>>>
>>> The possible difference (typo?) that concerns me is this next
>>>
>> reference
>>
>>> in the tutorial:
>>>
>>> route[11] {
>>> if(is_method("REGISTER"))
>>> {
>>> if(is_present_hf("Authorization"))
>>> {
>>> # ldap search
>>> if
>>>
>>>
>>
> (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,S
>>
>>> IPPassword?one?(cn=$fU)"))
>>> {
>>> switch ($retcode)
>>> {
>>> ...
>>>
>>> I have no "route[11]" in my configuration file. Am I meant to create
>>>
>> a
>>
>>> new route section to handle LDAP authentication?
>>>
>>> What I am trying to do, if it is not clear, is use LDAP as a
> mechanism
>>> for authentication/registration of SIP accounts rather than having to
>>> configure, by hand and with a separate password, a SIP account for
>>>
>> each
>>
>>> user of my SIP server.
>>>
>>> Regards,
>>>
>>> Alan
>>>
>>> -----Original Message-----
>>> From: users-bounces at lists.opensips.org
>>> [mailto:users-bounces at lists.opensips.org] On Behalf Of Thiago Rondon
>>> Sent: Monday, 15 June 2009 1:47 PM
>>> To: Alan Rubin
>>> Cc: users at lists.opensips.org
>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication
>>>
>>>
>>>
>>> Alan,
>>>
>>> How about the document of ldap module ?
>>>
>>> http://www.opensips.org/html/docs/modules/1.5.x/ldap.html
>>>
>>> -Thiago Rondon
>>>
>>> Alan Rubin escreveu:
>>>
>>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
http://www.suretectelecom.com
More information about the Users
mailing list