[OpenSIPS-Users] Dynamic Binding on ldap module

Juan Jose Lopez Juarez juanjo at orcasitas.com
Thu Sep 24 11:23:31 CEST 2009 

At the moment in order to authenticate ussing an ldap server this is
what happen..

CLIENT send crecentials to the opensips server.
Opensips get credentials. In order to match the username/password it
connect to the ldap server (ussing no auth) and run a query for
username and password.

Try to match the values provided by the client with the one retrieved
from the ldap. (either md5 or plain text) .. and if they match the
user is validated.

This means that the password field have to be available thought a
query (which is not the case always) .. you need an ldap account with
high privileges to do this.

What you can do to avoid getting that field is this.

Client send the credentials to the opensips server.
Opensips get crecentials and try to conect to the ldap, but in stead
of ussing no authentication it trys to bind itself to the ldap. This
will require the opensips server to use authentication against the
ldap. the authentication credentials are the same as the one provide
by the client.
If the bind with the ldap is successful means the the username /
password are ok, so the user is validated. If not, validation is not
correct.

With this way there is no needed for keeping the password available
thought the ldapsearch query, which in some cases / scenarios this is
not available.


2009/9/24 Bogdan-Andrei Iancu <bogdan at voice-system.ro>:
> Hi Juan,
>
> Actually we are trying to figure it out as none of the guys from our
> team is an LDAP expert.
>
> So, from LDAP interaction point of view, if you could describe how the
> "dynamic binding" should work, we could move on with it.
>
> Thanks and regards,
> Bogdan
>
> Juan Jose Lopez Juarez wrote:
>> Anywhere I can read about how the functionality is going to look like.
>> I'm really looking forward testing it.
>>
>> 2009/9/15 Bogdan-Andrei Iancu <bogdan at voice-system.ro>:
>>
>>> Hi Juan,
>>>
>>> There is somebody working on that, hopefully will be ready before the
>>> svn freeze (on Thursaday).
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Juan Jose Lopez Juarez wrote:
>>>
>>>> Hi.
>>>>
>>>> I'm trying to authenticate using dynamic bind to the ldap.
>>>>
>>>> I've seen that the feature it is been requested on:
>>>>
>>>> http://sourceforge.net/tracker/?func=detail&atid=1086413&aid=2822174&group_id=232389
>>>>
>>>> But it doesn't seem to have any progress.
>>>>
>>>> Any idea if this functionality is going to be implemented?
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>>
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>



-- 
Juan Jose Lopez Juarez
juanjo at orcasitas.com
http://luy.orcasitas.com


Knowledge is knowing a tomato is a fruit; Wisdom is not putting it in
a fruit salad.

More information about the Users mailing list