[OpenSIPS-Users] LDAP authentication issue
Indiver
nehru.indu at gmail.com
Fri Nov 19 08:09:20 CET 2010
Hello Guys,
I'm trying to integrate ldap with opensips. For this purpose I configured
LDAP server and added 10 users there.
My ldap.cfg file is
[sipaccounts]
ldap_version = 2
ldap_server_url = "ldap://192.168.1.106:389"
ldap_bind_dn = "cn=Manager,dc=example,dc=net"
ldap_bind_password = "password"
ldap_network_timeout = 500
ldap_client_bind_timeout = 500
I added the following pieces in the cfg file:
modparam("ldap", "config_file", "/usr/local/etc/opensips/ldap.cfg")
modparam("auth", "username_spec", "$avp(s:username)")
modparam("auth", "password_spec", "$avp(s:password)")
modparam("auth", "calculate_ha1", 1)
In route Block the following:
if (!(method=="REGISTER") && from_uri==myself) /*no multidomainversion*/
{
if (!is_present_hf("Proxy-Authorization")) {
proxy_challenge("", "0");
exit;
}
$avp(s:password)
$var(username)=$rU;
if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(&(uid=$fU))"))
{
switch ($retcode)
{
case -1:
# no LDAP entry found
sl_send_reply("404", "example: User
NotFound");
exit;
case -2:
# internal error
sl_send_reply("500", "example :
Internalserver error");
exit;
default:
exit;
}
}
xlog("L_INFO", "example : ldap_search: found
[$retcode]entries for (uid=$fU)");
ldap_result("userPassword/$avp(s:password)");
# username to authenticate
#$avp(i:2) = $fU;
# do the authentication
if(!pv_proxy_authorize("")){
proxy_challenge("", "0");
exit;
}
# caller authenticated
}
if (is_method("REGISTER"))
{
if (!is_present_hf("Authorization")) {
www_challenge("", "0");
exit;
}
$var(username)=$fU;
if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(&(uid=$fU))"))
{
switch ($retcode)
{
case -1:
# no LDAP entry found
sl_send_reply("404", "example: User
NotFound");
exit;
case -2:
# internal error
sl_send_reply("500", "example :
Internalserver error");
exit;
default:
exit;
}
}
xlog("L_INFO", "example : ldap_search: found
[$retcode]entries for (uid=$fU)");
if (!ldap_result("userPassword/$avp(s:password)"))
{
switch ($retcode)
{
case -1:
# no SIPIdentityServiceLevel found
sl_send_reply("403", "example
:Forbidden");
exit;
case -2:
# internal error
sl_send_reply("500", example
:Internal server error");
exit;
default:
exit;
}
}
xlog("L_INFO", "example : ldap_result: password est
=$avp(s:password)");
# do the authentication
if(!pv_www_authorize("")){
www_challenge("", "0");
exit;
}
if (!save("location"))
sl_reply_error();
exit;
}
if ($rU==NULL) {
# request with no Username in RURI
sl_send_reply("484","Address Incomplete");
exit;
}
if (!lookup("location")) {
switch ($retcode) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
setflag(2);
route(1);
}
Now when i'm trying to register with the user John(LDAP user) with LDAP
password and server ip of opensips(192.168.1.107) . No records found from
LDAP message is occuring. Is any thing wrong in my cfg file or in testing
scenario?
Thanks,
Mathews
--
View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/LDAP-authentication-issue-tp5754372p5754372.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
More information about the Users
mailing list