[OpenSIPS-Users] LDAP authentication issue

Indiver nehru.indu at gmail.com
Fri Nov 19 08:09:20 CET 2010


Hello Guys,

I'm trying to integrate ldap with opensips. For this purpose I configured
LDAP server and added 10 users there.
My ldap.cfg  file is

[sipaccounts]
ldap_version = 2
ldap_server_url = "ldap://192.168.1.106:389"
ldap_bind_dn = "cn=Manager,dc=example,dc=net"
ldap_bind_password = "password"
ldap_network_timeout = 500
ldap_client_bind_timeout = 500

I added the following pieces in the cfg file:

modparam("ldap", "config_file", "/usr/local/etc/opensips/ldap.cfg")
modparam("auth", "username_spec", "$avp(s:username)")
modparam("auth", "password_spec", "$avp(s:password)")
modparam("auth", "calculate_ha1", 1)

In route Block the following:

if (!(method=="REGISTER") && from_uri==myself) /*no multidomainversion*/
        {
                if (!is_present_hf("Proxy-Authorization")) {
                proxy_challenge("", "0");
                exit;
                }
		$avp(s:password)
               $var(username)=$rU;
                
if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(&(uid=$fU))"))
                {
                        switch ($retcode)
                        {
                                case -1:
                                # no LDAP entry found
                                sl_send_reply("404", "example: User
NotFound");
                                exit;
                                case -2:
                                # internal error
                                sl_send_reply("500", "example :
Internalserver error");
                                exit;
                                default:
                                exit;
                        }

                }

                xlog("L_INFO", "example : ldap_search: found
[$retcode]entries for (uid=$fU)");

                ldap_result("userPassword/$avp(s:password)");

                    # username to authenticate
                #$avp(i:2) = $fU;

                # do the authentication
                if(!pv_proxy_authorize("")){
                proxy_challenge("", "0");
                exit;
                }

                # caller authenticated
        }



if (is_method("REGISTER"))
	{

               if (!is_present_hf("Authorization")) {
                        www_challenge("", "0");
                exit;
                }
                $var(username)=$fU;
               
if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(&(uid=$fU))"))
                {
                        switch ($retcode)
                        {
                                case -1:
                                # no LDAP entry found
                                sl_send_reply("404", "example: User
NotFound");
                                exit;
                                case -2:
                                # internal error
                                sl_send_reply("500", "example :
Internalserver error");
                                exit;
                                default:
                                exit;
                        }
                }
                xlog("L_INFO", "example : ldap_search: found
[$retcode]entries for (uid=$fU)");

                if (!ldap_result("userPassword/$avp(s:password)"))
                {
                 switch ($retcode)
                        {
                                case -1:
                                        # no SIPIdentityServiceLevel found
                                        sl_send_reply("403", "example
:Forbidden");
                                        exit;
                                case -2:
                                        # internal error
                                        sl_send_reply("500", example
:Internal server error");
                                exit;
                                default:
                                        exit;
                        }
                }
                xlog("L_INFO", "example : ldap_result: password est
=$avp(s:password)");
                # do the authentication
                if(!pv_www_authorize("")){
                        www_challenge("", "0");
                        exit;
                }
		if (!save("location"))
			sl_reply_error();

		exit;
	}

	if ($rU==NULL) {
		# request with no Username in RURI
		sl_send_reply("484","Address Incomplete");
		exit;
	}

	if (!lookup("location")) {
		switch ($retcode) {
			case -1:
			case -3:
				t_newtran();
				t_reply("404", "Not Found");
				exit;
			case -2:
				sl_send_reply("405", "Method Not Allowed");
				exit;
		}
	}

	# when routing via usrloc, log the missed calls also
	setflag(2);

	route(1);
}

Now when i'm trying to register with the user John(LDAP user) with LDAP
password and server ip of opensips(192.168.1.107) . No records found from
LDAP message is occuring. Is any thing wrong in my cfg file or in testing
scenario?  

Thanks,
Mathews


-- 
View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/LDAP-authentication-issue-tp5754372p5754372.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.



More information about the Users mailing list