<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:451630073;
mso-list-type:hybrid;
mso-list-template-ids:1323335316 201916431 201916441 201916443 201916431 201916441 201916443 201916431 201916441 201916443;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-AU link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Hi,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I am facing some problems when try to authenticate via a
current LDAP server, and 401 is always the error. My config is as below:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>
if(is_present_hf("Authorization"))<o:p></o:p></p>
<p class=MsoNormal>
{<o:p></o:p></p>
<p class=MsoNormal>
# ldap search<o:p></o:p></p>
<p class=MsoNormal>
if
(!ldap_search("ldap://sipaccounts/ou=People,dc=aarnet,dc=edu,dc=au?uid,userPassword?one?(&(uid=$fU)(objectclass=posixAccount))"))<o:p></o:p></p>
<p class=MsoNormal>
{<o:p></o:p></p>
<p class=MsoNormal>
switch ($retcode)<o:p></o:p></p>
<p class=MsoNormal>
{<o:p></o:p></p>
<p class=MsoNormal>
case -1:<o:p></o:p></p>
<p class=MsoNormal>
# no LDAP entry found<o:p></o:p></p>
<p class=MsoNormal> xlog("L_INFO",
"Ldap user not found\n");<o:p></o:p></p>
<p class=MsoNormal>
sl_send_reply("404", "User Not Found");<o:p></o:p></p>
<p class=MsoNormal>
exit;<o:p></o:p></p>
<p class=MsoNormal>
case -2:<o:p></o:p></p>
<p class=MsoNormal>
# internal error<o:p></o:p></p>
<p class=MsoNormal>
xlog("L_INFO", "Internal Server Error during
Authentication\n");<o:p></o:p></p>
<p class=MsoNormal>
sl_send_reply("500", "Internal server error");<o:p></o:p></p>
<p class=MsoNormal>
exit;<o:p></o:p></p>
<p class=MsoNormal>
default:<o:p></o:p></p>
<p class=MsoNormal>
exit;<o:p></o:p></p>
<p class=MsoNormal>
}<o:p></o:p></p>
<p class=MsoNormal>
}<o:p></o:p></p>
<p class=MsoNormal>
if (ldap_search("ldap://sipaccounts/ou=People,dc=aarnet,dc=edu,dc=au?uid,userPassword?one?(&(uid=$fU)(objectclass=posixAccount))"))<o:p></o:p></p>
<p class=MsoNormal>
{<o:p></o:p></p>
<p class=MsoNormal>
xlog("L_INFO", "Returned Code=$retcode\n");<o:p></o:p></p>
<p class=MsoNormal>
}<o:p></o:p></p>
<p class=MsoNormal>
xlog("L_INFO", "Ldap user=$fU
found\n");<o:p></o:p></p>
<p class=MsoNormal>
ldap_result("uid/$avp(s:username)");<o:p></o:p></p>
<p class=MsoNormal>
xlog("L_INFO", "Ldap user=$avp(s:username)\n");<o:p></o:p></p>
<p class=MsoNormal>
ldap_result("userPassword/$avp(s:password)");<o:p></o:p></p>
<p class=MsoNormal>
xlog("L_INFO", "Ldap password=$avp(s:password)\n");<o:p></o:p></p>
<p class=MsoNormal>
if(!pv_www_authorize(""))<o:p></o:p></p>
<p class=MsoNormal>
{<o:p></o:p></p>
<p class=MsoNormal>
xlog("L_INFO", "Returned Code=$retcode\n");<o:p></o:p></p>
<p class=MsoNormal>
xlog("L_INFO", "Register authentication failed - M=$rm RURI=$ru
D=$td F=$fu Fuser=$fU RUser=$rU T=$tu IP=$si ID=$ci\n");<o:p></o:p></p>
<p class=MsoNormal>
www_challenge(""/*realm*/,"0"/*qop*/);<o:p></o:p></p>
<p class=MsoNormal>
exit;<o:p></o:p></p>
<p class=MsoNormal>
}<o:p></o:p></p>
<p class=MsoNormal>
save("location");<o:p></o:p></p>
<p class=MsoNormal>
sl_send_reply("200", "ok");<o:p></o:p></p>
<p class=MsoNormal>
exit;<o:p></o:p></p>
<p class=MsoNormal>
} else {<o:p></o:p></p>
<p class=MsoNormal>
xlog("L_INFO", "Challenging - M=$rm RURI=$ru D=$td
F=$fu Fuser=$fU RUser=$rU T=$tu IP=$si ID=$ci\n");<o:p></o:p></p>
<p class=MsoNormal>
www_challenge("","0");<o:p></o:p></p>
<p class=MsoNormal>
exit;<o:p></o:p></p>
<p class=MsoNormal>
}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>The problem is<o:p></o:p></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>if using anonymous binding, ldap_search returns uid
fine, but it will never return password. (This is set by the admin to not
expose password) The ldap_result for $avp(s:password) is always null.<o:p></o:p></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]>If I bind with my DN first in ldap.cfg.
$avp(s:password) will returned SHA code (assumedly my password), but still failed.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Anyone had the same situation before?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks<o:p></o:p></p>
<p class=MsoNormal>Leon<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>