LDAP authentication issue
Locked
 
|
Hello Guys,
I'm trying to integrate ldap with opensips. For this purpose I configured LDAP server and added 10 users there. My ldap.cfg file is [sipaccounts] ldap_version = 2 ldap_server_url = "ldap://192.168.1.106:389" ldap_bind_dn = "cn=Manager,dc=example,dc=net" ldap_bind_password = "password" ldap_network_timeout = 500 ldap_client_bind_timeout = 500 I added the following pieces in the cfg file: modparam("ldap", "config_file", "/usr/local/etc/opensips/ldap.cfg") modparam("auth", "username_spec", "$avp(s:username)") modparam("auth", "password_spec", "$avp(s:password)") modparam("auth", "calculate_ha1", 1) In route Block the following: if (!(method=="REGISTER") && from_uri==myself) /*no multidomainversion*/ { if (!is_present_hf("Proxy-Authorization")) { proxy_challenge("", "0"); exit; } $avp(s:password) $var(username)=$rU; if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(&(uid=$fU))")) { switch ($retcode) { case -1: # no LDAP entry found sl_send_reply("404", "example: User NotFound"); exit; case -2: # internal error sl_send_reply("500", "example : Internalserver error"); exit; default: exit; } } xlog("L_INFO", "example : ldap_search: found [$retcode]entries for (uid=$fU)"); ldap_result("userPassword/$avp(s:password)"); # username to authenticate #$avp(i:2) = $fU; # do the authentication if(!pv_proxy_authorize("")){ proxy_challenge("", "0"); exit; } # caller authenticated } if (is_method("REGISTER")) { if (!is_present_hf("Authorization")) { www_challenge("", "0"); exit; } $var(username)=$fU; if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(&(uid=$fU))")) { switch ($retcode) { case -1: # no LDAP entry found sl_send_reply("404", "example: User NotFound"); exit; case -2: # internal error sl_send_reply("500", "example : Internalserver error"); exit; default: exit; } } xlog("L_INFO", "example : ldap_search: found [$retcode]entries for (uid=$fU)"); if (!ldap_result("userPassword/$avp(s:password)")) { switch ($retcode) { case -1: # no SIPIdentityServiceLevel found sl_send_reply("403", "example :Forbidden"); exit; case -2: # internal error sl_send_reply("500", example :Internal server error"); exit; default: exit; } } xlog("L_INFO", "example : ldap_result: password est =$avp(s:password)"); # do the authentication if(!pv_www_authorize("")){ www_challenge("", "0"); exit; } if (!save("location")) sl_reply_error(); exit; } if ($rU==NULL) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } if (!lookup("location")) { switch ($retcode) { case -1: case -3: t_newtran(); t_reply("404", "Not Found"); exit; case -2: sl_send_reply("405", "Method Not Allowed"); exit; } } # when routing via usrloc, log the missed calls also setflag(2); route(1); } Now when i'm trying to register with the user John(LDAP user) with LDAP password and server ip of opensips(192.168.1.107) . No records found from LDAP message is occuring. Is any thing wrong in my cfg file or in testing scenario? Thanks, Mathews |
|
|
Hi Mathews,
I've tried LDAP module long time ago and found the way this module works is to grab the clear text password from LDAP server and then compared with the one sent by the endpoints. However, my Sysadmin pointed out that most ldap server will not release the password but rather receive the credential and bind dynamically. So when you request to grab the password, the server may drop the request. I am not sure if this is still the case but others can confirm please. Regards, Leon -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Indiver Sent: Friday, 19 November 2010 6:09 PM To: [hidden email] Subject: [OpenSIPS-Users] LDAP authentication issue Hello Guys, I'm trying to integrate ldap with opensips. For this purpose I configured LDAP server and added 10 users there. My ldap.cfg file is [sipaccounts] ldap_version = 2 ldap_server_url = "ldap://192.168.1.106:389" ldap_bind_dn = "cn=Manager,dc=example,dc=net" ldap_bind_password = "password" ldap_network_timeout = 500 ldap_client_bind_timeout = 500 I added the following pieces in the cfg file: modparam("ldap", "config_file", "/usr/local/etc/opensips/ldap.cfg") modparam("auth", "username_spec", "$avp(s:username)") modparam("auth", "password_spec", "$avp(s:password)") modparam("auth", "calculate_ha1", 1) In route Block the following: if (!(method=="REGISTER") && from_uri==myself) /*no multidomainversion*/ { if (!is_present_hf("Proxy-Authorization")) { proxy_challenge("", "0"); exit; } $avp(s:password) $var(username)=$rU; if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(& (uid=$fU))")) { switch ($retcode) { case -1: # no LDAP entry found sl_send_reply("404", "example: User NotFound"); exit; case -2: # internal error sl_send_reply("500", "example : Internalserver error"); exit; default: exit; } } xlog("L_INFO", "example : ldap_search: found [$retcode]entries for (uid=$fU)"); ldap_result("userPassword/$avp(s:password)"); # username to authenticate #$avp(i:2) = $fU; # do the authentication if(!pv_proxy_authorize("")){ proxy_challenge("", "0"); exit; } # caller authenticated } if (is_method("REGISTER")) { if (!is_present_hf("Authorization")) { www_challenge("", "0"); exit; } $var(username)=$fU; if(!ldap_search("ldap://sipaccounts/cn=Manager,dc=example,dc=net??sub?(& (uid=$fU))")) { switch ($retcode) { case -1: # no LDAP entry found sl_send_reply("404", "example: User NotFound"); exit; case -2: # internal error sl_send_reply("500", "example : Internalserver error"); exit; default: exit; } } xlog("L_INFO", "example : ldap_search: found [$retcode]entries for (uid=$fU)"); if (!ldap_result("userPassword/$avp(s:password)")) { switch ($retcode) { case -1: # no SIPIdentityServiceLevel found sl_send_reply("403", "example :Forbidden"); exit; case -2: # internal error sl_send_reply("500", example :Internal server error"); exit; default: exit; } } xlog("L_INFO", "example : ldap_result: password est =$avp(s:password)"); # do the authentication if(!pv_www_authorize("")){ www_challenge("", "0"); exit; } if (!save("location")) sl_reply_error(); exit; } if ($rU==NULL) { # request with no Username in RURI sl_send_reply("484","Address Incomplete"); exit; } if (!lookup("location")) { switch ($retcode) { case -1: case -3: t_newtran(); t_reply("404", "Not Found"); exit; case -2: sl_send_reply("405", "Method Not Allowed"); exit; } } # when routing via usrloc, log the missed calls also setflag(2); route(1); } Now when i'm trying to register with the user John(LDAP user) with LDAP password and server ip of opensips(192.168.1.107) . No records found from LDAP message is occuring. Is any thing wrong in my cfg file or in testing scenario? Thanks, Mathews -- View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/LDAP-authenticatio n-issue-tp5754372p5754372.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. _______________________________________________ Users mailing list [hidden email] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [hidden email] http://lists.opensips.org/cgi-bin/mailman/listinfo/users |
«
Return to OpenSIPS - Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |