Patches item #1707996, was opened at 2007-04-26 14:34
Message generated for change (Comment added) made by miconda
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1707996&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver devel
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Alexei Volkov (av_kot)
Assigned to: Daniel-Constantin Mierla (miconda)
Summary: LDAP auth module
Initial Comment:
After couple days googling over the web i found that ldap authentication to
openser is available via radius module.
As for me as a relatively new user to openser it is rather difficult to build
full chain ldap+radius+openser to make complete authorization and accounting.
For example, in my case just a simple authentication against ldap database is
needed , and unfortunately i do not found any usable code to patch openser to
directly authenticate user in LDAP.
Spending some time more I have developed auth_ldap module for openser. If it
can be usable for the community i would like to open and share it to openser
project.
Some features of my auth_ldap module can be represented by following
openser.cfg lines.
loadmodule "auth.so"
loadmodule "auth_ldap.so"
loadmodule "uac.so"
....
modparam("auth_ldap", "ldap_server", "ldap://localhost";)
modparam("auth_ldap", "ldap_bind_dn", "cn=admin,dc=domain")
modparam("auth_ldap", "ldap_bind_passwd", "secret")
modparam("auth_ldap", "ldap_base_dn", "ou=Users,dc=domain")
modparam("auth_ldap", "ldap_search_filter",
"(&(OpenSerAccount=%s)(OpenSerEnabled=TRUE))")
modparam("auth_ldap", "ldap_passwd_attr", "OpenSerPassword")
modparam("auth_ldap", "ldap_debug_encoding", "koi8-r")
modparam("auth_ldap", "ldap_avp_attrs", "cn,OpenSerGroup")
modparam("auth_ldap", "ldap_avp_prefix", "ldap_")
....
route{
...
if (!ldap_www_authorize("domain")) { # authorization and
account avp creatied here
www_challenge("domain", "1");
exit;
};
....
uac_replace_from("$avp(s:ldap_cn)","");
...
append_hf("P-hint-openser-account-group: $avp(s:ldap_OpenSerGroup)\r\n");
...
}
----------------------------------------------------------------------
>Comment By: Daniel-Constantin Mierla (miconda)
Date: 2007-06-19 16:58
Message:
Logged In: YES
user_id=1246013
Originator: NO
Sorry for taking so long ... lot of traveling. Here are my comments:
- you have to write documentation in SGML format which shall be placed in
subdirectory 'doc' of your module -- see other modules for examples (xlog
or textops are good start)
- from the sgml files you have to generate the text version as README and
place it in module directory (see 'make modules-readme')
- you have to use standard C compliant functions asprintf() used in
gen_ha1() is not C or POSIX (it is GNU extension -- see man asprintf)
- you have to indent the code to become easier to understand :-) --
default is to use tab of 4 white spaces and move to new line after 80
chars
- you have to use C compliant syntax, that means you cannot have
statements in between declaration of varibales. You have to declare
variables first and then start operating with them.
Recommendations:
- name the main file of the module as module_name.c (e.g., auth_ldap.c
instead of authldap_mod.c). This is not mandatory by in latest time is the
preferred mode
All above will ensure that the module will compile on all systems
supported now by OpenSER.
Thanks!
----------------------------------------------------------------------
Comment By: Alexei Volkov (av_kot)
Date: 2007-05-10 07:22
Message:
Logged In: YES
user_id=1779106
Originator: YES
Now time i am already use this module in my production environment and
consider to use it in future, so i will maintain the module.
----------------------------------------------------------------------
Comment By: Daniel-Constantin Mierla (miconda)
Date: 2007-05-09 18:08
Message:
Logged In: YES
user_id=1246013
Originator: NO
I will review the module and comment the updates you may have to do before
accepting to SVN.
I need to know if you are willing to maintain the module for at least one
year. Otherwise we have find another volunteer to maintain it.
I am considering adding some features already (after committing to SVN),
for fail over and attribute loading with no authentication -- but no time
line now.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1707996&group_id=139143
_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
