It's now clear. I'll change my LDAP authentication method. Thanks again.
Selon Christian Schlatter <[EMAIL PROTECTED]>: > [EMAIL PROTECTED] wrote: > > Hi, > > > > What I'd like to do is to authenticate SIP users the same way ldap users > are > > with the following command: ldapsearch -x -b [...] -D > uid=user1,ou=xxxxx,dc=yyyy > > -W. Is it possible with openser 1.3 ? > > For performance reasons, the openser ldap module executes bind > operations only once per ldap connection setup. This happens when > openser starts and in case an ldap server has terminated an ldap > connection and the ldap module has to re-connect. The ldap module > therefor does not support ldap bind operations triggered by openser's > message routing script, as e.g. by SIP authentication requests. An ldap > bind operation takes a considerable amount of time which adds to the > overal SIP session setup delay. > > If the ldap user passwords are stored in cleartext (often they are md5 > hashed), you could setup an ldap super user which has access to all user > passwords. This ldap super user account could then be used by openser to > read the password for a specific user DN, and use that password for SIP > authentication. > > Something like > > ldapsearch -x -b ou=xxx,dc=yyy -W -D uid=superuser,ou=xxx,dc=yyy > (uid=user1) userPassword > > /Christian > > > > > > > Quoting Christian Schlatter <[EMAIL PROTECTED]>: > > > >> [EMAIL PROTECTED] wrote: > >>> Hi, > >>> > >>> I'm trying to implement LDAP authentication with anonymous LDAP bind. I > set > >> the > >>> ldap configuration file without ldap_bind_dn, ldap_bind_password > >> attributes. > >>> This step works fine. Unfortunately, I can't figure out how to set the > >>> openser.cfg file. I need to pass the bind DN and the user password to the > >>> ldap_search function ; that's ok for the bind DN but I don't know how to > >> procede > >>> for the password. Can someone post an example please ? > >> Why do you need to pass the bind DN and password to ldap_search? An LDAP > >> search operation doesn't include authentication, this is what the bind > >> operation is good for. Once an LDAP client authenticates itself through > >> the bind operation, it can issue a search operation. > >> > >> /Christian > >> > >> > >>> Regards, > >>> > >>> > >>> _______________________________________________ > >>> Users mailing list > >>> [email protected] > >>> http://lists.openser.org/cgi-bin/mailman/listinfo/users > >> > > > > > > _______________________________________________ Users mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/users
