Yes, I see that. That's just for the initial search and is how pam_ldap can work too. It is so you can use a user (not the rootdn of course) that has perms to perform these searches.
On 03/06/2009, Gavin Henry <[email protected]> wrote: > Correct, if you are allowed to get it. Then you have to create your > own sha hash with the correct salt to compare it. I submitted a > feature request to add ldap_sasl_bind to the LDAP module so you can: > > 1. Search for an entry as normal (already possible) > 2. Retrieve the user dn of that entry (already possible) > 3. Use the new bind function to bind with the user DN from 2. And the > password from the registration. If you get a successful bind, you're > done. > > This is much better and how things like pam_ldap can work. > > On 03/06/2009, Leon Li <[email protected]> wrote: >> Hi Henry, >> >> Correct me if I understand is wrong. As in LDAP module, ldap_search will >> search the given LDAP URL and store results. Then >> ldap_result("ldap_attr/avp_spec") will write LDAP values into AVPs and >> compare with the one send by SIP request. So I think at least >> ldap_result should return a hashed password? >> >> Thanks >> Leon >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Gavin Henry >> Sent: Wednesday, 3 June 2009 1:07 AM >> To: [email protected] >> Subject: Re: [OpenSIPS-Users] LDAP authentication issue >> >> Why do you need to get the password? How does the LDAP module do it's >> authentication checks? >> >> Usually an LDAP client will just bind with the username and password >> supplied by client and if successful you've passed the test. There are >> other ways, but I need to check what the LDAP module docs. >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > -- > Sent from my mobile device > > http://www.suretecsystems.com/services/openldap/ > http://www.suretectelecom.com > -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
