Hi Alan, put in in the main route, where you need to do the authentication...Is your script derived from the default opensips cfg file ?
Regards, Bogdan Alan Rubin wrote: > Bogdan, > > Thanks for the help. Is the script part inside of the main route or is > it a separate section? > > Regards, > > Alan Rubin > Unix Systems Administrator > DCS Midrange Services > Phone: +61 (08) 8999 5111 > Fax: +61 (08) 8999 7493 > e-Mail: [email protected] > > -----Original Message----- > From: Bogdan-Andrei Iancu [mailto:[email protected]] > Sent: Tuesday, 16 June 2009 8:58 AM > To: Alan Rubin > Cc: Thiago Rondon; [email protected] > Subject: Re: [OpenSIPS-Users] LDAP Authentication > > Hi Alan, > > The way to do it is like: > > 1) configure the auth module to do authentication via Pseudo-variables: > > # -- auth params -- > modparam("auth", "nonce_expire", 30) > modparam("auth", "secret", "my-deepest-and-darkest-secret") > modparam("auth", "disable_nonce_check", 0) > modparam("auth", "username_spec", "$avp(i:2)") > modparam("auth", "password_spec", "$avp(i:1)") > modparam("auth", "calculate_ha1", 1) > > 2) and in script do: > > # are any credentials available in the request ? > if (!is_present_hf("Proxy-Authorization")) { > proxy_challenge("", "0"); > exit; > } > > # run the ldap_query() and load the passwd into $avp(i:1) > # TODO > > # username to authenticate > $avp(i:2) = $fU; > > # do the authentication > if(!pv_proxy_authorize("")){ > proxy_challenge("", "0"); > exit; > } > > > Regards, > Bogdan > > > Alan Rubin wrote: > >> Bogdan, >> >> I want to use LDAP to authenticate clients. We're using it for our >> > XMPP > >> server (amongst other services) without issues. >> >> Regards, >> >> Alan Rubin >> Unix Systems Administrator >> DCS Midrange Services >> Phone: +61 (08) 8999 5111 >> Fax: +61 (08) 8999 7493 >> e-Mail: [email protected] >> >> -----Original Message----- >> From: Bogdan-Andrei Iancu [mailto:[email protected]] >> Sent: Tuesday, 16 June 2009 8:24 AM >> To: Alan Rubin >> Cc: Thiago Rondon; [email protected] >> Subject: Re: [OpenSIPS-Users] LDAP Authentication >> >> Hi Alan, >> >> Do you want to use LDAP to authenticate clients or to authenticate >> opensips against other SIP server? >> >> Regards, >> Bogdan >> >> >> Alan Rubin wrote: >> >> >>> Thiago, >>> >>> Thanks for the reply; however, the module documentation does not seem >>> >>> >> to >> >> >>> give examples on how to configure LDAP with the auth mechanism. Or >>> > is > >>> that not necessary? >>> >>> This is the section from the tutorial I found, mentioned previously: >>> >>> modparam("auth", "username_spec", "$avp(s:username)") >>> modparam("auth", "password_spec", "$avp(s:password)") >>> modparam("auth", "calculate_ha1", 1) >>> ... >>> >>> The possible difference (typo?) that concerns me is this next >>> >>> >> reference >> >> >>> in the tutorial: >>> >>> route[11] { >>> if(is_method("REGISTER")) >>> { >>> if(is_present_hf("Authorization")) >>> { >>> # ldap search >>> if >>> >>> >>> > (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,S > >> >> >>> IPPassword?one?(cn=$fU)")) >>> { >>> switch ($retcode) >>> { >>> ... >>> >>> I have no "route[11]" in my configuration file. Am I meant to create >>> >>> >> a >> >> >>> new route section to handle LDAP authentication? >>> >>> What I am trying to do, if it is not clear, is use LDAP as a >>> > mechanism > >>> for authentication/registration of SIP accounts rather than having to >>> configure, by hand and with a separate password, a SIP account for >>> >>> >> each >> >> >>> user of my SIP server. >>> >>> Regards, >>> >>> Alan >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Thiago Rondon >>> Sent: Monday, 15 June 2009 1:47 PM >>> To: Alan Rubin >>> Cc: [email protected] >>> Subject: Re: [OpenSIPS-Users] LDAP Authentication >>> >>> >>> >>> Alan, >>> >>> How about the document of ldap module ? >>> >>> http://www.opensips.org/html/docs/modules/1.5.x/ldap.html >>> >>> -Thiago Rondon >>> >>> Alan Rubin escreveu: >>> >>> >>> > > > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
