cool, in this case simply replace the existing code for proxy_auth with the code I previously posted.
Regards, Bogdan Alan Rubin wrote: > Bogdan, > > Yes, my script is derived from the default and I have enabled MySQL and > added PUA, PUA_userloc and Presence modules. > > Regards, > > Alan Rubin > Unix Systems Administrator > DCS Midrange Services > Phone: +61 (08) 8999 5111 > Fax: +61 (08) 8999 7493 > e-Mail: [email protected] > > -----Original Message----- > From: Bogdan-Andrei Iancu [mailto:[email protected]] > Sent: Tuesday, 16 June 2009 9:59 AM > To: Alan Rubin > Cc: Thiago Rondon; [email protected] > Subject: Re: [OpenSIPS-Users] LDAP Authentication > > Hi Alan, > > put in in the main route, where you need to do the authentication...Is > your script derived from the default opensips cfg file ? > > Regards, > Bogdan > > Alan Rubin wrote: > >> Bogdan, >> >> Thanks for the help. Is the script part inside of the main route or >> > is > >> it a separate section? >> >> Regards, >> >> Alan Rubin >> Unix Systems Administrator >> DCS Midrange Services >> Phone: +61 (08) 8999 5111 >> Fax: +61 (08) 8999 7493 >> e-Mail: [email protected] >> >> -----Original Message----- >> From: Bogdan-Andrei Iancu [mailto:[email protected]] >> Sent: Tuesday, 16 June 2009 8:58 AM >> To: Alan Rubin >> Cc: Thiago Rondon; [email protected] >> Subject: Re: [OpenSIPS-Users] LDAP Authentication >> >> Hi Alan, >> >> The way to do it is like: >> >> 1) configure the auth module to do authentication via >> > Pseudo-variables: > >> # -- auth params -- >> modparam("auth", "nonce_expire", 30) >> modparam("auth", "secret", "my-deepest-and-darkest-secret") >> modparam("auth", "disable_nonce_check", 0) >> modparam("auth", "username_spec", "$avp(i:2)") >> modparam("auth", "password_spec", "$avp(i:1)") >> modparam("auth", "calculate_ha1", 1) >> >> 2) and in script do: >> >> # are any credentials available in the request ? >> if (!is_present_hf("Proxy-Authorization")) { >> proxy_challenge("", "0"); >> exit; >> } >> >> # run the ldap_query() and load the passwd into $avp(i:1) >> # TODO >> >> # username to authenticate >> $avp(i:2) = $fU; >> >> # do the authentication >> if(!pv_proxy_authorize("")){ >> proxy_challenge("", "0"); >> exit; >> } >> >> >> Regards, >> Bogdan >> >> >> Alan Rubin wrote: >> >> >>> Bogdan, >>> >>> I want to use LDAP to authenticate clients. We're using it for our >>> >>> >> XMPP >> >> >>> server (amongst other services) without issues. >>> >>> Regards, >>> >>> Alan Rubin >>> Unix Systems Administrator >>> DCS Midrange Services >>> Phone: +61 (08) 8999 5111 >>> Fax: +61 (08) 8999 7493 >>> e-Mail: [email protected] >>> >>> -----Original Message----- >>> From: Bogdan-Andrei Iancu [mailto:[email protected]] >>> Sent: Tuesday, 16 June 2009 8:24 AM >>> To: Alan Rubin >>> Cc: Thiago Rondon; [email protected] >>> Subject: Re: [OpenSIPS-Users] LDAP Authentication >>> >>> Hi Alan, >>> >>> Do you want to use LDAP to authenticate clients or to authenticate >>> opensips against other SIP server? >>> >>> Regards, >>> Bogdan >>> >>> >>> Alan Rubin wrote: >>> >>> >>> >>>> Thiago, >>>> >>>> Thanks for the reply; however, the module documentation does not >>>> > seem > >>>> >>>> >>>> >>> to >>> >>> >>> >>>> give examples on how to configure LDAP with the auth mechanism. Or >>>> >>>> >> is >> >> >>>> that not necessary? >>>> >>>> This is the section from the tutorial I found, mentioned previously: >>>> >>>> modparam("auth", "username_spec", "$avp(s:username)") >>>> modparam("auth", "password_spec", "$avp(s:password)") >>>> modparam("auth", "calculate_ha1", 1) >>>> ... >>>> >>>> The possible difference (typo?) that concerns me is this next >>>> >>>> >>>> >>> reference >>> >>> >>> >>>> in the tutorial: >>>> >>>> route[11] { >>>> if(is_method("REGISTER")) >>>> { >>>> if(is_present_hf("Authorization")) >>>> { >>>> # ldap search >>>> if >>>> >>>> >>>> >>>> > (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,S > >> >> >>> >>> >>> >>>> IPPassword?one?(cn=$fU)")) >>>> { >>>> switch ($retcode) >>>> { >>>> ... >>>> >>>> I have no "route[11]" in my configuration file. Am I meant to >>>> > create > >>>> >>>> >>>> >>> a >>> >>> >>> >>>> new route section to handle LDAP authentication? >>>> >>>> What I am trying to do, if it is not clear, is use LDAP as a >>>> >>>> >> mechanism >> >> >>>> for authentication/registration of SIP accounts rather than having >>>> > to > >>>> configure, by hand and with a separate password, a SIP account for >>>> >>>> >>>> >>> each >>> >>> >>> >>>> user of my SIP server. >>>> >>>> Regards, >>>> >>>> Alan >>>> >>>> -----Original Message----- >>>> From: [email protected] >>>> [mailto:[email protected]] On Behalf Of Thiago Rondon >>>> Sent: Monday, 15 June 2009 1:47 PM >>>> To: Alan Rubin >>>> Cc: [email protected] >>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication >>>> >>>> >>>> >>>> Alan, >>>> >>>> How about the document of ldap module ? >>>> >>>> http://www.opensips.org/html/docs/modules/1.5.x/ldap.html >>>> >>>> -Thiago Rondon >>>> >>>> Alan Rubin escreveu: >>>> >>>> >>>> >>>> >> >> > > > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
