Hi Gavin, in this case the Password must be in take plane format. If you turn off the the "calculate_ha1" param (http://www.opensips.org/html/docs/modules/1.5.x/auth.html#id228275), then OpenSIPS expects an HA1 string in the password AVP.
Regards, Bogdan Gavin Henry wrote: > What format does the LDAP password need to be in? > > On 16/06/2009, Alan Rubin <[email protected]> wrote: > >> Bogdan, >> >> Thanks for the help. Is the script part inside of the main route or is >> it a separate section? >> >> Regards, >> >> Alan Rubin >> Unix Systems Administrator >> DCS Midrange Services >> Phone: +61 (08) 8999 5111 >> Fax: +61 (08) 8999 7493 >> e-Mail: [email protected] >> >> -----Original Message----- >> From: Bogdan-Andrei Iancu [mailto:[email protected]] >> Sent: Tuesday, 16 June 2009 8:58 AM >> To: Alan Rubin >> Cc: Thiago Rondon; [email protected] >> Subject: Re: [OpenSIPS-Users] LDAP Authentication >> >> Hi Alan, >> >> The way to do it is like: >> >> 1) configure the auth module to do authentication via Pseudo-variables: >> >> # -- auth params -- >> modparam("auth", "nonce_expire", 30) >> modparam("auth", "secret", "my-deepest-and-darkest-secret") >> modparam("auth", "disable_nonce_check", 0) >> modparam("auth", "username_spec", "$avp(i:2)") >> modparam("auth", "password_spec", "$avp(i:1)") >> modparam("auth", "calculate_ha1", 1) >> >> 2) and in script do: >> >> # are any credentials available in the request ? >> if (!is_present_hf("Proxy-Authorization")) { >> proxy_challenge("", "0"); >> exit; >> } >> >> # run the ldap_query() and load the passwd into $avp(i:1) >> # TODO >> >> # username to authenticate >> $avp(i:2) = $fU; >> >> # do the authentication >> if(!pv_proxy_authorize("")){ >> proxy_challenge("", "0"); >> exit; >> } >> >> >> Regards, >> Bogdan >> >> >> Alan Rubin wrote: >> >>> Bogdan, >>> >>> I want to use LDAP to authenticate clients. We're using it for our >>> >> XMPP >> >>> server (amongst other services) without issues. >>> >>> Regards, >>> >>> Alan Rubin >>> Unix Systems Administrator >>> DCS Midrange Services >>> Phone: +61 (08) 8999 5111 >>> Fax: +61 (08) 8999 7493 >>> e-Mail: [email protected] >>> >>> -----Original Message----- >>> From: Bogdan-Andrei Iancu [mailto:[email protected]] >>> Sent: Tuesday, 16 June 2009 8:24 AM >>> To: Alan Rubin >>> Cc: Thiago Rondon; [email protected] >>> Subject: Re: [OpenSIPS-Users] LDAP Authentication >>> >>> Hi Alan, >>> >>> Do you want to use LDAP to authenticate clients or to authenticate >>> opensips against other SIP server? >>> >>> Regards, >>> Bogdan >>> >>> >>> Alan Rubin wrote: >>> >>> >>>> Thiago, >>>> >>>> Thanks for the reply; however, the module documentation does not seem >>>> >>>> >>> to >>> >>> >>>> give examples on how to configure LDAP with the auth mechanism. Or >>>> >> is >> >>>> that not necessary? >>>> >>>> This is the section from the tutorial I found, mentioned previously: >>>> >>>> modparam("auth", "username_spec", "$avp(s:username)") >>>> modparam("auth", "password_spec", "$avp(s:password)") >>>> modparam("auth", "calculate_ha1", 1) >>>> ... >>>> >>>> The possible difference (typo?) that concerns me is this next >>>> >>>> >>> reference >>> >>> >>>> in the tutorial: >>>> >>>> route[11] { >>>> if(is_method("REGISTER")) >>>> { >>>> if(is_present_hf("Authorization")) >>>> { >>>> # ldap search >>>> if >>>> >>>> >>>> >> (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,S >> >>>> IPPassword?one?(cn=$fU)")) >>>> { >>>> switch ($retcode) >>>> { >>>> ... >>>> >>>> I have no "route[11]" in my configuration file. Am I meant to create >>>> >>>> >>> a >>> >>> >>>> new route section to handle LDAP authentication? >>>> >>>> What I am trying to do, if it is not clear, is use LDAP as a >>>> >> mechanism >> >>>> for authentication/registration of SIP accounts rather than having to >>>> configure, by hand and with a separate password, a SIP account for >>>> >>>> >>> each >>> >>> >>>> user of my SIP server. >>>> >>>> Regards, >>>> >>>> Alan >>>> >>>> -----Original Message----- >>>> From: [email protected] >>>> [mailto:[email protected]] On Behalf Of Thiago Rondon >>>> Sent: Monday, 15 June 2009 1:47 PM >>>> To: Alan Rubin >>>> Cc: [email protected] >>>> Subject: Re: [OpenSIPS-Users] LDAP Authentication >>>> >>>> >>>> >>>> Alan, >>>> >>>> How about the document of ldap module ? >>>> >>>> http://www.opensips.org/html/docs/modules/1.5.x/ldap.html >>>> >>>> -Thiago Rondon >>>> >>>> Alan Rubin escreveu: >>>> >>>> >>>> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> > > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
