Thank's à lot bogdan :) Regards, mehdi Mehdi Bouchefra Ingénieur Développement SunnyPhone 3 rue Galvani. 91300 Massy | T: +33 1 60 13 88 00 | F: +33 1 60 13 88 09 | M: +33 645 758 012 www.sunnyphone.fr
-----Message d'origine----- De : users-boun...@lists.opensips.org [mailto:users-boun...@lists.opensips.org] De la part de Bogdan-Andrei Iancu Envoyé : mardi 22 décembre 2009 09:23 À : OpenSIPS users mailling list Objet : Re: [OpenSIPS-Users] LDAP authentification Hi Mehdi, well, you configured the AUTH module to look for username and password in $avp(i:1) and $avp(i:2), but you populate $var(userame) and $var(password).....:D i guess this is the error! Regards, Bogdan Mehdi Bouchefra wrote: > Hi Bogdan, > > Thank's for your reply, > > I followed the tutorial that you sent me, but I have a > In my ldap I use plane format password. > > Thank's in advance, > Mehdi > > Here my opensips.cfg file: > > ####### Global Parameters ######### > > debug=3 > log_stderror=no > log_facility=LOG_LOCAL0 > > fork=yes > children=4 > > /* uncomment the following lines to enable debugging */ > #debug=6 > #fork=no > #log_stderror=yes > > /* uncomment the next line to disable TCP (default on) */ #disable_tcp=yes > > /* uncomment the next line to enable the auto temporary blacklisting of > not available destinations (default disabled) */ > #disable_dns_blacklist=no > > /* uncomment the next line to enable IPv6 lookup after IPv4 dns > lookup failures (default disabled) */ #dns_try_ipv6=yes > > /* uncomment the next line to disable the auto discovery of local aliases > based on revers DNS on IPs (default on) */ #auto_aliases=no > > /* uncomment the following lines to enable TLS support (default off) */ > #disable_tls = no #listen = tls:your_IP:5061 #tls_verify_server = 1 > #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = > TLSv1 #tls_certificate = "/usr/local/etc/opensips/tls/user/user-cert.pem" > #tls_private_key = "/usr/local/etc/opensips/tls/user/user-privkey.pem" > #tls_ca_list = "/usr/local/etc/opensips/tls/user/user-calist.pem" > > port=5060 > > /* uncomment and configure the following line if you want opensips to > bind on a specific interface/port/proto (default bind on all available) > */ #listen=udp:192.168.1.2:5060 > > > ####### Modules Section ######## > > #set module path > mpath="/usr/local/lib/opensips/modules/" > > /* uncomment next line for MySQL DB support */ loadmodule "db_mysql.so" > loadmodule "signaling.so" > loadmodule "sl.so" > loadmodule "tm.so" > loadmodule "rr.so" > loadmodule "maxfwd.so" > loadmodule "usrloc.so" > loadmodule "registrar.so" > loadmodule "textops.so" > loadmodule "mi_fifo.so" > loadmodule "uri.so" > loadmodule "xlog.so" > loadmodule "acc.so" > loadmodule "ldap.so" > > modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo") > > modparam("usrloc", "db_mode", 2) > modparam("usrloc", "db_url", > "mysql://opensips:opensip...@localhost/opensips") > > modparam("uri", "use_uri_table", 0) > modparam("acc", "detect_direction", 0) > modparam("acc", "failed_transaction_flag", 3) modparam("acc", "log_flag", 1) > modparam("acc", "log_missed_flag", 2) > > ####### Routing Logic ######## > # main request routing logic > > modparam("auth", "nonce_expire", 30) > modparam("auth", "secret", "sunny2009") > modparam("auth", "disable_nonce_check", 0) > modparam("auth", "username_spec", "$avp(i:2)") > modparam("auth", "password_spec", "$avp(i:1)") > modparam("auth", "calculate_ha1", 0) > > route{ > > if (!mf_process_maxfwd_header("10")) { > sl_send_reply("483","Too Many Hops"); > exit; > } > > if (has_totag()) { > # sequential request withing a dialog should > # take the path determined by record-routing > if (loose_route()) { > if (is_method("BYE")) { > setflag(1); # do accounting ... > setflag(3); # ... even if the transaction > fails > } else if (is_method("INVITE")) { > # even if in most of the cases is useless, > do RR for > # re-INVITEs alos, as some buggy clients do > change route set > # during the dialog. > record_route(); > } > # route it out to whatever destination was set by > loose_route() > # in $du (destination URI). > route(1); > } else { > /* uncomment the following lines if you want to > enable presence */ > ##if (is_method("SUBSCRIBE") && $rd == > "your.server.ip.address") { > ## # in-dialog subscribe requests > ## route(2); > ## exit; > ##} > if ( is_method("ACK") ) { > if ( t_check_trans() ) { > # non loose-route, but stateful ACK; > must be an ACK after > # a 487 or e.g. 404 from upstream > server > t_relay(); > exit; > } else { > # ACK without matching transaction > -> > # ignore and discard > exit; > } > } > sl_send_reply("404","Not here"); > } > exit; > } > > #initial requests > > # CANCEL processing > if (is_method("CANCEL")) > { > if (t_check_trans()) > t_relay(); > exit; > } > > t_check_trans(); > > if (!(method=="REGISTER") && from_uri==myself) /*no multidomain > version*/ > ##if (!(method=="REGISTER") && is_from_local()) /*multidomain > version*/ > { > if (!is_present_hf("Proxy-Authorization")) { > proxy_challenge("", "0"); > exit; > } > > $var(username)=$fU; > > # run the ldap_query() and load the passwd into $avp(i:1) > # TODO > > if(!ldap_search("ldap://sipaccounts/ou=accounts,dc=sunnyphone,dc=com??sub?(& > (cn=$fU))")) > { > switch ($retcode) > { > case -1: > # no LDAP entry found > sl_send_reply("404", "SunnyLab : User Not > Found"); > exit; > case -2: > # internal error > sl_send_reply("500", "SunnyLab : Internal > server error"); > exit; > default: > exit; > } > > } > > xlog("L_INFO", "SunnyLab : ldap_search: found [$retcode] > entries for (cn=$fU)"); > > ldap_result("userPassword/$avp(s:password)"); > > # username to authenticate > #$avp(i:2) = $fU; > > # do the authentication > if(!pv_proxy_authorize("")){ > proxy_challenge("", "0"); > exit; > } > > # caller authenticated > } > > if (loose_route()) { > xlog("L_ERR", > "Attempt to route with preloaded Route's > [$fu/$tu/$ru/$ci]"); > if (!is_method("ACK")) > sl_send_reply("403","Preload Route denied"); > exit; > } > > # record routing > if (!is_method("REGISTER|MESSAGE")) > record_route(); > > # account only INVITEs > if (is_method("INVITE")) { > setflag(1); # do accounting > } > if (!uri==myself) > ## replace with following line if multi-domain support is used > ##if (!is_uri_host_local()) > { > append_hf("P-hint: outbound\r\n"); > route(1); > } > > if (is_method("PUBLISH")) > { > sl_send_reply("503", "Service Unavailable"); > exit; > } > > if (is_method("REGISTER")) > { > if (!is_present_hf("Authorization")) { > www_challenge("", "0"); > exit; > } > $var(username)=$fU; > > if(!ldap_search("ldap://sipaccounts/ou=accounts,dc=sunnyphone,dc=com??sub?(& > (cn=$fU))")) > { > switch ($retcode) > { > case -1: > # no LDAP entry found > sl_send_reply("404", "SunnyLab : User Not > Found"); > exit; > case -2: > # internal error > sl_send_reply("500", "SunnyLab : Internal > server error"); > exit; > default: > exit; > } > } > xlog("L_INFO", "SunnyLab : ldap_search: found [$retcode] > entries for (cn=$fU)"); > > if (!ldap_result("userPassword/$avp(s:password)")) > { > switch ($retcode) > { > case -1: > # no SIPIdentityServiceLevel found > sl_send_reply("403", "SunnyLab : > Forbidden"); > exit; > case -2: > # internal error > sl_send_reply("500", "SunnyLab : > Internal server error"); > exit; > default: > exit; > } > } > xlog("L_INFO", "SunnyLab : ldap_result: password est = > $avp(s:password)"); > # do the authentication > if(!pv_www_authorize("")){ > www_challenge("", "0"); > exit; > } > if (!save("location")) > sl_reply_error(); > exit; > } > > if ($rU==NULL) { > # request with no Username in RURI > sl_send_reply("484","Address Incomplete"); > exit; > } > > if (!lookup("location","m")) { > switch ($retcode) { > case -1: > case -3: > t_newtran(); > t_reply("404", "Not Found"); > exit; > case -2: > sl_send_reply("405", "Method Not Allowed"); > exit; > } > } > setflag(2); > route(1); > } > > > > > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > -- Bogdan-Andrei Iancu www.voice-system.ro _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users