– Kamailio SIP Server –

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
tutorials:openser-auth-ldap [2007/07/27 21:48]
127.0.0.1 external edit 		tutorials:openser-auth-ldap [2008/09/24 00:31] (current)
86.121.128.125
Line 1: Line 1:
 +====== LDAP Authentication for OpenSER 1.3.x ======
  
 +<hi #98fb98>work in progress</hi>
 +
 +
 +
 +===== Prerequisites =====
 +
 +* install OpenLDAP library (libldap) v2.1 or greater, libldap header files (libldap-dev) are needed for compilation
 +* read the documentation of **auth** module: http://www.kamailio.org/docs/modules/1.3.x/auth.html
 +* read the documentation of **ldap** module: http://www.kamailio.org/docs/modules/1.3.x/ldap.html
 +
 +
 +
 +===== Sample LDAP Tree =====
 +
 +<code>
 +- dc=example,dc=com
 +  |
 +  +- ou=users
 +  |  |
 +  |  +- cn=sip_proxy -- sn: sip_proxy
 +  |                  -- userPassword: proxypwd
 +  |
 +  +- ou=sip
 +     |
 +     +- cn=user1 -- SIPUserName: user1
 +               -- SIPPassword: pwd1
 +     |
 +     +- cn=user2 -- SIPUserName: user2
 +                 -- SIPPassword: pwd2
 +</code>
 +
 +
 +
 +
 +===== LDAP Module Configuration File =====
 +
 +/usr/local/etc/openser/ldap.cfg:
 +<code>
 +[sipaccounts]
 +ldap_server_url = "ldap://ldap.example.com"
 +ldap_bind_dn = "cn=sip_proxy,ou=users,dc=example,dc=com"
 +ldap_bind_password = "proxypwd"
 +</code>
 +
 +
 +
 +
 +
 +===== OpenSER Configuration File =====
 +
 +<code>
 +...
 +modparam("ldap", "config_file", "/usr/local/etc/openser/ldap.cfg")
 +
 +modparam("auth", "username_spec", "$avp(s:username)")
 +modparam("auth", "password_spec", "$avp(s:password)")
 +modparam("auth", "calculate_ha1", 1)
 +
 +...
 +
 +route[11] {
 +    if(is_method("REGISTER"))
 +    {
 +        if(is_present_hf("Authorization"))
 +        {
 +            # ldap search
 +            if (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,SIPPassword?one?(cn=$fU)"))
 +            {
 +                switch ($retcode)
 +                {
 +                    case -1:
 +                       # no LDAP entry found
 +                       sl_send_reply("404", "User Not Found");
 +                       exit;
 +                    case -2:
 +                       # internal error
 +                       sl_send_reply("500", "Internal server error");
 +                       exit;
 +                    default:
 +                       exit;
 +                }
 +            }
 +            ldap_result("SIPUserName/$avp(s:username)");
 +            ldap_result("SIPPassword/$avp(s:password)");
 +            if(!pv_www_authorize(""))
 +            {
 +                 www_challenge(""/*realm*/,"0"/*qop*/);
 +                 exit;
 +            }
 +            sl_send_reply("200", "ok");
 +            exit;
 +        } else {
 +            www_challenge("","0");
 +            exit;
 +        }
 +    }
 +}
 +...
 +</code>

Trace: