– Kamailio SIP Server –

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tutorials:openser-auth-ldap [2008/08/20 17:03]
84.22.107.1
tutorials:openser-auth-ldap [2008/09/24 00:31] (current)
86.121.128.125
Line 1: Line 1:
 +====== LDAP Authentication for OpenSER 1.3.x ======
  
 +<hi #​98fb98>​work in progress</​hi>​
 +
 +
 +
 +===== Prerequisites =====
 +
 +* install OpenLDAP library (libldap) v2.1 or greater, libldap header files (libldap-dev) are needed for compilation
 +* read the documentation of **auth** module: http://​www.kamailio.org/​docs/​modules/​1.3.x/​auth.html
 +* read the documentation of **ldap** module: http://​www.kamailio.org/​docs/​modules/​1.3.x/​ldap.html
 +
 +
 +
 +===== Sample LDAP Tree =====
 +
 +<​code>​
 +- dc=example,​dc=com
 +  |
 +  +- ou=users
 +  |  |
 +  |  +- cn=sip_proxy -- sn: sip_proxy
 +  |                  -- userPassword:​ proxypwd
 +  |
 +  +- ou=sip
 +     |
 +     +- cn=user1 -- SIPUserName:​ user1
 +     ​| ​          -- SIPPassword:​ pwd1
 +     |
 +     +- cn=user2 -- SIPUserName:​ user2
 +                 -- SIPPassword:​ pwd2
 +</​code>​
 +
 +
 +
 +
 +===== LDAP Module Configuration File =====
 +
 +/​usr/​local/​etc/​openser/​ldap.cfg:​
 +<​code>​
 +[sipaccounts]
 +ldap_server_url = "​ldap://​ldap.example.com"​
 +ldap_bind_dn = "​cn=sip_proxy,​ou=users,​dc=example,​dc=com"​
 +ldap_bind_password = "​proxypwd"​
 +</​code>​
 +
 +
 +
 +
 +
 +===== OpenSER Configuration File =====
 +
 +<​code>​
 +...
 +modparam("​ldap",​ "​config_file",​ "/​usr/​local/​etc/​openser/​ldap.cfg"​)
 +
 +modparam("​auth",​ "​username_spec",​ "​$avp(s:​username)"​)
 +modparam("​auth",​ "​password_spec",​ "​$avp(s:​password)"​)
 +modparam("​auth",​ "​calculate_ha1",​ 1)
 +
 +...
 +
 +route[11] {
 +    if(is_method("​REGISTER"​))
 +    {
 +        if(is_present_hf("​Authorization"​))
 +        {
 +            # ldap search
 +            if (!ldap_search("​ldap://​sipaccounts/​ou=sip,​dc=example,​dc=com?​SIPUserName,​SIPPassword?​one?​(cn=$fU)"​))
 +            {
 +                switch ($retcode)
 +                {
 +                    case -1:
 +                       # no LDAP entry found
 +                       ​sl_send_reply("​404",​ "User Not Found"​);​
 +                       exit;
 +                    case -2:
 +                       # internal error
 +                       ​sl_send_reply("​500",​ "​Internal server error"​);​
 +                       exit;
 +                    default:
 +                       exit;
 +                }
 +            }
 +            ldap_result("​SIPUserName/​$avp(s:​username)"​);​
 +            ldap_result("​SIPPassword/​$avp(s:​password)"​);​
 +            if(!pv_www_authorize(""​))
 +            {
 +                 ​www_challenge(""/​*realm*/,"​0"/​*qop*/​);​
 +                 exit;
 +            }
 +            sl_send_reply("​200",​ "​ok"​);​
 +            exit;
 +        } else {
 +            www_challenge("","​0"​);​
 +            exit;
 +        }
 +    }
 +}
 +...
 +</​code>​