[EMAIL PROTECTED] wrote: > Hi, > > What I'd like to do is to authenticate SIP users the same way ldap users are > with the following command: ldapsearch -x -b [...] -D > uid=user1,ou=xxxxx,dc=yyyy > -W. Is it possible with openser 1.3 ?
For performance reasons, the openser ldap module executes bind operations only once per ldap connection setup. This happens when openser starts and in case an ldap server has terminated an ldap connection and the ldap module has to re-connect. The ldap module therefor does not support ldap bind operations triggered by openser's message routing script, as e.g. by SIP authentication requests. An ldap bind operation takes a considerable amount of time which adds to the overal SIP session setup delay. If the ldap user passwords are stored in cleartext (often they are md5 hashed), you could setup an ldap super user which has access to all user passwords. This ldap super user account could then be used by openser to read the password for a specific user DN, and use that password for SIP authentication. Something like ldapsearch -x -b ou=xxx,dc=yyy -W -D uid=superuser,ou=xxx,dc=yyy (uid=user1) userPassword /Christian > > > Quoting Christian Schlatter <[EMAIL PROTECTED]>: > >> [EMAIL PROTECTED] wrote: >>> Hi, >>> >>> I'm trying to implement LDAP authentication with anonymous LDAP bind. I set >> the >>> ldap configuration file without ldap_bind_dn, ldap_bind_password >> attributes. >>> This step works fine. Unfortunately, I can't figure out how to set the >>> openser.cfg file. I need to pass the bind DN and the user password to the >>> ldap_search function ; that's ok for the bind DN but I don't know how to >> procede >>> for the password. Can someone post an example please ? >> Why do you need to pass the bind DN and password to ldap_search? An LDAP >> search operation doesn't include authentication, this is what the bind >> operation is good for. Once an LDAP client authenticates itself through >> the bind operation, it can issue a search operation. >> >> /Christian >> >> >>> Regards, >>> >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.openser.org/cgi-bin/mailman/listinfo/users >> > > _______________________________________________ Users mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/users
