Hi Alan, The way to do it is like:
1) configure the auth module to do authentication via Pseudo-variables: # -- auth params -- modparam("auth", "nonce_expire", 30) modparam("auth", "secret", "my-deepest-and-darkest-secret") modparam("auth", "disable_nonce_check", 0) modparam("auth", "username_spec", "$avp(i:2)") modparam("auth", "password_spec", "$avp(i:1)") modparam("auth", "calculate_ha1", 1) 2) and in script do: # are any credentials available in the request ? if (!is_present_hf("Proxy-Authorization")) { proxy_challenge("", "0"); exit; } # run the ldap_query() and load the passwd into $avp(i:1) # TODO # username to authenticate $avp(i:2) = $fU; # do the authentication if(!pv_proxy_authorize("")){ proxy_challenge("", "0"); exit; } Regards, Bogdan Alan Rubin wrote: > Bogdan, > > I want to use LDAP to authenticate clients. We're using it for our XMPP > server (amongst other services) without issues. > > Regards, > > Alan Rubin > Unix Systems Administrator > DCS Midrange Services > Phone: +61 (08) 8999 5111 > Fax: +61 (08) 8999 7493 > e-Mail: alan.ru...@nt.gov.au > > -----Original Message----- > From: Bogdan-Andrei Iancu [mailto:bog...@voice-system.ro] > Sent: Tuesday, 16 June 2009 8:24 AM > To: Alan Rubin > Cc: Thiago Rondon; users@lists.opensips.org > Subject: Re: [OpenSIPS-Users] LDAP Authentication > > Hi Alan, > > Do you want to use LDAP to authenticate clients or to authenticate > opensips against other SIP server? > > Regards, > Bogdan > > > Alan Rubin wrote: > >> Thiago, >> >> Thanks for the reply; however, the module documentation does not seem >> > to > >> give examples on how to configure LDAP with the auth mechanism. Or is >> that not necessary? >> >> This is the section from the tutorial I found, mentioned previously: >> >> modparam("auth", "username_spec", "$avp(s:username)") >> modparam("auth", "password_spec", "$avp(s:password)") >> modparam("auth", "calculate_ha1", 1) >> ... >> >> The possible difference (typo?) that concerns me is this next >> > reference > >> in the tutorial: >> >> route[11] { >> if(is_method("REGISTER")) >> { >> if(is_present_hf("Authorization")) >> { >> # ldap search >> if >> >> > (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,S > >> IPPassword?one?(cn=$fU)")) >> { >> switch ($retcode) >> { >> ... >> >> I have no "route[11]" in my configuration file. Am I meant to create >> > a > >> new route section to handle LDAP authentication? >> >> What I am trying to do, if it is not clear, is use LDAP as a mechanism >> for authentication/registration of SIP accounts rather than having to >> configure, by hand and with a separate password, a SIP account for >> > each > >> user of my SIP server. >> >> Regards, >> >> Alan >> >> -----Original Message----- >> From: users-boun...@lists.opensips.org >> [mailto:users-boun...@lists.opensips.org] On Behalf Of Thiago Rondon >> Sent: Monday, 15 June 2009 1:47 PM >> To: Alan Rubin >> Cc: users@lists.opensips.org >> Subject: Re: [OpenSIPS-Users] LDAP Authentication >> >> >> >> Alan, >> >> How about the document of ldap module ? >> >> http://www.opensips.org/html/docs/modules/1.5.x/ldap.html >> >> -Thiago Rondon >> >> Alan Rubin escreveu: >> >> _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users