<style type="text/css">!--
@page { size: 8.5in 11in; margin: 0.79in }
P { margin-bottom: 0.08in }
--></style>Dear all,
<p style="margin-bottom: 0in;"><br>
</p>
<p style="margin-bottom: 0in;">I wounder if anyone successfully uses
openSER 1.3.x with LDAP server (openLDAP). For me I work fine with
Authenticating the uses while REGISTER request. However, I could not
configure it to Authenticate call setup. in other words, an non
register user can make a call setup. what comes to my mind is to use
the same idea of authentication when RIGISTER request was issues with
some modefications but when SIP proxy server send "407 Proxy
Authentication Required" the client send ACK and stop.
</p>
<p style="margin-bottom: 0in;">=================================================<br>
</p>
<p style="margin-bottom: 0in;"># account only INVITEs
</p>
<p style="margin-bottom: 0in;">if (is_method("INVITE")) {
</p>
<p style="margin-bottom: 0in;"> xlog("L_NOTICE","Processing
by INVITE handler ...\n");
</p>
<p style="margin-bottom: 0in;"> route(4);
</p>
<p style="margin-bottom: 0in;"> exit;
</p>
<p style="margin-bottom: 0in;"> #setflag(1); # do accouting
</p>
<p style="margin-bottom: 0in;">}</p>
<p style="margin-bottom: 0in;">.....</p>
<p style="margin-bottom: 0in;">route[1] {
</p>
<p style="margin-bottom: 0in;"> if (!t_relay()) {
</p>
<p style="margin-bottom: 0in;"> sl_reply_error();
</p>
<p style="margin-bottom: 0in;"> };
</p>
<p style="margin-bottom: 0in;"> exit;
</p>
<p style="margin-bottom: 0in;">}</p>
<p style="margin-bottom: 0in;">..........</p>
<p style="margin-bottom: 0in;">
rout[4]</p>
<p style="margin-bottom: 0in;">{</p>
<p style="margin-bottom: 0in;">
if(is_present_hf("Authorization"))
</p>
<p style="margin-bottom: 0in;"> {
</p>
<p style="margin-bottom: 0in;"> # ldap search
</p>
<p style="margin-bottom: 0in;"> if
(!ldap_search("ldap://sipaccounts/ou=sip,dc=mysip,dc=com?sn,userPassword?one?(cn=$fU)"))
</p>
<p style="margin-bottom: 0in;"> {
</p>
<p style="margin-bottom: 0in;"> switch ($retcode)
</p>
<p style="margin-bottom: 0in;"> {
</p>
<p style="margin-bottom: 0in;"> case -1:
</p>
<p style="margin-bottom: 0in;"> # no LDAP entry
found
</p>
<p style="margin-bottom: 0in;">
sl_send_reply("404", "User Not Found");
</p>
<p style="margin-bottom: 0in;"> exit;
</p>
<p style="margin-bottom: 0in;"> case -2:
</p>
<p style="margin-bottom: 0in;"> # internal
error
</p>
<p style="margin-bottom: 0in;">
sl_send_reply("500", "Internal server error");
</p>
<p style="margin-bottom: 0in;"> exit;
</p>
<p style="margin-bottom: 0in;"> default:
</p>
<p style="margin-bottom: 0in;"> exit;
</p>
<p style="margin-bottom: 0in;"> }
</p>
<p style="margin-bottom: 0in;"> }
</p>
<p style="margin-bottom: 0in;">
ldap_result("sn/$avp(s:username)");
</p>
<p style="margin-bottom: 0in;">
ldap_result("userPassword/$avp(s:password)");
</p>
<p style="margin-bottom: 0in;">
if(!pv_proxy_authorize(""))
</p>
<p style="margin-bottom: 0in;"> {
</p>
<p style="margin-bottom: 0in;">
proxy_challenge(""/*realm*/,"0"/*qop*/);
</p>
<p style="margin-bottom: 0in;"> exit;
</p>
<p style="margin-bottom: 0in;"> }
</p>
<p style="margin-bottom: 0in;"> route(1);
</p>
<p style="margin-bottom: 0in;"> } else {
</p>
<p style="margin-bottom: 0in;"> proxy_challenge("","1");
</p>
<p style="margin-bottom: 0in;"> exit;
</p>
<p style="margin-bottom: 0in;"> }</p>
<p style="margin-bottom: 0in;"><br>
</p>
<p style="margin-bottom: 0in;">
=================================================<br><br>
</p>
<p style="margin-bottom: 0in;"> do any one know how to authenticate
call setup? do you think using RADIUS is better for authentication
instead of LDAP authentication?</p>
<p style="margin-bottom: 0in;"><br>
</p>
<p style="margin-bottom: 0in;">regards,
</p>
<p style="margin-bottom: 0in;">Ahmed ALALI
</p>
<p style="margin-bottom: 0in;"><br>
</p>