Hello Daniel,
Thank you for answer,

Regard my  last message where Alex is answer me.
Can you please verify that this ldap authentication routing section is should work. Because call between two registered extension not working at all I don't see any attempts of negotiations, always get 404. I am trying don't use mysql for user management.

Error from debug.

 7(2668) DEBUG: tm [t_lookup.c:1373]: t_newtran(): DEBUG: t_newtran: msg id=1 , global msg id=1 , T on entrance=(nil)
 7(2668) DEBUG: tm [t_lookup.c:527]: t_lookup_request(): t_lookup_request: start searching: hash=24684, isACK=0
 7(2668) DEBUG: tm [t_lookup.c:485]: matching_3261(): DEBUG: RFC3261 transaction matching failed
 7(2668) DEBUG: tm [t_lookup.c:709]: t_lookup_request(): DEBUG: t_lookup_request: no transaction found
 7(2668) DEBUG: tm [t_hooks.c:374]: run_reqin_callbacks_internal(): DBG: trans=0x7f272e75acc0, callback type 1, id 0 entered
 7(2668) DEBUG: <core> [md5utils.c:67]: MD5StringArray(): DEBUG: MD5 calculated: 56120e176eec0cd31c62bcba6270de35
 7(2668) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio-ldap.cfg] l=697 a=21 n=switch
 7(2668) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio-ldap.cfg] l=692 a=26 n=send_reply
 7(2668) DEBUG: tm [t_lookup.c:1072]: t_check_msg(): DEBUG: t_check_msg: msg id=1 global id=1 T start=0x7f272e75acc0
 7(2668) DEBUG: tm [t_lookup.c:1144]: t_check_msg(): DEBUG: t_check_msg: T already found!
 7(2668) DEBUG: <core> [msg_translator.c:204]: check_via_address(): check_via_address(10.237.236.150, 10.237.236.150, 0)
 7(2668) DEBUG: <core> [mem/shm_mem.c:111]: _shm_resize(): WARNING:vqm_resize: resize(0) called
 7(2668) DEBUG: tm [t_reply.c:1663]: cleanup_uac_timers(): DEBUG: cleanup_uac_timers: RETR/FR timers reset
 7(2668) DEBUG: tm [t_hooks.c:288]: run_trans_callbacks_internal(): DBG: trans=0x7f272e75acc0, callback type 512, id 0 entered
 7(2668) DEBUG: acc [acc_logic.c:557]: tmcb_func(): acc callback called for t(0x7f272e75acc0) event type 512, reply code 404
 7(2668) DEBUG: tm [t_reply.c:728]: _reply_light(): DEBUG: reply sent out. buf=0x7f2738acb530: SIP/2.0 404 Not Foun..., shmem=0x7f272e753128: SIP/2.0 404 Not Foun
 7(2668) DEBUG: tm [t_reply.c:738]: _reply_light(): DEBUG: _reply_light: finished
 7(2668) DEBUG: sl [sl.c:280]: send_reply(): reply in stateful mode (tm)


#!ifdef WITH_LDAP
route[LDAP] {
    if(is_method("REGISTER")) {

    if(!(is_present_hf("Authorization") || is_present_hf("Proxy-Authorization"))) {
        # no credentials header - send back challenge
        auth_challenge("$fd", "1");
        exit;
     }

           # ldap search
           ldap_search("ldap://sipaccounts/ou=People,dc=networklab,dc=loc?sipDomain,sipMobileExtension,sipPassword?one?(&(objectClass=phonesipuser)(sipMobileExtension=$fU))");
           $var(rc) = $rc;
           if ($var(rc)<0) {
                switch ($var(rc))
                {
                    case -1:
                       # no LDAP entry found
                       sl_send_reply("404", "User Not Found");
                       exit;
                    case -2:
                       # internal error
                       sl_send_reply("500", "Internal server error");
                       exit;
                    default:
                       sl_send_reply("403", "Not allowed");
                       exit;
                }
            }

            ldap_result("sipDomain/$avp(domain)");
            ldap_result("sipMobileExtension/$avp(s:username)");

            if (!ldap_result("sipPassword/$avp(s:password)")) {
                sl_send_reply("404", "User Not Found");
                exit;
             }
 
             if ($fd != $avp(domain)) {
                   xlog("L_INFO", "Got ldap result $avp(domain). For user $avp(s:username) Not allowed $fd");
                   sl_send_reply("403","Not allowed $fd");
                   exit;
             }
    
             xlog("L_INFO", "[Extension=$au] have $avp(s:password)\n");  # For test get ha1 from ldap
                 
             if (!pv_auth_check("$fd", "$avp(s:password)", "1", "0")) {

             #if (!pv_www_authenticate("$fd", "$avp(s:password)", "1")) {

              if $rc == -1 xlog("L_WARN", "Authentication: RetVal -1 Invalid Auth User [Extension=$au]\n");
                 else if $rc == -2  xlog("L_WARN", "Authentication: RetVal -2 Invalid Password [Extension=$au]\n");
                 else if $rc == -3  xlog("L_INFO", "Authentication: RetVal -3 Stale nonce [Extension=$au]\n");
                 else if $rc == -5  xlog("L_WARN", "Authentication: RetVal -5 Generic Error [Extension=$au]\n");

             #    www_challenge("$td", "0");
             #    exit;
             #    sl_send_reply("200", "ok");
             #    exit;
             #} else {
             #    www_challenge("$td", "1");
             #    exit;
             #}

               auth_challenge("$fd", "1");
               exit;
               sl_send_reply("403","Not allowed");
               exit;
            } else {
                sl_send_reply("200", "ok");
                exit;
            }

           if (!is_method("REGISTER|PUBLISH")) {
               consume_credentials();
           }
     }
return;
}
#!endif


Thank you,
                   Slava.


From: "Daniel-Constantin Mierla" <miconda@gmail.com>
To: "Kamailio (SER) - Users Mailing List" <sr-users@lists.sip-router.org>
Sent: Monday, March 24, 2014 4:47:36 AM
Subject: Re: [SR-Users] Ldap auth

Hello,

remove the double quotes in the IF expressions:

if ("$avp(s:domain)" =~ "$fd") {

Values in between double quotes are strings.

Cheers,
Daniel

On 21/03/14 21:41, Slava Bendersky wrote:
Hello Everyone,

I am trying compare domain part of uri with ldap query result, getting some syntax warning

  1. arn_at(): warning in config file /etc/kamailio/kamailio-ldap.cfg, line 992, column 17-39: constant value in if(...)
  2.  
  3.  
  4.             ldap_result("sipExtension/$avp(extension)");
  5.             ldap_result("sipDomain/$avp(domain)");
  6.             ldap_result("password/$avp(password)");
  7.  
  8.            }
  9.  
  10.             if ("$avp(s:domain)" =~ "$fd") {
  11.                    xlog("L_INFO", "Not alllowed $fd");
  12.                    sl_send_reply("403","Not allowed $fd");
  13.                    exit;
  14.              }
  15.  

    any help thank you


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference - April 2-4, 2014, Berlin, Germany
http://www.kamailioworld.com

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users