Hello Daniel, Thank you for answer,

Regard my last message where Alex is answer me. Can you please verify that this ldap authentication routing section is should work. Because call between two registered extension not working at all I don't see any attempts of negotiations, always get 404. I am trying don't use mysql for user management.

Error from debug.

7(2668) DEBUG: tm [t_lookup.c:1373]: t_newtran(): DEBUG: t_newtran: msg id=1 , global msg id=1 , T on entrance=(nil) 7(2668) DEBUG: tm [t_lookup.c:527]: t_lookup_request(): t_lookup_request: start searching: hash=24684, isACK=0 7(2668) DEBUG: tm [t_lookup.c:485]: matching_3261(): DEBUG: RFC3261 transaction matching failed 7(2668) DEBUG: tm [t_lookup.c:709]: t_lookup_request(): DEBUG: t_lookup_request: no transaction found 7(2668) DEBUG: tm [t_hooks.c:374]: run_reqin_callbacks_internal(): DBG: trans=0x7f272e75acc0, callback type 1, id 0 entered 7(2668) DEBUG: <core> [md5utils.c:67]: MD5StringArray(): DEBUG: MD5 calculated: 56120e176eec0cd31c62bcba6270de35 7(2668) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio-ldap.cfg] l=697 a=21 n=switch 7(2668) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio-ldap.cfg] l=692 a=26 n=send_reply 7(2668) DEBUG: tm [t_lookup.c:1072]: t_check_msg(): DEBUG: t_check_msg: msg id=1 global id=1 T start=0x7f272e75acc0 7(2668) DEBUG: tm [t_lookup.c:1144]: t_check_msg(): DEBUG: t_check_msg: T already found! 7(2668) DEBUG: <core> [msg_translator.c:204]: check_via_address(): check_via_address(10.237.236.150, 10.237.236.150, 0) 7(2668) DEBUG: <core> [mem/shm_mem.c:111]: _shm_resize(): WARNING:vqm_resize: resize(0) called 7(2668) DEBUG: tm [t_reply.c:1663]: cleanup_uac_timers(): DEBUG: cleanup_uac_timers: RETR/FR timers reset 7(2668) DEBUG: tm [t_hooks.c:288]: run_trans_callbacks_internal(): DBG: trans=0x7f272e75acc0, callback type 512, id 0 entered 7(2668) DEBUG: acc [acc_logic.c:557]: tmcb_func(): acc callback called for t(0x7f272e75acc0) event type 512, reply code 404 7(2668) DEBUG: tm [t_reply.c:728]: _reply_light(): DEBUG: reply sent out. buf=0x7f2738acb530: SIP/2.0 404 Not Foun..., shmem=0x7f272e753128: SIP/2.0 404 Not Foun 7(2668) DEBUG: tm [t_reply.c:738]: _reply_light(): DEBUG: _reply_light: finished 7(2668) DEBUG: sl [sl.c:280]: send_reply(): reply in stateful mode (tm)

#!ifdef WITH_LDAP route[LDAP] { if(is_method("REGISTER")) {

if(!(is_present_hf("Authorization") || is_present_hf("Proxy-Authorization"))) { # no credentials header - send back challenge auth_challenge("$fd", "1"); exit; }

# ldap search ldap_search("ldap://sipaccounts/ou=People,dc=networklab,dc=loc?sipDomain,sipMobileExtension,sipPassword?one?(&(objectClass=phonesipuser)(sipMobileExtension=$fU))"); $var(rc) = $rc; if ($var(rc)<0) { switch ($var(rc)) { case -1: # no LDAP entry found sl_send_reply("404", "User Not Found"); exit; case -2: # internal error sl_send_reply("500", "Internal server error"); exit; default: sl_send_reply("403", "Not allowed"); exit; } }

ldap_result("sipDomain/$avp(domain)"); ldap_result("sipMobileExtension/$avp(s:username)");

if (!ldap_result("sipPassword/$avp(s:password)")) { sl_send_reply("404", "User Not Found"); exit; }

if ($fd != $avp(domain)) { xlog("L_INFO", "Got ldap result $avp(domain). For user $avp(s:username) Not allowed $fd"); sl_send_reply("403","Not allowed $fd"); exit; }

xlog("L_INFO", "[Extension=$au] have $avp(s:password)\n"); # For test get ha1 from ldap

if (!pv_auth_check("$fd", "$avp(s:password)", "1", "0")) {

#if (!pv_www_authenticate("$fd", "$avp(s:password)", "1")) {

if $rc == -1 xlog("L_WARN", "Authentication: RetVal -1 Invalid Auth User [Extension=$au]\n"); else if $rc == -2 xlog("L_WARN", "Authentication: RetVal -2 Invalid Password [Extension=$au]\n"); else if $rc == -3 xlog("L_INFO", "Authentication: RetVal -3 Stale nonce [Extension=$au]\n"); else if $rc == -5 xlog("L_WARN", "Authentication: RetVal -5 Generic Error [Extension=$au]\n");

# www_challenge("$td", "0"); # exit; # sl_send_reply("200", "ok"); # exit; #} else { # www_challenge("$td", "1"); # exit; #}

auth_challenge("$fd", "1"); exit; sl_send_reply("403","Not allowed"); exit; } else { sl_send_reply("200", "ok"); exit; }

if (!is_method("REGISTER|PUBLISH")) { consume_credentials(); } } return; } #!endif

Thank you, Slava.

----- Original Message -----

From: "Daniel-Constantin Mierla" miconda@gmail.com To: "Kamailio (SER) - Users Mailing List" sr-users@lists.sip-router.org Sent: Monday, March 24, 2014 4:47:36 AM Subject: Re: [SR-Users] Ldap auth

Hello,

remove the double quotes in the IF expressions:

if ("$avp(s:domain)" =~ "$fd") {

Values in between double quotes are strings.

Cheers, Daniel

On 21/03/14 21:41, Slava Bendersky wrote:

Hello Everyone,

I am trying compare domain part of uri with ldap query result, getting some syntax warning

1. arn_at(): warning in config file /etc/kamailio/kamailio-ldap.cfg, line 992, column 17-39: constant value in if(...)

2.

3.

4. ldap_result("sipExtension/$avp(extension)");

5. ldap_result("sipDomain/$avp(domain)");

6. ldap_result("password/$avp(password)");

7.

8. }

9.

10. if ("$avp(s:domain)" =~ "$fd") {

11. xlog("L_INFO", "Not alllowed $fd");

12. sl_send_reply("403","Not allowed $fd");

13. exit;

14. }

15. any help thank you

_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users