Hello Daniel,
Thank you for answer,
Regard my last message where Alex is answer me.
Can you please verify that this ldap authentication routing section is should work.
Because call between two registered extension not working at all I don't see any
attempts of negotiations, always get 404. I am trying don't use mysql for user
management.
Error from debug.
7(2668) DEBUG: tm [t_lookup.c:1373]: t_newtran(): DEBUG: t_newtran: msg id=1 , global msg
id=1 , T on entrance=(nil)
7(2668) DEBUG: tm [t_lookup.c:527]: t_lookup_request(): t_lookup_request: start searching:
hash=24684, isACK=0
7(2668) DEBUG: tm [t_lookup.c:485]: matching_3261(): DEBUG: RFC3261 transaction matching
failed
7(2668) DEBUG: tm [t_lookup.c:709]: t_lookup_request(): DEBUG: t_lookup_request: no
transaction found
7(2668) DEBUG: tm [t_hooks.c:374]: run_reqin_callbacks_internal(): DBG:
trans=0x7f272e75acc0, callback type 1, id 0 entered
7(2668) DEBUG: <core> [md5utils.c:67]: MD5StringArray(): DEBUG: MD5 calculated:
56120e176eec0cd31c62bcba6270de35
7(2668) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio-ldap.cfg] l=697 a=21 n=switch
7(2668) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio-ldap.cfg] l=692 a=26 n=send_reply
7(2668) DEBUG: tm [t_lookup.c:1072]: t_check_msg(): DEBUG: t_check_msg: msg id=1 global
id=1 T start=0x7f272e75acc0
7(2668) DEBUG: tm [t_lookup.c:1144]: t_check_msg(): DEBUG: t_check_msg: T already found!
7(2668) DEBUG: <core> [msg_translator.c:204]: check_via_address():
check_via_address(10.237.236.150, 10.237.236.150, 0)
7(2668) DEBUG: <core> [mem/shm_mem.c:111]: _shm_resize(): WARNING:vqm_resize:
resize(0) called
7(2668) DEBUG: tm [t_reply.c:1663]: cleanup_uac_timers(): DEBUG: cleanup_uac_timers:
RETR/FR timers reset
7(2668) DEBUG: tm [t_hooks.c:288]: run_trans_callbacks_internal(): DBG:
trans=0x7f272e75acc0, callback type 512, id 0 entered
7(2668) DEBUG: acc [acc_logic.c:557]: tmcb_func(): acc callback called for
t(0x7f272e75acc0) event type 512, reply code 404
7(2668) DEBUG: tm [t_reply.c:728]: _reply_light(): DEBUG: reply sent out.
buf=0x7f2738acb530: SIP/2.0 404 Not Foun..., shmem=0x7f272e753128: SIP/2.0 404 Not Foun
7(2668) DEBUG: tm [t_reply.c:738]: _reply_light(): DEBUG: _reply_light: finished
7(2668) DEBUG: sl [sl.c:280]: send_reply(): reply in stateful mode (tm)
#!ifdef WITH_LDAP
route[LDAP] {
if(is_method("REGISTER")) {
if(!(is_present_hf("Authorization") ||
is_present_hf("Proxy-Authorization"))) {
# no credentials header - send back challenge
auth_challenge("$fd", "1");
exit;
}
# ldap search
ldap_search("ldap://sipaccounts/ou=People,dc=networklab,dc=loc?sipDomain,sipMobileExtension,sipPassword?one?(&(objectClass=phonesipuser)(sipMobileExtension=$fU))");
$var(rc) = $rc;
if ($var(rc)<0) {
switch ($var(rc))
{
case -1:
# no LDAP entry found
sl_send_reply("404", "User Not Found");
exit;
case -2:
# internal error
sl_send_reply("500", "Internal server error");
exit;
default:
sl_send_reply("403", "Not allowed");
exit;
}
}
ldap_result("sipDomain/$avp(domain)");
ldap_result("sipMobileExtension/$avp(s:username)");
if (!ldap_result("sipPassword/$avp(s:password)")) {
sl_send_reply("404", "User Not Found");
exit;
}
if ($fd != $avp(domain)) {
xlog("L_INFO", "Got ldap result $avp(domain). For user $avp(s:username) Not
allowed $fd");
sl_send_reply("403","Not allowed $fd");
exit;
}
xlog("L_INFO", "[Extension=$au] have $avp(s:password)\n"); # For test
get ha1 from ldap
if (!pv_auth_check("$fd", "$avp(s:password)", "1",
"0")) {
#if (!pv_www_authenticate("$fd", "$avp(s:password)", "1")) {
if $rc == -1 xlog("L_WARN", "Authentication: RetVal -1 Invalid Auth User
[Extension=$au]\n");
else if $rc == -2 xlog("L_WARN", "Authentication: RetVal -2 Invalid
Password [Extension=$au]\n");
else if $rc == -3 xlog("L_INFO", "Authentication: RetVal -3 Stale nonce
[Extension=$au]\n");
else if $rc == -5 xlog("L_WARN", "Authentication: RetVal -5 Generic Error
[Extension=$au]\n");
# www_challenge("$td", "0");
# exit;
# sl_send_reply("200", "ok");
# exit;
#} else {
# www_challenge("$td", "1");
# exit;
#}
auth_challenge("$fd", "1");
exit;
sl_send_reply("403","Not allowed");
exit;
} else {
sl_send_reply("200", "ok");
exit;
}
if (!is_method("REGISTER|PUBLISH")) {
consume_credentials();
}
}
return;
}
#!endif
Thank you,
Slava.
----- Original Message -----
From: "Daniel-Constantin Mierla" <miconda(a)gmail.com>
To: "Kamailio (SER) - Users Mailing List" <sr-users(a)lists.sip-router.org>
Sent: Monday, March 24, 2014 4:47:36 AM
Subject: Re: [SR-Users] Ldap auth
Hello,
remove the double quotes in the IF expressions:
if ("$avp(s:domain)" =~ "$fd") {
Values in between double quotes are strings.
Cheers,
Daniel
On 21/03/14 21:41, Slava Bendersky wrote:
Hello Everyone,
I am trying compare domain part of uri with ldap query result, getting some syntax warning
1.
arn_at(): warning in config file /etc/kamailio/kamailio-ldap.cfg, line 992, column 17-39:
constant value in if(...)
2.
3.
4.
ldap_result("sipExtension/$avp(extension)");
5.
ldap_result("sipDomain/$avp(domain)");
6.
ldap_result("password/$avp(password)");
7.
8.
}
9.
10.
if ("$avp(s:domain)" =~ "$fd") {
11.
xlog("L_INFO", "Not alllowed $fd");
12.
sl_send_reply("403","Not allowed $fd");
13.
exit;
14.
}
15.
any help thank you
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -
http://www.asipto.com http://twitter.com/#!/miconda -
http://www.linkedin.com/in/miconda Kamailio World Conference - April 2-4, 2014, Berlin,
Germany
http://www.kamailioworld.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users