[Devel] OpenSer auth_ldap module

Daniel-Constantin Mierla daniel at voice-system.ro
Thu Apr 26 10:10:36 CEST 2007


Hello,

it would be interesting to have it on openser. Please register it to the 
tracker:
http://sourceforge.net/tracker/?atid=743022&group_id=139143&func=browse

I think an alternative at this moment is to use perlvdb module, that 
should make possible authentication against ldap.\

Cheers,
Daniel


On 04/25/07 23:44, Volkov Alexei wrote:
> Hi All!
>
> After couple days googling over the web i found that ldap 
> authentication to openser is available via radius module.
> As for me as a relatively new user to openser it is rather difficult 
> to build full chain ldap+radius+openser to make complete authorization 
> and accounting. For example, in my  case just a simple authentication 
> against ldap database is needed , and unfortunately i do not found 
> any  usable code to patch openser to directly authenticate user in LDAP.
> Spending some time more I have developed auth_ldap module for openser. 
> If it can be usable for the community i would like to open and share 
> it to openser project.
>
> Some features of my auth_ldap module can be represented by following 
> openser.cfg lines.
>
> loadmodule "auth.so"
> loadmodule "auth_ldap.so"
> loadmodule "uac.so"
>
> ....
> modparam("auth_ldap", "ldap_server", "ldap://localhost")
> modparam("auth_ldap", "ldap_bind_dn", "cn=admin,dc=domain")
> modparam("auth_ldap", "ldap_bind_passwd", "secret")
> modparam("auth_ldap", "ldap_base_dn", "ou=Users,dc=domain")
> modparam("auth_ldap", "ldap_search_filter", 
> "(&(OpenSerAccount=%s)(OpenSerEnabled=TRUE))")
> modparam("auth_ldap", "ldap_passwd_attr", "OpenSerPassword")
> modparam("auth_ldap", "ldap_debug_encoding", "koi8-r")
> modparam("auth_ldap", "ldap_avp_attrs", "cn,OpenSerGroup")
> modparam("auth_ldap", "ldap_avp_prefix", "ldap_")
> ....
> route{
> ...
>                       if (!ldap_www_authorize("domain")) { # 
> authorization and  account avp creatied here
>                                www_challenge("domain", "1");
>                                exit;
>                        };
> ....
> uac_replace_from("$avp(s:ldap_cn)","");
> ...
> append_hf("P-hint-openser-account-group: $avp(s:ldap_OpenSerGroup)\r\n");
> ...
> }
>
> WBR,
> Alexei Volkov.
>
>
>
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>



More information about the Devel mailing list