[Devel] [ openser-Patches-1707996 ] LDAP auth module
SourceForge.net
noreply at sourceforge.net
Thu Apr 26 13:34:34 CEST 2007
Patches item #1707996, was opened at 2007-04-26 15:34
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1707996&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.2.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Alexei Volkov (av_kot)
Assigned to: Nobody/Anonymous (nobody)
Summary: LDAP auth module
Initial Comment:
After couple days googling over the web i found that ldap authentication to openser is available via radius module.
As for me as a relatively new user to openser it is rather difficult to build full chain ldap+radius+openser to make complete authorization and accounting. For example, in my case just a simple authentication against ldap database is needed , and unfortunately i do not found any usable code to patch openser to directly authenticate user in LDAP.
Spending some time more I have developed auth_ldap module for openser. If it can be usable for the community i would like to open and share it to openser project.
Some features of my auth_ldap module can be represented by following openser.cfg lines.
loadmodule "auth.so"
loadmodule "auth_ldap.so"
loadmodule "uac.so"
....
modparam("auth_ldap", "ldap_server", "ldap://localhost")
modparam("auth_ldap", "ldap_bind_dn", "cn=admin,dc=domain")
modparam("auth_ldap", "ldap_bind_passwd", "secret")
modparam("auth_ldap", "ldap_base_dn", "ou=Users,dc=domain")
modparam("auth_ldap", "ldap_search_filter", "(&(OpenSerAccount=%s)(OpenSerEnabled=TRUE))")
modparam("auth_ldap", "ldap_passwd_attr", "OpenSerPassword")
modparam("auth_ldap", "ldap_debug_encoding", "koi8-r")
modparam("auth_ldap", "ldap_avp_attrs", "cn,OpenSerGroup")
modparam("auth_ldap", "ldap_avp_prefix", "ldap_")
....
route{
...
if (!ldap_www_authorize("domain")) { # authorization and account avp creatied here
www_challenge("domain", "1");
exit;
};
....
uac_replace_from("$avp(s:ldap_cn)","");
...
append_hf("P-hint-openser-account-group: $avp(s:ldap_OpenSerGroup)\r\n");
...
}
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743022&aid=1707996&group_id=139143
More information about the Devel
mailing list