[OpenSER-Users] Call setup authentication through openLDAP
Ahmed Huraimel
huraimel at gmail.com
Tue Apr 22 15:57:33 CEST 2008
Dear all,
I wounder if anyone successfully uses openSER 1.3.x with LDAP server
(openLDAP). For me I work fine with Authenticating the uses while REGISTER
request. However, I could not configure it to Authenticate call setup. in
other words, an non register user can make a call setup. what comes to my
mind is to use the same idea of authentication when RIGISTER request was
issues with some modefications but when SIP proxy server send "407 Proxy
Authentication Required" the client send ACK and stop.
=================================================
# account only INVITEs
if (is_method("INVITE")) {
xlog("L_NOTICE","Processing by INVITE handler ...\n");
route(4);
exit;
#setflag(1); # do accouting
}
.....
route[1] {
if (!t_relay()) {
sl_reply_error();
};
exit;
}
..........
rout[4]
{
if(is_present_hf("Authorization"))
{
# ldap search
if
(!ldap_search("ldap://sipaccounts/ou=sip,dc=mysip,dc=com?sn,userPassword?one?(cn=$fU)"))
{
switch ($retcode)
{
case -1:
# no LDAP entry found
sl_send_reply("404", "User Not Found");
exit;
case -2:
# internal error
sl_send_reply("500", "Internal server error");
exit;
default:
exit;
}
}
ldap_result("sn/$avp(s:username)");
ldap_result("userPassword/$avp(s:password)");
if(!pv_proxy_authorize(""))
{
proxy_challenge(""/*realm*/,"0"/*qop*/);
exit;
}
route(1);
} else {
proxy_challenge("","1");
exit;
}
=================================================
do any one know how to authenticate call setup? do you think using RADIUS
is better for authentication instead of LDAP authentication?
regards,
Ahmed ALALI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080422/aaab620a/attachment.htm>
More information about the sr-users
mailing list