[SR-Users] Kamailio LDAP integration
Reda Aouad
reda.aouad at gmail.com
Fri May 4 20:40:58 CEST 2012
in the line
if (!pv_www_authenticate("$td", "$avp(password)", "0")) {
write avp(s:password) instead of avp(password)
not sure it will solve it though.. if it doesn't, maybe others can help you
more on this.
Reda
On Fri, May 4, 2012 at 5:50 PM, Saul Waizer <saulwaizer at gmail.com> wrote:
> Hello Reda,
>
> Thank you for your feedback, after some further research and testing I got
> the LDAP search working, I am just having one issue with the password
> variable:
>
> 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=755 a=28
> n=pv_www_authenticate
> 3(22487) ERROR: <core> [sr_module.c:1613]: Could not convert PV to str
> 3(22487) ERROR: auth [auth_mod.c:569]: failed to get passwd value
>
> My relevant configuration:
>
> route[AUTH] {
> #!ifdef WITH_AUTH
> if (is_method("REGISTER"))
> {
> if(is_present_hf("Authorization"))
> {
> # ldap search
>
> if
> (!ldap_search("ldap://demo/ou=demo,dc=mydomain,dc=com?uid,userPassword?"))
>
> {
> switch ($retcode)
> {
> case -1:
> # no LDAP entry found
> sl_send_reply("404", "User Not Found");
> exit;
> case -2:
> # internal error
> sl_send_reply("500", "Internal server error");
> exit;
> default:
> exit;
> }
> }
> ldap_result("uid/$avp(s:username)");
> ldap_result("userPassword/$avp(s:password)");
> xlog("L_INFO", "ldap_search: found [$retcode] entries for
> (uid=$fU)");
> if (!pv_www_authenticate("$td", "$avp(password)", "0")) {
> www_challenge("$td", "1");
> exit;
> }
> sl_send_reply("200", "ok");
> exit;
> } else {
> www_challenge("$td", "1");
> exit;
> }
> } else {
>
> And the error message:
>
> 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=735 a=26
> n=ldap_search
> 3(22487) DEBUG: ldap [ldap_api_fn.c:273]: LDAP URL parsed into
> session_name [demo], base [ou=demo,dc=mydomain,dc=com], scope [0], filter []
> 3(22487) DEBUG: ldap [ldap_api_fn.c:433]: [demo]: performing LDAP search:
> dn [ou=demo,dc=mydomain,dc=com], scope [0], filter [(null)], client_timeout
> [5000000] usecs
> 3(22487) DEBUG: ldap [ldap_api_fn.c:240]: [demo]: [1] LDAP entries found
> 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=752 a=26
> n=ldap_result
> 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=753 a=26
> n=ldap_result
> 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=754 a=27
> n=xlog
> 3(22487) INFO: <script>: ldap_search: found [-1] entries for
> (uid=mmiller) 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg]
> l=759 a=17 n=if
> 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=755 a=28
> n=pv_www_authenticate
> 3(22487) ERROR: <core> [sr_module.c:1613]: Could not convert PV to str
> 3(22487) ERROR: auth [auth_mod.c:569]: failed to get passwd value
> 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=756 a=27
> n=www_challenge
> 3(22487) DEBUG: auth [challenge.c:102]: build_challenge_hf:
> realm='ip.of.sip.server'
> 3(22487) DEBUG: auth [challenge.c:113]: build_challenge_hf: qop='auth'
> 3(22487) DEBUG: auth [challenge.c:244]: auth: 'WWW-Authenticate: Digest
> realm="ip.of.sip.server", nonce="T6P5yU+j+J23OE93mPaektZpJszGpt/l",
> qop="auth"
>
> Any help is greatly appreciated!
> Thanks
>
>
>
> On Thu, May 3, 2012 at 4:22 PM, Reda Aouad <reda.aouad at gmail.com> wrote:
>
>> Hi Saul,
>>
>> username_avp_spec was previously a AUTH module parameter to specify a
>> variable that was passed to pv_www_authorize implicitly (the function
>> doesn't take arguments). Now you should use the new pv_www_authenticate
>> and pass to it explicitly the credentials as arguments.
>>
>> So forget about username_avp_spec since it doesn't exist as module param
>> anymore (this is why you are getting the error). Store the result of
>> ldap_search in the avps as in the tutorial using ldap_result, and pass them
>> to pv_www_authenticate as parameters. pv_www_authenticate takes the
>> following arguments:
>> - realm: which you can get from "to domain" using $td
>> - password: $avp(s:password)
>> - flag: set it to 0 as a first test
>>
>> example:
>> pv_www_authorize("$td", "$avp(s:password)", 0)
>>
>> This function takes the username from the authentication header, so no
>> need to pass it anymore as argument.
>>
>> Reda
>>
>>
>>
>> On Thu, May 3, 2012 at 8:47 PM, Saul Waizer <saulwaizer at gmail.com> wrote:
>>
>>> Hello List,
>>>
>>> I am trying to incorporate an existing LDAP directory with our Kamailio
>>> installation for SIP authentication. A good friend suggested to checkout
>>> this tutorial and adapt it to fit my needs (and current version)
>>>
>>> http://www.kamailio.org/dokuwiki/doku.php/tutorials:openser-auth-ldap
>>>
>>> It seems like the AUTH module does not contain the function
>>> username_spec (which I believe is not used anymore) but the
>>> username_avp_spec which is not part of the AUTH module but the H350 module
>>> http://kamailio.org/docs/modules/3.2.x/modules_k/h350.html
>>>
>>> I enabled the h350 module and tried setting the params as described in
>>> the documentation:
>>>
>>> modparam("auth", "username_spec", "$avp(s:username)")
>>> modparam("auth", "password_spec", "$avp(s:password)")
>>> modparam("auth", "calculate_ha1", 1)
>>>
>>> I got the following error after checking the configuration:
>>>
>>> ERROR: <core> [modparam.c:151]: set_mod_param_regex: parameter
>>> <username_spec> not found in module <auth>
>>>
>>> I am running kamailio 3.2.3 (i386/linux) Ubuntu
>>>
>>> Thank you in advance!
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120504/2eaca23a/attachment.htm>
More information about the sr-users
mailing list