[SR-Users] LDAP user authentication

martian at centrum.sk martian at centrum.sk
Wed Sep 26 11:53:56 CEST 2012


Hi.
I have been looking into LDAP way of authenticating users.
Reading this guide
 
http://www.kamailio.org/dokuwiki/doku.php/tutorials:kamailio31-auth-ldap
 
and reading the AUTH and LDAP module documentations, it seems to me that currently you can bind to LDAP (using some service account for example) and perform the SEARCH operation for data only.
Therefore you need to retrieve user login and password from the LDAP db and than authenticate the user in Kamailio.

My question is: What is you can't simply retrieve the password from LDAP db??
Is it possible to do a BIND operation to LDAP, using login name and password provided by user in REGISTER message? (this means not using the ones specified in the external ldap config file).
BIND operation kind of authenticates the user. So theoreticaly, if LDAP binding authentication succeeds, the user is trusted and can be replied with 200 OK.
This in fact means: using bind operation instead of search operation when a REGISTER message (with Authorization header) arrives.
Any opinions on corectness of this approach are welcome, along with clarifying the possibility to do this.
 
Thanks in advance.
Martin



More information about the sr-users mailing list