[SR-Users] Usage of ldap/db2_ldap

DEV dev at dolphin-dev.com
Tue Feb 16 15:31:14 CET 2021 

Thank you very much!
I've applied the change and removed db2_ldap - so far it works reliable.
Will test some corner-cases soon.

Kinds regards
Kevin
________________________________________
Von: Daniel-Constantin Mierla <miconda at gmail.com>
Gesendet: Dienstag, 16. Februar 2021 08:56
An: Kamailio (SER) - Users Mailing List; DEV
Betreff: Re: [SR-Users] Usage of ldap/db2_ldap

Hello,

On 15.02.21 14:44, DEV wrote:
> Hi!
>
> First sorry that you received a confirmation email from our ticket system - a forwarding rule matched.
> I've now switched the domain to one that does not apply rules.
>
> If I want to try "uid_auth_db", do I just replace "auth_db"?
it has the same purpose to offer user authentication with password, but
it is not a drop-in replacement, it is completely different
implementation, with different database schema and features.
> At least "auth_check" is unknown, which I expect to be caused because it's not maintained (at least I understand that from your email).
>
> I know the tutorial you linked for me but my assumption was, that it was replaced by db2_ldap (because it already implements "auth_check" ready to use).
If you use ldap module to fetch the password, you have to use
pv_auth_check() from auth module. The auth_db can be used when threre is
a db api v1 connector (like db_mysql, ...).
>
> Just to recap: Your recommendation is sticking to the database driver (in my case mysql) and replace the database specific check by a manual ldap lookup?

That's a way to do it. Of course, you can also implement db api v1 for
ldap, or extend auth_db to use also db api v2. The versions of the api
are related to the origin, v1 is coming via openser/kamailio branch and
v2 was implemented by ser project during 2005-2008, incorporated in the
project with the merge in 2008.


> This way I seem to be able to avoid db2_ldap but get a similar result(?).
>
> I realy liked the idea of the db2_ldap and h350 modules.

I think h350 does not depend on any db api, is direct connection to ldap.

Cheers,
Daniel

>
> Thank you very much!
>
> Kind regards
> Kevin
>
> ________________________________________
> Von: Daniel-Constantin Mierla <miconda at gmail.com>
> Gesendet: Montag, 15. Februar 2021 10:51
> An: Kamailio (SER) - Users Mailing List; DEV
> Betreff: Re: [SR-Users] Usage of ldap/db2_ldap
>
> Hello,
>
> the db2_ldap implements SER-specific DB API which is not used by
> auth_db, but by uid_auth_db. However, that module was not maintained for
> long time, not sure if anyone used it during the past decade or so.
>
> Using ldap requires script operations to fetch the password, it cannot
> be used as a replacement for other db modules, see some guidlines at:
>
>   * https://www.kamailio.org/wiki/tutorials/mini-howto-admin/ldap-user-auth
>
> Cheers,
> Daniel
>
> On 14.02.21 03:02, DEV wrote:
>> I've also tried this:
>>
>> modparam("ldap", "config_file", "/etc/kamailio/my-ldap.cfg")
>> modparam("db2_ldap", "config", "/etc/kamailio/ldap.cfg")
>>
>> -> ERROR: <core> [db.c:204]: db_bind_mod(): Module db_ldap not found. Missing loadmodule?
>> -> ERROR: auth_db [auth_db_mod.c:175]: mod_init(): unable to bind to a database driver
>>
>> modparam("ldap", "config_file", "/etc/kamailio/my-ldap.cfg")
>> modparam("ldap", "config", "/etc/kamailio/ldap.cfg")
>>
>> -> ERROR: <core> [core/modparam.c:164]: set_mod_param_regex(): parameter <config> of type <1:string> not found in module <ldap>
>> -> CRITICAL: <core> [core/cfg.y:3591]: yyerror_at(): parse error in config file /etc/kamailio/kamailio.cfg, line 410, column 52: Can't set module parameter
>>
>> :-(
>>
>> Kind regards
>> Kevin
>>
>> ________________________________________
>> Von: sr-users <sr-users-bounces at lists.kamailio.org> im Auftrag von DEV <dev at dolphin-it.de>
>> Gesendet: Sonntag, 14. Februar 2021 01:51
>> An: sr-users at lists.kamailio.org
>> Betreff: [SR-Users] Usage of ldap/db2_ldap
>>
>> Hi!
>>
>> I'm trying to use the ldap / db2_ldap module in kamailio but I'm stuck because the docs seem to either be outdated or me being on the wrong track.
>>
>> From what I understand, I need a single ldap.conf but there are two example files with different syntax:
>> 1) https://github.com/kamailio/kamailio/blob/master/src/modules/db2_ldap/ldap.cfg
>> 2) https://github.com/kamailio/kamailio/blob/master/src/modules/ldap/etc/ldap.cfg
>>
>> I'm already using ldap realtime for asterisk and want to switch kamailio to use the same objects by using this schema:
>> https://github.com/kamailio/kamailio/blob/master/src/modules/db2_ldap/ser.schema
>>
>> When using syntax from (1) I receive this error:
>> ERROR: ldap [ldap_mod.c:198]: mod_init(): no section found in config_file [/etc/kamailio/ldap.cfg]
>>
>> I double-checked my conf and it matches (1).
>>
>> When using (2), I got an error, telling me I left some tables unconfigured (even when mixing both syntax).
>>
>> What is the correct syntax to use ldap as my auth module and replace mysql auth tables?
>>
>> Thank you.
>>
>> Kind regards
>> Kevin
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> --
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

More information about the sr-users mailing list