[OpenSER-Users] Call setup authentication through openLDAP

Ahmed Huraimel huraimel at gmail.com
Tue Apr 22 15:57:33 CEST 2008


Dear all,


 I wounder if anyone successfully uses openSER 1.3.x with LDAP server
(openLDAP). For me I work fine with Authenticating the uses while REGISTER
request. However, I could not configure it to Authenticate call setup. in
other words, an non register user can make a call setup. what comes to my
mind is to use the same idea of authentication when RIGISTER request was
issues with some modefications but when SIP proxy server send "407 Proxy
Authentication Required" the client send ACK and stop.

=================================================

# account only INVITEs

if (is_method("INVITE")) {

xlog("L_NOTICE","Processing by INVITE handler ...\n");

route(4);

exit;

#setflag(1); # do accouting

}

.....

route[1] {

if (!t_relay()) {

sl_reply_error();

};

exit;

}

..........

rout[4]

{

if(is_present_hf("Authorization"))

{

# ldap search

if
(!ldap_search("ldap://sipaccounts/ou=sip,dc=mysip,dc=com?sn,userPassword?one?(cn=$fU)"))


{

switch ($retcode)

{

case -1:

# no LDAP entry found

sl_send_reply("404", "User Not Found");

exit;

case -2:

# internal error

sl_send_reply("500", "Internal server error");

exit;

default:

exit;

}

}

ldap_result("sn/$avp(s:username)");

ldap_result("userPassword/$avp(s:password)");

if(!pv_proxy_authorize(""))

{

proxy_challenge(""/*realm*/,"0"/*qop*/);

exit;

}

route(1);

} else {

proxy_challenge("","1");

exit;

}


 =================================================

 do any one know how to authenticate call setup? do you think using RADIUS
is better for authentication instead of LDAP authentication?


 regards,

Ahmed ALALI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20080422/aaab620a/attachment.htm 


More information about the Users mailing list