Table of Contents
LDAP Authentication for Kamailio 3.1.x
work in progress
Prerequisites
* install OpenLDAP library (libldap) v2.1 or greater, libldap header files (libldap-dev) are needed for compilation * read the documentation of auth module: http://kamailio.org/docs/modules/stable/modules/auth.html * read the documentation of ldap module: http://kamailio.org/docs/modules/stable/modules_k/ldap.html
Sample LDAP Tree
- dc=example,dc=com | +- ou=users | | | +- cn=sip_proxy -- sn: sip_proxy | -- userPassword: proxypwd | +- ou=sip | +- cn=user1 -- SIPUserName: user1 | -- SIPPassword: pwd1 | +- cn=user2 -- SIPUserName: user2 -- SIPPassword: pwd2
LDAP Module Configuration File
/usr/local/etc/kamailio/ldap.cfg:
[sipaccounts] ldap_server_url = "ldap://ldap.example.com" ldap_bind_dn = "cn=sip_proxy,ou=users,dc=example,dc=com" ldap_bind_password = "proxypwd"
OpenSER Configuration File
... loadmodule "ldap.so" ... modparam("ldap", "config_file", "/usr/local/etc/kamailio/ldap.cfg") ... route[LDAPAUTH] { if(is_method("REGISTER")) { if(is_present_hf("Authorization")) { # ldap search if (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,SIPPassword?one?(cn=$fU)")) { switch ($retcode) { case -1: # no LDAP entry found sl_send_reply("404", "User Not Found"); exit; case -2: # internal error sl_send_reply("500", "Internal server error"); exit; default: exit; } } ldap_result("SIPUserName/$avp(username)"); ldap_result("SIPPassword/$avp(password)"); if (!pv_www_authenticate("$td", "$avp(password)", "0")) { www_challenge("$td", "1"); exit; } sl_send_reply("200", "ok");\a exit; } else { www_challenge("$td", "1"); exit; } } else { # handle proxy-authentication (e.g., for INVITE) ... } } ...