Table of Contents
LDAP Authentication for OpenSER 1.3.x
work in progress
Prerequisites
* install OpenLDAP library (libldap) v2.1 or greater, libldap header files (libldap-dev) are needed for compilation * read the documentation of auth module: http://www.kamailio.org/docs/modules/1.3.x/auth.html * read the documentation of ldap module: http://www.kamailio.org/docs/modules/1.3.x/ldap.html
Sample LDAP Tree
- dc=example,dc=com | +- ou=users | | | +- cn=sip_proxy -- sn: sip_proxy | -- userPassword: proxypwd | +- ou=sip | +- cn=user1 -- SIPUserName: user1 | -- SIPPassword: pwd1 | +- cn=user2 -- SIPUserName: user2 -- SIPPassword: pwd2
LDAP Module Configuration File
/usr/local/etc/openser/ldap.cfg:
[sipaccounts] ldap_server_url = "ldap://ldap.example.com" ldap_bind_dn = "cn=sip_proxy,ou=users,dc=example,dc=com" ldap_bind_password = "proxypwd"
OpenSER Configuration File
... modparam("ldap", "config_file", "/usr/local/etc/openser/ldap.cfg") modparam("auth", "username_spec", "$avp(s:username)") modparam("auth", "password_spec", "$avp(s:password)") modparam("auth", "calculate_ha1", 1) ... route[11] { if(is_method("REGISTER")) { if(is_present_hf("Authorization")) { # ldap search if (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,SIPPassword?one?(cn=$fU)")) { switch ($retcode) { case -1: # no LDAP entry found sl_send_reply("404", "User Not Found"); exit; case -2: # internal error sl_send_reply("500", "Internal server error"); exit; default: exit; } } ldap_result("SIPUserName/$avp(s:username)"); ldap_result("SIPPassword/$avp(s:password)"); if(!pv_www_authorize("")) { www_challenge(""/*realm*/,"0"/*qop*/); exit; } sl_send_reply("200", "ok"); exit; } else { www_challenge("","0"); exit; } } } ...