– Kamailio SIP Server –

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tutorials:kamailio31-auth-ldap [2011/02/17 22:22] – created 85.178.90.104tutorials:kamailio31-auth-ldap [2011/02/17 23:19] (current) 85.178.90.104
Line 1: Line 1:
 +====== LDAP Authentication for Kamailio 3.1.x ======
  
 +<hi #98fb98>work in progress</hi>
 +
 +
 +
 +===== Prerequisites =====
 +
 +* install OpenLDAP library (libldap) v2.1 or greater, libldap header files (libldap-dev) are needed for compilation
 +* read the documentation of **auth** module: http://kamailio.org/docs/modules/stable/modules/auth.html
 +* read the documentation of **ldap** module: http://kamailio.org/docs/modules/stable/modules_k/ldap.html
 +
 +
 +
 +===== Sample LDAP Tree =====
 +
 +<code>
 +- dc=example,dc=com
 +  |
 +  +- ou=users
 +  |  |
 +  |  +- cn=sip_proxy -- sn: sip_proxy
 +  |                  -- userPassword: proxypwd
 +  |
 +  +- ou=sip
 +     |
 +     +- cn=user1 -- SIPUserName: user1
 +               -- SIPPassword: pwd1
 +     |
 +     +- cn=user2 -- SIPUserName: user2
 +                 -- SIPPassword: pwd2
 +</code>
 +
 +
 +
 +
 +===== LDAP Module Configuration File =====
 +
 +/usr/local/etc/kamailio/ldap.cfg:
 +
 +<code>
 +[sipaccounts]
 +ldap_server_url = "ldap://ldap.example.com"
 +ldap_bind_dn = "cn=sip_proxy,ou=users,dc=example,dc=com"
 +ldap_bind_password = "proxypwd"
 +</code>
 +
 +
 +
 +
 +
 +===== OpenSER Configuration File =====
 +
 +<code c>
 +...
 +loadmodule "ldap.so"
 +...
 +modparam("ldap", "config_file", "/usr/local/etc/kamailio/ldap.cfg")
 +...
 +
 +route[LDAPAUTH] {
 +    if(is_method("REGISTER"))
 +    {
 +        if(is_present_hf("Authorization"))
 +        {
 +            # ldap search
 +            if (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,SIPPassword?one?(cn=$fU)"))
 +            {
 +                switch ($retcode)
 +                {
 +                    case -1:
 +                       # no LDAP entry found
 +                       sl_send_reply("404", "User Not Found");
 +                       exit;
 +                    case -2:
 +                       # internal error
 +                       sl_send_reply("500", "Internal server error");
 +                       exit;
 +                    default:
 +                       exit;
 +                }
 +            }
 +            ldap_result("SIPUserName/$avp(username)");
 +            ldap_result("SIPPassword/$avp(password)");
 +            if (!pv_www_authenticate("$td", "$avp(password)", "0")) {
 +                 www_challenge("$td", "1");
 +                 exit;
 +            }
 +            sl_send_reply("200", "ok");\a
 +            exit;
 +        } else {
 +            www_challenge("$td", "1");
 +            exit;
 +        }
 +    } else {
 +        # handle proxy-authentication (e.g., for INVITE)
 +        ...
 +    }
 +}
 +...
 +</code>

Trace: