====== LDAP Authentication for Kamailio 3.1.x ======
work in progress
===== Prerequisites =====
* install OpenLDAP library (libldap) v2.1 or greater, libldap header files (libldap-dev) are needed for compilation
* read the documentation of **auth** module: http://kamailio.org/docs/modules/stable/modules/auth.html
* read the documentation of **ldap** module: http://kamailio.org/docs/modules/stable/modules_k/ldap.html
===== Sample LDAP Tree =====
- dc=example,dc=com
|
+- ou=users
| |
| +- cn=sip_proxy -- sn: sip_proxy
| -- userPassword: proxypwd
|
+- ou=sip
|
+- cn=user1 -- SIPUserName: user1
| -- SIPPassword: pwd1
|
+- cn=user2 -- SIPUserName: user2
-- SIPPassword: pwd2
===== LDAP Module Configuration File =====
/usr/local/etc/kamailio/ldap.cfg:
[sipaccounts]
ldap_server_url = "ldap://ldap.example.com"
ldap_bind_dn = "cn=sip_proxy,ou=users,dc=example,dc=com"
ldap_bind_password = "proxypwd"
===== OpenSER Configuration File =====
...
loadmodule "ldap.so"
...
modparam("ldap", "config_file", "/usr/local/etc/kamailio/ldap.cfg")
...
route[LDAPAUTH] {
if(is_method("REGISTER"))
{
if(is_present_hf("Authorization"))
{
# ldap search
if (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,SIPPassword?one?(cn=$fU)"))
{
switch ($retcode)
{
case -1:
# no LDAP entry found
sl_send_reply("404", "User Not Found");
exit;
case -2:
# internal error
sl_send_reply("500", "Internal server error");
exit;
default:
exit;
}
}
ldap_result("SIPUserName/$avp(username)");
ldap_result("SIPPassword/$avp(password)");
if (!pv_www_authenticate("$td", "$avp(password)", "0")) {
www_challenge("$td", "1");
exit;
}
sl_send_reply("200", "ok");\a
exit;
} else {
www_challenge("$td", "1");
exit;
}
} else {
# handle proxy-authentication (e.g., for INVITE)
...
}
}
...