====== LDAP Authentication for OpenSER 1.3.x ======
work in progress
===== Prerequisites =====
* install OpenLDAP library (libldap) v2.1 or greater, libldap header files (libldap-dev) are needed for compilation
* read the documentation of **auth** module: http://www.kamailio.org/docs/modules/1.3.x/auth.html
* read the documentation of **ldap** module: http://www.kamailio.org/docs/modules/1.3.x/ldap.html
===== Sample LDAP Tree =====
- dc=example,dc=com
|
+- ou=users
| |
| +- cn=sip_proxy -- sn: sip_proxy
| -- userPassword: proxypwd
|
+- ou=sip
|
+- cn=user1 -- SIPUserName: user1
| -- SIPPassword: pwd1
|
+- cn=user2 -- SIPUserName: user2
-- SIPPassword: pwd2
===== LDAP Module Configuration File =====
/usr/local/etc/openser/ldap.cfg:
[sipaccounts]
ldap_server_url = "ldap://ldap.example.com"
ldap_bind_dn = "cn=sip_proxy,ou=users,dc=example,dc=com"
ldap_bind_password = "proxypwd"
===== OpenSER Configuration File =====
...
modparam("ldap", "config_file", "/usr/local/etc/openser/ldap.cfg")
modparam("auth", "username_spec", "$avp(s:username)")
modparam("auth", "password_spec", "$avp(s:password)")
modparam("auth", "calculate_ha1", 1)
...
route[11] {
if(is_method("REGISTER"))
{
if(is_present_hf("Authorization"))
{
# ldap search
if (!ldap_search("ldap://sipaccounts/ou=sip,dc=example,dc=com?SIPUserName,SIPPassword?one?(cn=$fU)"))
{
switch ($retcode)
{
case -1:
# no LDAP entry found
sl_send_reply("404", "User Not Found");
exit;
case -2:
# internal error
sl_send_reply("500", "Internal server error");
exit;
default:
exit;
}
}
ldap_result("SIPUserName/$avp(s:username)");
ldap_result("SIPPassword/$avp(s:password)");
if(!pv_www_authorize(""))
{
www_challenge(""/*realm*/,"0"/*qop*/);
exit;
}
sl_send_reply("200", "ok");
exit;
} else {
www_challenge("","0");
exit;
}
}
}
...