in the line
if (!pv_www_authenticate("$td", "$avp(password)", "0")) {

write avp(s:password) instead of avp(password)
not sure it will solve it though.. if it doesn't, maybe others can help you more on this.

Reda



On Fri, May 4, 2012 at 5:50 PM, Saul Waizer <saulwaizer@gmail.com> wrote:
Hello Reda,

Thank you for your feedback, after some further research and testing I got the LDAP search working, I am just having one issue with the password variable:

 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=755 a=28 n=pv_www_authenticate
 3(22487) ERROR: <core> [sr_module.c:1613]: Could not convert PV to str
 3(22487) ERROR: auth [auth_mod.c:569]: failed to get passwd value

My relevant configuration:

route[AUTH] {
#!ifdef WITH_AUTH
        if (is_method("REGISTER"))
        {
if(is_present_hf("Authorization"))
        {
 # ldap search
                    
           if (!ldap_search("ldap://demo/ou=demo,dc=mydomain,dc=com?uid,userPassword?"))

{
                switch ($retcode)
                {
                    case -1:
                       # no LDAP entry found
                       sl_send_reply("404", "User Not Found");
                       exit;
                    case -2:
                       # internal error
                       sl_send_reply("500", "Internal server error");
                       exit;
                    default:
                       exit;
                }
            }
ldap_result("uid/$avp(s:username)");
ldap_result("userPassword/$avp(s:password)");
            xlog("L_INFO", "ldap_search: found [$retcode] entries for (uid=$fU)");
           if (!pv_www_authenticate("$td", "$avp(password)", "0")) {
                 www_challenge("$td", "1");
                 exit;
            }
            sl_send_reply("200", "ok");
            exit;
        } else {
            www_challenge("$td", "1");
            exit;
        }
        } else {

And the error message:

 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=735 a=26 n=ldap_search
 3(22487) DEBUG: ldap [ldap_api_fn.c:273]: LDAP URL parsed into session_name [demo], base [ou=demo,dc=mydomain,dc=com], scope [0], filter []
 3(22487) DEBUG: ldap [ldap_api_fn.c:433]: [demo]: performing LDAP search: dn [ou=demo,dc=mydomain,dc=com], scope [0], filter [(null)], client_timeout [5000000] usecs
 3(22487) DEBUG: ldap [ldap_api_fn.c:240]: [demo]: [1] LDAP entries found
 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=752 a=26 n=ldap_result
 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=753 a=26 n=ldap_result
 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=754 a=27 n=xlog
 3(22487) INFO: <script>: ldap_search: found [-1] entries for (uid=mmiller) 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=759 a=17 n=if
 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=755 a=28 n=pv_www_authenticate
 3(22487) ERROR: <core> [sr_module.c:1613]: Could not convert PV to str
 3(22487) ERROR: auth [auth_mod.c:569]: failed to get passwd value
 3(22487) ERROR: *** cfgtrace: c=[/etc/kamailio/kamailio.cfg] l=756 a=27 n=www_challenge
 3(22487) DEBUG: auth [challenge.c:102]: build_challenge_hf: realm='ip.of.sip.server'
 3(22487) DEBUG: auth [challenge.c:113]: build_challenge_hf: qop='auth'
 3(22487) DEBUG: auth [challenge.c:244]: auth: 'WWW-Authenticate: Digest realm="ip.of.sip.server", nonce="T6P5yU+j+J23OE93mPaektZpJszGpt/l", qop="auth"

Any help is greatly appreciated!
Thanks



On Thu, May 3, 2012 at 4:22 PM, Reda Aouad <reda.aouad@gmail.com> wrote:
Hi Saul,

username_avp_spec was previously a AUTH module parameter to specify a variable that was passed to pv_www_authorize implicitly (the function doesn't take arguments). Now you should use the new pv_www_authenticate and pass to it explicitly the credentials as arguments.

So forget about username_avp_spec since it doesn't exist as module param anymore (this is why you are getting the error). Store the result of ldap_search in the avps as in the tutorial using ldap_result, and pass them to pv_www_authenticate as parameters. pv_www_authenticate takes the following arguments:
- realm: which you can get from "to domain" using $td
- password: $avp(s:password)
- flag: set it to 0 as a first test

example:
pv_www_authorize("$td", "$avp(s:password)", 0)

This function takes the username from the authentication header, so no need to pass it anymore as argument.

Reda



On Thu, May 3, 2012 at 8:47 PM, Saul Waizer <saulwaizer@gmail.com> wrote:
Hello List,

I am trying to incorporate an existing LDAP directory with our Kamailio installation for SIP authentication. A good friend suggested to checkout this tutorial and adapt it to fit my needs (and current version)


It seems like the AUTH module does not contain the function username_spec (which I believe is not used anymore) but the username_avp_spec which is not part of the AUTH module but the H350 module http://kamailio.org/docs/modules/3.2.x/modules_k/h350.html

I enabled the h350 module and tried setting the params as described in the documentation:

modparam("auth", "username_spec", "$avp(s:username)")
modparam("auth", "password_spec", "$avp(s:password)")
modparam("auth", "calculate_ha1", 1)

I got the following error after checking the configuration:

ERROR: <core> [modparam.c:151]: set_mod_param_regex: parameter <username_spec> not found in module <auth>

I am running kamailio 3.2.3 (i386/linux) Ubuntu

Thank you in advance!


 



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users