1 Feb
2008
1 Feb
'08
11:53 p.m.
Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I set the
ldap configuration file without ldap_bind_dn, ldap_bind_password attributes.
This step works fine. Unfortunately, I can't figure out how to set the
openser.cfg file. I need to pass the bind DN and the user password to the
ldap_search function ; that's ok for the bind DN but I don't know how to procede
for the password. Can someone post an example please ?
Regards,
2 Feb
2 Feb
12:20 a.m.
antalsia(a)free.fr wrote:
Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I set the
ldap configuration file without ldap_bind_dn, ldap_bind_password attributes.
This step works fine. Unfortunately, I can't figure out how to set the
openser.cfg file. I need to pass the bind DN and the user password to the
ldap_search function ; that's ok for the bind DN but I don't know how to procede
for the password. Can someone post an example please ?
Why do you need to pass the bind DN and password to ldap_search? An LDAP
search operation doesn't include authentication, this is what the bind
operation is good for. Once an LDAP client authenticates itself through
the bind operation, it can issue a search operation.
/Christian
Regards,
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
7:50 p.m.
Hi,
What I'd like to do is to authenticate SIP users the same way ldap users are
with the following command: ldapsearch -x -b [...] -D uid=user1,ou=xxxxx,dc=yyyy
-W. Is it possible with openser 1.3 ?
Quoting Christian Schlatter <cs(a)unc.edu>du>:
antalsia(a)free.fr wrote:
Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I set
the
ldap configuration file without ldap_bind_dn,
ldap_bind_password
attributes.
This step works fine. Unfortunately, I can't
figure out how to set the
openser.cfg file. I need to pass the bind DN and the user password to the
ldap_search function ; that's ok for the bind DN but I don't know how to
procede
for the password. Can someone post an example
please ?
Why do you need to pass the bind DN and password to ldap_search? An LDAP
search operation doesn't include authentication, this is what the bind
operation is good for. Once an LDAP client authenticates itself through
the bind operation, it can issue a search operation.
/Christian
Regards,
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
11:47 p.m.
antalsia(a)free.fr wrote:
Hi,
What I'd like to do is to authenticate SIP users the same way ldap users are
with the following command: ldapsearch -x -b [...] -D uid=user1,ou=xxxxx,dc=yyyy
-W. Is it possible with openser 1.3 ?
For performance reasons, the openser ldap module executes bind
operations only once per ldap connection setup. This happens when
openser starts and in case an ldap server has terminated an ldap
connection and the ldap module has to re-connect. The ldap module
therefor does not support ldap bind operations triggered by openser's
message routing script, as e.g. by SIP authentication requests. An ldap
bind operation takes a considerable amount of time which adds to the
overal SIP session setup delay.
If the ldap user passwords are stored in cleartext (often they are md5
hashed), you could setup an ldap super user which has access to all user
passwords. This ldap super user account could then be used by openser to
read the password for a specific user DN, and use that password for SIP
authentication.
Something like
ldapsearch -x -b ou=xxx,dc=yyy -W -D uid=superuser,ou=xxx,dc=yyy
(uid=user1) userPassword
/Christian
Quoting Christian Schlatter <cs(a)unc.edu>du>:
antalsia(a)free.fr wrote:
Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I set
the
ldap configuration file without ldap_bind_dn,
ldap_bind_password
attributes.
This step works fine. Unfortunately, I can't
figure out how to set the
openser.cfg file. I need to pass the bind DN and the user password to the
ldap_search function ; that's ok for the bind DN but I don't know how to
procede
for the password. Can someone post an example
please ?
Why do you need to pass the bind DN and password to ldap_search? An LDAP
search operation doesn't include authentication, this is what the bind
operation is good for. Once an LDAP client authenticates itself through
the bind operation, it can issue a search operation.
/Christian
Regards,
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
4 Feb
4 Feb
10:58 a.m.
It's now clear. I'll change my LDAP authentication method.
Thanks again.
Selon Christian Schlatter <cs(a)unc.edu>du>:
antalsia(a)free.fr wrote:
Hi,
What I'd like to do is to authenticate SIP users the same way ldap users
are
with the following command: ldapsearch -x -b
[...] -D
uid=user1,ou=xxxxx,dc=yyyy
-W. Is it possible with openser 1.3 ?
For performance reasons, the openser ldap module executes bind
operations only once per ldap connection setup. This happens when
openser starts and in case an ldap server has terminated an ldap
connection and the ldap module has to re-connect. The ldap module
therefor does not support ldap bind operations triggered by openser's
message routing script, as e.g. by SIP authentication requests. An ldap
bind operation takes a considerable amount of time which adds to the
overal SIP session setup delay.
If the ldap user passwords are stored in cleartext (often they are md5
hashed), you could setup an ldap super user which has access to all user
passwords. This ldap super user account could then be used by openser to
read the password for a specific user DN, and use that password for SIP
authentication.
Something like
ldapsearch -x -b ou=xxx,dc=yyy -W -D uid=superuser,ou=xxx,dc=yyy
(uid=user1) userPassword
/Christian
Quoting Christian Schlatter <cs(a)unc.edu>du>:
> antalsia(a)free.fr wrote:
>> Hi,
>>
>> I'm trying to implement LDAP authentication with anonymous LDAP bind. I
set
the
ldap configuration file without ldap_bind_dn,
ldap_bind_password
attributes.
This step works fine. Unfortunately, I can't
figure out how to set the
openser.cfg file. I need to pass the bind DN and the user password to the
ldap_search function ; that's ok for the bind DN but I don't know how to
procede
for the password. Can someone post an example
please ?
Why do you need to pass the bind DN and password to ldap_search? An LDAP
search operation doesn't include authentication, this is what the bind
operation is good for. Once an LDAP client authenticates itself through
the bind operation, it can issue a search operation.
/Christian
Regards,
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
6143
days inactive
6146
days old
4 comments
2 participants
participants (2)
-
antalsia@free.fr -
Christian Schlatter