Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I set the ldap configuration file without ldap_bind_dn, ldap_bind_password attributes. This step works fine. Unfortunately, I can't figure out how to set the openser.cfg file. I need to pass the bind DN and the user password to the ldap_search function ; that's ok for the bind DN but I don't know how to procede for the password. Can someone post an example please ?
Regards,
antalsia@free.fr wrote:
Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I set the ldap configuration file without ldap_bind_dn, ldap_bind_password attributes. This step works fine. Unfortunately, I can't figure out how to set the openser.cfg file. I need to pass the bind DN and the user password to the ldap_search function ; that's ok for the bind DN but I don't know how to procede for the password. Can someone post an example please ?
Why do you need to pass the bind DN and password to ldap_search? An LDAP search operation doesn't include authentication, this is what the bind operation is good for. Once an LDAP client authenticates itself through the bind operation, it can issue a search operation.
/Christian
Regards,
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
Hi,
What I'd like to do is to authenticate SIP users the same way ldap users are with the following command: ldapsearch -x -b [...] -D uid=user1,ou=xxxxx,dc=yyyy -W. Is it possible with openser 1.3 ?
Quoting Christian Schlatter cs@unc.edu:
antalsia@free.fr wrote:
Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I set
the
ldap configuration file without ldap_bind_dn, ldap_bind_password
attributes.
This step works fine. Unfortunately, I can't figure out how to set the openser.cfg file. I need to pass the bind DN and the user password to the ldap_search function ; that's ok for the bind DN but I don't know how to
procede
for the password. Can someone post an example please ?
Why do you need to pass the bind DN and password to ldap_search? An LDAP search operation doesn't include authentication, this is what the bind operation is good for. Once an LDAP client authenticates itself through the bind operation, it can issue a search operation.
/Christian
Regards,
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
antalsia@free.fr wrote:
Hi,
What I'd like to do is to authenticate SIP users the same way ldap users are with the following command: ldapsearch -x -b [...] -D uid=user1,ou=xxxxx,dc=yyyy -W. Is it possible with openser 1.3 ?
For performance reasons, the openser ldap module executes bind operations only once per ldap connection setup. This happens when openser starts and in case an ldap server has terminated an ldap connection and the ldap module has to re-connect. The ldap module therefor does not support ldap bind operations triggered by openser's message routing script, as e.g. by SIP authentication requests. An ldap bind operation takes a considerable amount of time which adds to the overal SIP session setup delay.
If the ldap user passwords are stored in cleartext (often they are md5 hashed), you could setup an ldap super user which has access to all user passwords. This ldap super user account could then be used by openser to read the password for a specific user DN, and use that password for SIP authentication.
Something like
ldapsearch -x -b ou=xxx,dc=yyy -W -D uid=superuser,ou=xxx,dc=yyy (uid=user1) userPassword
/Christian
Quoting Christian Schlatter cs@unc.edu:
antalsia@free.fr wrote:
Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I set
the
ldap configuration file without ldap_bind_dn, ldap_bind_password
attributes.
This step works fine. Unfortunately, I can't figure out how to set the openser.cfg file. I need to pass the bind DN and the user password to the ldap_search function ; that's ok for the bind DN but I don't know how to
procede
for the password. Can someone post an example please ?
Why do you need to pass the bind DN and password to ldap_search? An LDAP search operation doesn't include authentication, this is what the bind operation is good for. Once an LDAP client authenticates itself through the bind operation, it can issue a search operation.
/Christian
Regards,
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
It's now clear. I'll change my LDAP authentication method.
Thanks again.
Selon Christian Schlatter cs@unc.edu:
antalsia@free.fr wrote:
Hi,
What I'd like to do is to authenticate SIP users the same way ldap users
are
with the following command: ldapsearch -x -b [...] -D
uid=user1,ou=xxxxx,dc=yyyy
-W. Is it possible with openser 1.3 ?
For performance reasons, the openser ldap module executes bind operations only once per ldap connection setup. This happens when openser starts and in case an ldap server has terminated an ldap connection and the ldap module has to re-connect. The ldap module therefor does not support ldap bind operations triggered by openser's message routing script, as e.g. by SIP authentication requests. An ldap bind operation takes a considerable amount of time which adds to the overal SIP session setup delay.
If the ldap user passwords are stored in cleartext (often they are md5 hashed), you could setup an ldap super user which has access to all user passwords. This ldap super user account could then be used by openser to read the password for a specific user DN, and use that password for SIP authentication.
Something like
ldapsearch -x -b ou=xxx,dc=yyy -W -D uid=superuser,ou=xxx,dc=yyy (uid=user1) userPassword
/Christian
Quoting Christian Schlatter cs@unc.edu:
antalsia@free.fr wrote:
Hi,
I'm trying to implement LDAP authentication with anonymous LDAP bind. I
set
the
ldap configuration file without ldap_bind_dn, ldap_bind_password
attributes.
This step works fine. Unfortunately, I can't figure out how to set the openser.cfg file. I need to pass the bind DN and the user password to the ldap_search function ; that's ok for the bind DN but I don't know how to
procede
for the password. Can someone post an example please ?
Why do you need to pass the bind DN and password to ldap_search? An LDAP search operation doesn't include authentication, this is what the bind operation is good for. Once an LDAP client authenticates itself through the bind operation, it can issue a search operation.
/Christian
Regards,
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
-
antalsia@free.fr -
Christian Schlatter