[OpenSIPS-Users] LDAP authentication issue
Gavin Henry
gavin.henry at gmail.com
Wed Jun 3 12:34:09 CEST 2009
Yes, I see that. That's just for the initial search and is how
pam_ldap can work too. It is so you can use a user (not the rootdn of
course) that has perms to perform these searches.
On 03/06/2009, Gavin Henry <gavin.henry at gmail.com> wrote:
> Correct, if you are allowed to get it. Then you have to create your
> own sha hash with the correct salt to compare it. I submitted a
> feature request to add ldap_sasl_bind to the LDAP module so you can:
>
> 1. Search for an entry as normal (already possible)
> 2. Retrieve the user dn of that entry (already possible)
> 3. Use the new bind function to bind with the user DN from 2. And the
> password from the registration. If you get a successful bind, you're
> done.
>
> This is much better and how things like pam_ldap can work.
>
> On 03/06/2009, Leon Li <Leon.Li at aarnet.edu.au> wrote:
>> Hi Henry,
>>
>> Correct me if I understand is wrong. As in LDAP module, ldap_search will
>> search the given LDAP URL and store results. Then
>> ldap_result("ldap_attr/avp_spec") will write LDAP values into AVPs and
>> compare with the one send by SIP request. So I think at least
>> ldap_result should return a hashed password?
>>
>> Thanks
>> Leon
>>
>> -----Original Message-----
>> From: users-bounces at lists.opensips.org
>> [mailto:users-bounces at lists.opensips.org] On Behalf Of Gavin Henry
>> Sent: Wednesday, 3 June 2009 1:07 AM
>> To: users at lists.opensips.org
>> Subject: Re: [OpenSIPS-Users] LDAP authentication issue
>>
>> Why do you need to get the password? How does the LDAP module do it's
>> authentication checks?
>>
>> Usually an LDAP client will just bind with the username and password
>> supplied by client and if successful you've passed the test. There are
>> other ways, but I need to check what the LDAP module docs.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> --
> Sent from my mobile device
>
> http://www.suretecsystems.com/services/openldap/
> http://www.suretectelecom.com
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
http://www.suretectelecom.com
More information about the Users
mailing list