<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Ok, done:
      <a class="moz-txt-link-freetext" href="https://jira.freeswitch.org/browse/FS-6506">https://jira.freeswitch.org/browse/FS-6506</a><br>
      <br>
      Also, added comment to the WiKi until this is fixed:<br>
      <a class="moz-txt-link-freetext" href="https://wiki.freeswitch.org/wiki/XML_User_Directory_Guide#Groups">https://wiki.freeswitch.org/wiki/XML_User_Directory_Guide#Groups</a><br>
      <br>
      On 14-05-06 12:32 PM, Steven Ayre wrote:<br>
    </div>
    <blockquote
cite="mid:CAFiqYukb0CjRY7MsqMkuF9LEQiBhGF2us6H6k7bkNw7rUXd16w@mail.gmail.com"
      type="cite">
      <div dir="ltr">I'd go with a Jira. Either it's an oversight, or
        there's a reason for it that can be tracked in Jira and then the
        wiki updated referencing the ticket.</div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">
          On 5 May 2014 21:38, Victor Chukalovskiy <span dir="ltr">&lt;<a
              moz-do-not-send="true"
              href="mailto:victor.chukalovskiy@gmail.com"
              target="_blank">victor.chukalovskiy@gmail.com</a>&gt;</span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <div>Alright, thank you! Domains ACL works BUT requires
                "users" to be in "groups". If "users" are directly in
                the "domain" section, ACL remains empty.<br>
                <br>
                This is contradictory to the WiKi saying that: "Using
                groups is optional -- you can put your users straight
                into the domain section if you desire". Should I file
                Jira or should I edit WiKi instead? :)<br>
                <br>
                With regards to directory, I intend to keep it
                minimalistic:<br>
                <br>
                &lt;user id="foo" cidr="<a moz-do-not-send="true"
                  href="http://1.2.3.4/32" target="_blank">1.2.3.4/32</a>"&gt;<br>
                &nbsp; &lt;variables&gt;<br>
                &nbsp; &nbsp; &lt;variable name="accountcode"
                value="customer_1"/&gt;<br>
                &nbsp; &lt;/variables&gt;<br>
                &lt;/user&gt;<br>
                <br>
                Will someone from a different CIDR be able to place
                calls as user "foo" bypassing any authentication? Note
                that I don't set any password in params.<br>
                If so, how to secure this on the SIP profile level and
                keep user entries as concise as possible?<br>
                <br>
                Thanks again!<span class="HOEnZb"><font color="#888888"><br>
                    -Victor</font></span>
                <div>
                  <div class="h5"><br>
                    <br>
                    On 14-05-05 12:24 PM, Steven Ayre wrote:<br>
                  </div>
                </div>
              </div>
              <div>
                <div class="h5">
                  <blockquote type="cite">
                    <div dir="ltr">You need this:
                      <div>&nbsp; &nbsp; &lt;param name="apply-inbound-acl"
                        value="domains"/&gt;<br>
                      </div>
                      <div><br>
                      </div>
                    </div>
                    <div class="gmail_extra"><br>
                      <br>
                      <div class="gmail_quote">On 5 May 2014 17:13,
                        Victor Chukalovskiy <span dir="ltr">&lt;<a
                            moz-do-not-send="true"
                            href="mailto:victor.chukalovskiy@gmail.com"
                            target="_blank">victor.chukalovskiy@gmail.com</a>&gt;</span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0
                          0 0 .8ex;border-left:1px #ccc
                          solid;padding-left:1ex">Hello,<br>
                          <br>
                          Coming from wholesale background, my FS's run
                          without any registrations.<br>
                          So far everything was ACL-based using
                          "apply-inbound-acl" and I did not<br>
                          use any directory entries.<br>
                          <br>
                          The only problem with this is that once I have
                          all IPs together in one<br>
                          big ALC, I can't identify which customer the
                          call came from. E.g. need<br>
                          to set my_channel_variable=customer1 if a call
                          came from particular IPs<br>
                          and my_channel_variable=customer2 if a call
                          came from other IPs.<br>
                          <br>
                          So I'm trying to move ACL logic into directory
                          by means of defining a<br>
                          user with cidr attribute. So far, no matter
                          what I do FS challenges<br>
                          INVITE with "407" even-though the INVITE comes
                          from the IP that is<br>
                          included in CIDR attribute for a user. I
                          suppose for whatever reason<br>
                          switch does not match INVITEs against CIDR's
                          in the directory. Please<br>
                          help me with that. WiKi is written from a
                          somewhat different logic /<br>
                          perspective, so it's hard to apply.<br>
                          <br>
                          My SIP profile is:<br>
                          <br>
                          &lt;profile name="test"&gt;<br>
                          &nbsp; &nbsp;&lt;gateways&gt;<br>
                          &nbsp; &nbsp;&lt;/gateways&gt;<br>
                          &nbsp; &nbsp;&lt;domains&gt;<br>
                          &nbsp; &nbsp;&lt;/domains&gt;<br>
                          &nbsp; &nbsp;&lt;settings&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="parse-invite-tel-params"
                          value="true"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="user-agent-string"
                          value="test"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="debug" value="0"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="sip-trace"
                          value="no"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="log-auth-failures"
                          value="true"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="rfc2833-pt"
                          value="101"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="sip-port"
                          value="5060"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="dialplan"
                          value="XML"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="context"
                          value="test"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="country"
                          value="e164"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="dtmf-duration"
                          value="2000"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="inbound-codec-prefs"
                          value="$${default_codec_prefs}"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="outbound-codec-prefs"
                          value="$${default_codec_prefs}"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="caller-id-type"
                          value="none"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="rtp-timer-name"
                          value="soft"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="rtp-ip"
                          value="192.168.1.2"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="sip-ip"
                          value="192.168.1.2"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="manage-presence"
                          value="false"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="manage-shared-appearance"
                          value="false"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param
                          name="inbound-codec-negotiation"
                          value="greedy"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="disable-transcoding"
                          value="true"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="manual-redirect"
                          value="false"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="disable-transfer"
                          value="true"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="disable-register"
                          value="false"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="auth-calls"
                          value="true"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="rtp-timeout-sec"
                          value="300"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="rtp-hold-timeout-sec"
                          value="1800"/&gt;<br>
                          &nbsp; &nbsp; &nbsp;&lt;param name="pass-callee-id"
                          value="false"/&gt;<br>
                          &nbsp; &nbsp;&lt;/settings&gt;<br>
                          &lt;/profile&gt;<br>
                          <br>
                          <br>
                          Thanks!<br>
                          -Victor<br>
                          <br>
                          <br>
                          <br>
                          <br>
_________________________________________________________________________<br>
                          Professional FreeSWITCH Consulting Services:<br>
                          <a moz-do-not-send="true"
                            href="mailto:consulting@freeswitch.org"
                            target="_blank">consulting@freeswitch.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://www.freeswitchsolutions.com"
                            target="_blank">http://www.freeswitchsolutions.com</a><br>
                          <br>
                          FreeSWITCH-powered IP PBX: The CudaTel
                          Communication Server<br>
                          <a moz-do-not-send="true"
                            href="http://www.cudatel.com"
                            target="_blank">http://www.cudatel.com</a><br>
                          <br>
                          Official FreeSWITCH Sites<br>
                          <a moz-do-not-send="true"
                            href="http://www.freeswitch.org"
                            target="_blank">http://www.freeswitch.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://wiki.freeswitch.org"
                            target="_blank">http://wiki.freeswitch.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://www.cluecon.com"
                            target="_blank">http://www.cluecon.com</a><br>
                          <br>
                          FreeSWITCH-users mailing list<br>
                          <a moz-do-not-send="true"
                            href="mailto:FreeSWITCH-users@lists.freeswitch.org"
                            target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
                          <a moz-do-not-send="true"
                            href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
                            target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
                          UNSUBSCRIBE:<a moz-do-not-send="true"
                            href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
                            target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
                          <a moz-do-not-send="true"
                            href="http://www.freeswitch.org"
                            target="_blank">http://www.freeswitch.org</a><br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a moz-do-not-send="true" href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a>

Official FreeSWITCH Sites
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
<a moz-do-not-send="true" href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a>
<a moz-do-not-send="true" href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a>

FreeSWITCH-users mailing list
<a moz-do-not-send="true" href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a>
<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a moz-do-not-send="true" href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a>
</pre>
                  </blockquote>
                  <br>
                </div>
              </div>
            </div>
            <br>
_________________________________________________________________________<br>
            Professional FreeSWITCH Consulting Services:<br>
            <a moz-do-not-send="true"
              href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
            <a moz-do-not-send="true"
              href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
            <br>
            FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
            <a moz-do-not-send="true" href="http://www.cudatel.com"
              target="_blank">http://www.cudatel.com</a><br>
            <br>
            Official FreeSWITCH Sites<br>
            <a moz-do-not-send="true" href="http://www.freeswitch.org"
              target="_blank">http://www.freeswitch.org</a><br>
            <a moz-do-not-send="true" href="http://wiki.freeswitch.org"
              target="_blank">http://wiki.freeswitch.org</a><br>
            <a moz-do-not-send="true" href="http://www.cluecon.com"
              target="_blank">http://www.cluecon.com</a><br>
            <br>
            FreeSWITCH-users mailing list<br>
            <a moz-do-not-send="true"
              href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
            <a moz-do-not-send="true"
              href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users"
              target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
            UNSUBSCRIBE:<a moz-do-not-send="true"
              href="http://lists.freeswitch.org/mailman/options/freeswitch-users"
              target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
            <a moz-do-not-send="true" href="http://www.freeswitch.org"
              target="_blank">http://www.freeswitch.org</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>

FreeSWITCH-powered IP PBX: The CudaTel Communication Server
<a class="moz-txt-link-freetext" href="http://www.cudatel.com">http://www.cudatel.com</a>

Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>

FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>