[Freeswitch-users] LDAP

Keith Laaks keith at laaks.com
Tue Sep 30 15:23:25 MSD 2014


Hi Nick,

FS may be able to talk directly to LDAP for what you want to do.

There is a ³mod_xml_ldap
<https://wiki.freeswitch.org/index.php?title=Mod_xml_ldap&action=edit&redlin
k=1> ² although I have not been able to find much documentation for it.

I see in ³src/mod/xml_int/mod_xml_ldap² there is an example LDAP schema
"fsv2.schema² and the aptly named ³reallyconfusingslapcat².
>From these examples, it looks like the approach was to mirror the XML
structure you need to return in the LDAP directory.
So its looks built for flexibility but could be much more than what you want
to deal with.

Building a CURL<->LDAP GW may be cleaner and easier and will allow you to
use your existing LDAP, perhaps just having to add a few attributes.

I also found the following quite old post
(http://article.gmane.org/gmane.comp.telephony.freeswitch.user/6974) on some
other forum. 
Not sure if the module has been updated since and if/how much the below
needs to change, but maybe it still works.
Copying it in below for the sake of completeness.

-------------------------------------------------------------------‹
From: John Skopis (Lists <jlists at ...
<http://gmane.org/get-address.php?address=jlists%2dEvbuFKj4J8zQT0dZR%2bAlfA%
40public.gmane.org> >
Subject: Re: LDAP Integration
<http://news.gmane.org/find-root.php?message_id=49485AD1.5070708%40skopis.co
m> 
Newsgroups: gmane.comp.telephony.freeswitch.user
<http://news.gmane.org/gmane.comp.telephony.freeswitch.user>
Date: 2008-12-17 01:50:09 GMT (5 years, 41 weeks, 2 hours and 44 minutes
ago)
vinicius wrote:
> hi ppl.. i tried to find something at google, but i couldnt manage to find
> anything.
> i still dont know what to do to make the mod_xml_ldap work.
> i couldnt find information about how to build a config file for the
> module, and where to store it...
> 
> can anyone give me a help?
> 

Be advised mod_xml_ldap is probably not production quality and will
undoubtedly change, eventually at least.

Here is what I used once:

  <bindings>

    <binding name="directory">
		<!--%s is populated with the extension -->
		<param name="filter" value="(FSid=%s)" bindings="directory"/>
		<!--basedn for the searches %s is replaced with domain-->
		<param name="basedn" value="ou=people,dc=example" />
		<param name="url" value="ldap://172.16.75.129" />
		<param name="binddn" value="cn=admin,dc=example" />
		<param name="bindpass" value="secret" />

		<trans>
			<!-- we need to translate these attrs into FS attrs -->
			<tran name="id" mapfrom="FSid" />
			<tran name="mailbox" mapfrom="FSmailbox" />
			<tran name="password" mapfrom="FSPassword" />
			<tran name="vm-password" mapfrom="FSvm-password" />
			<tran name="email-addr" mapfrom="FSemail-addr" />
			<tran name="vm-email-all-messages" mapfrom="FSvm-email-all-messages" />
			<tran name="vm-delete-file" mapfrom="FSvm-delete-file" />
			<tran name="vm-attach-file" mapfrom="FSvm-attach-file" />
		</trans>
    </binding>

    <binding name="configuration">
        <param name="filter" value="(%s=%s)" bindings="configuration"/>
        <param name="basedn" value="name=%s,dc=example" />
        <param name="url" value="ldap://172.16.75.129" />
        <param name="binddn" value="cn=admin,dc=example" />
        <param name="bindpass" value="secret" />
    </binding>
</bindings>

which should/probably/might work with ldap objects like these:

dn: cn=John Skopis,ou=people,dc=example
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: FreeSWITCH-Exten-Object
objectClass: top
cn: John Skopis
sn: Skopis
givenName: John
FSid: 1001
FSmailbox: 1001
FSpassword: 1234
FSvm-password: 1001
FSemail-addr: john+fs at ...
<http://gmane.org/get-address.php?address=john%2bfs%2dEvbuFKj4J8zQT0dZR%2bAl
fA%40public.gmane.org>
FSvm-email-all-messages: TRUE
FSvm-delete-file: TRUE
FSvm-attach-file: TRUE

dn: SIPIdentityUserName=1001,ou=h350,dc=example
objectClass: person
objectClass: SIPIdentity
objectClass: top
cn: 1001
sn: 1001
SIPIdentitySIPURI: sip:1001 at ...
<http://gmane.org/get-address.php?address=1001%2dkcfYj8qlMREO%2fMasoipxNA%40
public.gmane.org> 
SIPIdentityRegistrarAddress: 172.16.75.128
SIPIdentityProxyAddress: 172.16.75.128
SIPIdentityPassword: 1234
SIPIdentityUserName: 1001
SIPIdentityServiceLevel: premium

‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹

The ³trans² part looks very useful.

>From the code I can see that the module supports exactly the following
translations:

id
cidr
/* Params */
password
vm-enabled
vm-password
vm-mailfrom
vm-mailto
vm-email-all-messages
vm-notify-email-all-messages
vm-attach-file
 
                   
/* Variables */
accountcode
user_context
effective_caller_id_name
effective_caller_id_number
Ruleset




I hope this helps.


If you get this working, please let us all know how you did it here ­ and
make sure the wiki gets updated.

Best Regards
-- 
Keith Laaks 


From:  Nick Zaitsev <nick.zaitsev at mail.ru>
Reply-To:  FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Date:  Monday 29 September 2014 at 12:47 PM
To:  <freeswitch-users at lists.freeswitch.org>
Subject:  [Freeswitch-users] LDAP

Good day to you.
Could you advise me how i can implement auth users via LDAP in the simplest
way?
Do i have to write my own application for mod_xml_curl(maybe there is such
application somewhere)?
Or i can use the mod for freeswitch and it will work like a charm.(i use
both sip and skinny users)
Thank you for your time,
Best Regards
Nick Zaitsev



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140930/d2ec719a/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list