mirror of https://github.com/sipwise/kamailio.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
112 lines
3.3 KiB
112 lines
3.3 KiB
#
|
|
# This is a configuration file for the LDAP module in SER. The configuration
|
|
# file maps database table names used in SER to LDAP directory sub-trees to
|
|
# be searched. In addition to that the configuration file also allows to
|
|
# configure the LDAP search filter and maps database field names to
|
|
# LDAP attribute names and vice versa.
|
|
#
|
|
# Supported Attribute Type Names:
|
|
# * GeneralizedTime
|
|
# * Integer
|
|
# * BitString
|
|
# * Boolean
|
|
# * String
|
|
# * Binary
|
|
# * Float
|
|
#
|
|
|
|
[connection:ldap_server1]
|
|
host=127.0.0.1
|
|
port=389
|
|
username=ser
|
|
password=heslo
|
|
# LDAP or LDAP SASL authentication mechanism.
|
|
# Allowed values: none (default), simple, digest-md5, external
|
|
authtype=simple
|
|
|
|
# tls encryption
|
|
tls=off
|
|
|
|
# Specifies the file that contains certificates for all of the Certificate
|
|
# Authorities the ldap module will recognize.
|
|
ca_list=/home/kg/work/openssl/demoCA/cacert.pem
|
|
|
|
# Specifies what checks to perform on server certificates in a TLS session
|
|
# allowed values are never/allow/try/demand
|
|
# see the TLS_REQCERT tls option part of ldap.conf(8) man page for more details
|
|
require_certificate=demand
|
|
|
|
#
|
|
# Table credentials contains SIP digest authentication credentials.
|
|
#
|
|
[table:credentials]
|
|
|
|
# In our LDAP directory we store SIP digest credentials under
|
|
# "Digest Credentials" organization unit so this is where searches for digest
|
|
# credentials should start.
|
|
base = "ou=Digest Credentials,dc=iptel,dc=org"
|
|
|
|
# We search the whole subtree.
|
|
scope = subtree
|
|
|
|
# For digest credentials we are only interested in objects with objectClass
|
|
# 'digestAuthCredentials', objects of all other types are ignored.
|
|
filter = "(objectClass=digestAuthCredentials)"
|
|
|
|
# Mapping of field names to LDAP attribute names and vice versa. Names are
|
|
# delimited using ':', the first name is database field name as used in SER
|
|
# modules, the second name (after :) is corresponding LDAP attribute name,
|
|
# optionally preceeded with LDAP attribute syntax name in parentheses.
|
|
field_map = password : (Binary) digestPassword
|
|
field_map = realm : digestRealm
|
|
field_map = auth_username : digestUsername
|
|
field_map = uid : serUID
|
|
field_map = flags : (BitString) serFlags
|
|
|
|
# retrieve at most sizelimit entries for a search
|
|
#sizelimit = 2147483647
|
|
|
|
# wait at most timelimit seconds for a search to complete
|
|
#timelimit = 120
|
|
|
|
# chase references automatically by OpenLDAP. Default is "never"
|
|
# chase_references = never | searching | finding | always
|
|
|
|
# chase referrals automatically by OpenLDAP. Default is "no"
|
|
# chase_referrals = yes | no
|
|
|
|
#
|
|
# Domain table stores information about virtual domains
|
|
#
|
|
[table:domain]
|
|
|
|
# Objects mapping domain IDs to domain names and vice versa are stored
|
|
# in the subtree with the following root:
|
|
base = "ou=Domains,dc=iptel,dc=org"
|
|
|
|
scope = subtree
|
|
|
|
# We are only interested in serDomain objects when looking up information
|
|
# about virtual domains.
|
|
filter = "(objectClass=serDomain)"
|
|
|
|
field_map = did : (String) serDID
|
|
field_map = domain : (String) serDomain
|
|
field_map = flags : (BitString) serFlags
|
|
|
|
#
|
|
# Table domain_attrs contains domain attributes, domain attributes store
|
|
# extra information about virtual domains.
|
|
#
|
|
[table:domain_attrs]
|
|
base = "ou=Domains, dc=iptel,dc=org"
|
|
scope = subtree
|
|
|
|
filter = "(objectClass=serDomainAttr)"
|
|
|
|
field_map = did : serDID
|
|
field_map = name : serAttrName
|
|
field_map = type : (Integer) serAttrType
|
|
field_map = value : serAttrValue
|
|
field_map = flags : (BitString) serFlags
|