Hi there,
Since GNU Gk doesn't support LDAP anymore, I'm currently coding a
PostgreSQL stored procedure to be able to retrieve any data
I need from an LDAP server through a simple SELECT SQL statement.
This procedure is written in the PlPythonU language, which is
unrestricted Python embedded in PostgreSQL, unrestricted so I can
import ldap modules and the like.
This works perfectly outside of GNU Gk.
Now I want to integrate this into GNU Gk, and I can see no reason
why this wouldn't work (I can't do this right now I'm at home).
What I need to do is :
- have my endpoints ask for a password when people want to register a
particular alias with the gatekeeper.
- optionally, enforce a particular alias given an username (H.323 ID).
What I planned to do is this :
- Use [SQLPasswordAuth] and in my Python stored procedure do this :
1 - Retrieve password from LDAP based on unique alias number.
2 - Return this password from my stored procedure :
SELECT fromldap('ldap://ldap.example.com:389', -- server
'cn=admin,dc=example,dc=com', -- admin DN
'ldapadminpassword', -- admin PW
'ou=aliases,dc=example,dc=com', -- base
'aliasAttributeName', -- fake attribute name
'%1') -- alias
AS h235password;
BUT... Nowehere in the documentation of GNU Gk is specified which
password encryption algorithm is expected for the h235password
value, if any.
So I'd like to know what sort of password is expected by GNU Gk
when it will check.
What would be even better, would be for the password coming from the
endpoint, if it is clear text to be passed to the SQLPasswordAuth
module as a third parameter, this way the LDAP extraction routine
could be rewritten as a simple LDAP bind attempt, leaving the
password checking work to the LDAP server. The routine would simply
return the password as-is so excepted for the third parameter this
would be transparent, or maybe an additional query should be allowed
for SQLPasswordAuth, like 'CheckPWQuery' in addition to 'Query',
with different semantics.
Finally, if I combine two such stored procedures with in this
order SQLAuth and SQLPasswordAuth, and use SQLAuth's RegQuery to
enforce a particular alias given a particular H.323 ID, will SQLAuth
use the new alias, or the one coming from the endpoint ?
Thanks in advance for any information or comment on this subject.
PS : if anyone is interested in the code I wrote, or if you want to
include it as an example in GNU Gk, please tell and I'll send it to
you tomorrow.
bye
Jerome Alet
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
