[OpenSIPS-Users] LDAP authentification
Iñaki Baz Castillo
ibc at aliax.net
Sat Dec 19 03:03:01 CET 2009
El Jueves, 17 de Diciembre de 2009, Olle E. Johansson escribió:
> Basically, the LDAP module will query the LDAP server for a username and
> password (which has to be in clear text). Because of the MD5 digest
> authentication, the proxy can't use LDAP auth for SIP.
AFAIK some LDAP servers do support real Digest authentication:
- http://tools.ietf.org/html/rfc2829 (section 6.1)
- http://users.ameritech.net/mhwood/ldap-sec-setup.html
If I'm not wrong, for this to work OpenSIPs auth module should behave as a
"gateway" between credentials sent by the client via SIP and the credentials
the LDAP server receives via LDAP. This means that OpenSIPS auth module would
generate the nonce, and would pass user provided response (username, response,
qop) and auth module provided data (nonce, realm) to the LDAP server (I'm not
sure of this).
But is not it the same concept as when using Radius authentication?
Regards.
--
Iñaki Baz Castillo <ibc at aliax.net>
More information about the Users
mailing list