[OpenSIPS-Users] Authentication using LDAP attribute with MD5 hash.

Joao Antunes joao.antunes at tagus.ist.utl.pt
Sat Sep 19 16:38:04 CEST 2009


Just to make sure i'm correct about this, the ldap module of OpenSIPS
doesn't support TCP SSL connections aka TLS connections?

Is there any way to go around this?! Something like a wrapper, has
anybody done that and can provide me some pointers?

Thanks in advance,
João Antunes

On Tue, Sep 15, 2009 at 2:15 PM, Bogdan-Andrei Iancu
<bogdan at voice-system.ro> wrote:
> Hello João,
>
>
> João Antunes wrote:
>>
>> Hi!
>>
>> I would like to know if it's possible to use the LDAP module along with
>> the AUTH module to use LDAP for authenticating SIP users. Of course that
>> an attribute with the MD5 hash is needed in the LDAP, but i already have
>> that.
>>
>
> yes, you can have either raw text password,  either the pre-calculated HA1
> (MD5).
>>
>> My preliminary research points me in the direction of making a query
>> with the LDAP code to retrieve the hash and then use some function of
>> AUTH like pv_www_authorize
>> (http://www.opensips.org/html/docs/modules/1.5.x/auth.html#id271238)
>> where the $vars were set through the query to the LDAP. Also I think i
>> would have to set the parameter calculate_ha1
>> (http://www.opensips.org/html/docs/modules/1.5.x/auth.html#id228275) not
>> to calculate the ha1 as it's possible to use the hash as it is straight
>> from the LDAP query. Am I right about this?
>
> yes, that is perfectly correct.
>>
>>  I figured that there should
>> be already lots of people that implemented or tried to implement LDAP
>> authentication with OPENSIPS without the need to use RADIUS, so here are
>> my questions:
>>
>> Are the previous assumptions correct?
>>
>
> yes
>>
>> Is it possible to do LDAP authentication with OpenSIPS without the use
>> of the RADIUS server?
>
> if you do LDAP,why should you need RADIUS? the ldap support in OpenSIPS can
> directly connect to a LDAP server.
>>
>>  is it convenient to do so? is there some kind of
>> catch for me not to have found anything related with that kind of direct
>> authentication (without the use of RADIUS) with LDAP?
>>
>
> maybe because it is not such a complicated thing :) (as you discover by
> yourself)
>>
>> Is this a good way to do this?
>> Am I missing something on what i need to do, would that suffice, is
>> there some kind of documentation, webpage, mail thread anybody can point
>> me to?
>>
>
> for simple auth purposes, I think you already found all the info.
>
> You might find useful the tutorial on auth with memcaching - there is an
> example of how to use the pv_auth function:
>            http://www.opensips.org/Resources/DocsTutMemcache
>
> Regards,
> Bogdan
>>
>> Thanks in advance,
>> João Antunes
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>



More information about the Users mailing list