[OpenSIPS-Users] Authentication using LDAP attribute with MD5 hash.
Joao Antunes
joao.antunes at tagus.ist.utl.pt
Sat Sep 19 16:39:18 CEST 2009
Well, nevermind, problem solved, i found
http://www.linux.org/docs/ldp/howto/archived/LDAP-Implementation-HOWTO/ssl.html
that talks about stunnel, if anyone has a better solution though..
Regards,
João Antunes
On Sat, Sep 19, 2009 at 3:38 PM, Joao Antunes
<joao.antunes at tagus.ist.utl.pt> wrote:
> Just to make sure i'm correct about this, the ldap module of OpenSIPS
> doesn't support TCP SSL connections aka TLS connections?
>
> Is there any way to go around this?! Something like a wrapper, has
> anybody done that and can provide me some pointers?
>
> Thanks in advance,
> João Antunes
>
> On Tue, Sep 15, 2009 at 2:15 PM, Bogdan-Andrei Iancu
> <bogdan at voice-system.ro> wrote:
>> Hello João,
>>
>>
>> João Antunes wrote:
>>>
>>> Hi!
>>>
>>> I would like to know if it's possible to use the LDAP module along with
>>> the AUTH module to use LDAP for authenticating SIP users. Of course that
>>> an attribute with the MD5 hash is needed in the LDAP, but i already have
>>> that.
>>>
>>
>> yes, you can have either raw text password, either the pre-calculated HA1
>> (MD5).
>>>
>>> My preliminary research points me in the direction of making a query
>>> with the LDAP code to retrieve the hash and then use some function of
>>> AUTH like pv_www_authorize
>>> (http://www.opensips.org/html/docs/modules/1.5.x/auth.html#id271238)
>>> where the $vars were set through the query to the LDAP. Also I think i
>>> would have to set the parameter calculate_ha1
>>> (http://www.opensips.org/html/docs/modules/1.5.x/auth.html#id228275) not
>>> to calculate the ha1 as it's possible to use the hash as it is straight
>>> from the LDAP query. Am I right about this?
>>
>> yes, that is perfectly correct.
>>>
>>> I figured that there should
>>> be already lots of people that implemented or tried to implement LDAP
>>> authentication with OPENSIPS without the need to use RADIUS, so here are
>>> my questions:
>>>
>>> Are the previous assumptions correct?
>>>
>>
>> yes
>>>
>>> Is it possible to do LDAP authentication with OpenSIPS without the use
>>> of the RADIUS server?
>>
>> if you do LDAP,why should you need RADIUS? the ldap support in OpenSIPS can
>> directly connect to a LDAP server.
>>>
>>> is it convenient to do so? is there some kind of
>>> catch for me not to have found anything related with that kind of direct
>>> authentication (without the use of RADIUS) with LDAP?
>>>
>>
>> maybe because it is not such a complicated thing :) (as you discover by
>> yourself)
>>>
>>> Is this a good way to do this?
>>> Am I missing something on what i need to do, would that suffice, is
>>> there some kind of documentation, webpage, mail thread anybody can point
>>> me to?
>>>
>>
>> for simple auth purposes, I think you already found all the info.
>>
>> You might find useful the tutorial on auth with memcaching - there is an
>> example of how to use the pv_auth function:
>> http://www.opensips.org/Resources/DocsTutMemcache
>>
>> Regards,
>> Bogdan
>>>
>>> Thanks in advance,
>>> João Antunes
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>
More information about the Users
mailing list