[OpenSIPS-Users] LDAP authentification

Iñaki Baz Castillo ibc at aliax.net
Sat Dec 19 03:03:01 CET 2009

El Jueves, 17 de Diciembre de 2009, Olle E. Johansson escribió:

> Basically, the LDAP module will query the LDAP server for a username and
>  password (which has to be in clear text). Because of the MD5 digest
>  authentication, the proxy can't use LDAP auth for SIP.

AFAIK some LDAP servers do support real Digest authentication:

  - http://tools.ietf.org/html/rfc2829 (section 6.1)
  - http://users.ameritech.net/mhwood/ldap-sec-setup.html

If I'm not wrong, for this to work OpenSIPs auth module should behave as a 
"gateway" between credentials sent by the client via SIP and the credentials 
the LDAP server receives via LDAP. This means that OpenSIPS auth module would 
generate the nonce, and would pass user provided response (username, response, 
qop) and auth module provided data (nonce, realm) to the LDAP server (I'm not 
sure of this).

But is not it the same concept as when using Radius authentication?


Iñaki Baz Castillo <ibc at aliax.net>

More information about the Users mailing list