El Jueves, 17 de Diciembre de 2009, Olle E. Johansson escribió: > Basically, the LDAP module will query the LDAP server for a username and > password (which has to be in clear text). Because of the MD5 digest > authentication, the proxy can't use LDAP auth for SIP.
AFAIK some LDAP servers do support real Digest authentication: - http://tools.ietf.org/html/rfc2829 (section 6.1) - http://users.ameritech.net/mhwood/ldap-sec-setup.html If I'm not wrong, for this to work OpenSIPs auth module should behave as a "gateway" between credentials sent by the client via SIP and the credentials the LDAP server receives via LDAP. This means that OpenSIPS auth module would generate the nonce, and would pass user provided response (username, response, qop) and auth module provided data (nonce, realm) to the LDAP server (I'm not sure of this). But is not it the same concept as when using Radius authentication? Regards. -- Iñaki Baz Castillo <[email protected]> _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
