[Freeswitch-dev] [Freeswitch-users] Openldap and freeswitch integration problem
Michael Jerris
mike at jerris.com
Tue Dec 23 20:15:47 MSK 2014
Due to the way sip digest auth works, you could not actually validate a password if all you have is the md5 of the password. You can store the a1 hash, which is an md5 of username:realm:password string. For more information on how digest authentication works to help understand why what you are trying is not cryptographically possible, check out: http://en.wikipedia.org/wiki/Digest_access_authentication <http://en.wikipedia.org/wiki/Digest_access_authentication>
Mike
> On Dec 23, 2014, at 2:09 AM, Shisheer Teli <telishisheer at gmail.com> wrote:
>
> Hi,
>
> I am able to bind with any alise on ldap server except userPassword (MD5) alise.
>
> when i bind password with userPassword , authentication fails.
>
> I done some following testing
>
> Test 1:
> when i set openldap userPassword in md5 , in freeswitch cli i saw hash password and authentication failed.
>
> Test 2:
> when i set openldap userPassword in plain text, in freeswitch cli i can see plain text password and authentication success.
>
> Authentication works with plain text but not for encrypted password.
>
> Configuration file:
> <configuration name="xml_ldap.conf">
>
> <bindings>
> <binding name="directory">
> <param name="basedn" value="dc=example,dc=com"/>
> <param name="filter" value="(telephoneNumber=%d)" bindings="directory"/>
> <param name="url" value="ldap://ldap.example.com <http://ldap.example.com/>"/>
> <param name="binddn" value="cn=use,dc=example,dc=com"/>
> <param name="bindpass" value="XXXX"/>
> <trans>
> <tran name="id" mapfrom="uid"/>
> <tran name="password" mapfrom="userPassword"/>
> </trans>
> </binding>
> </bindings>
>
> </configuration>
>
> Please reply ASAP...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20141223/2f0ebbc1/attachment-0001.html
Join us at ClueCon 2014 Aug 4-7, 2014
More information about the FreeSWITCH-dev
mailing list