[Freeswitch-users] Openldap and freeswitch integration problem

[Michael Jerris]

Due to the way sip digest auth works, you could not actually validate a password if all you have is the md5 of the password.  You can store the a1 hash, which is an md5 of username:realm:password string.  For more information on how digest authentication works to help understand why what you are trying is not cryptographically possible, check out: http://en.wikipedia.org/wiki/Digest_access_authentication <http://en.wikipedia.org/wiki/Digest_access_authentication>

Mike


> On Dec 23, 2014, at 2:09 AM, Shisheer Teli <telishisheer at gmail.com> wrote:
> 
> Hi,
> 
> I am able to bind with any alise on ldap server except userPassword (MD5) alise.
> 
> when i bind password with userPassword , authentication fails.  
> 
> I done some following testing
> 
>  Test 1: 
> when i set openldap userPassword in md5 , in freeswitch cli i saw hash password and authentication failed. 
> 
> Test 2: 
> when i set openldap userPassword in plain text, in freeswitch cli i can see plain text password and authentication success. 
> 
> Authentication works with plain text but not for encrypted password.
> 
> Configuration file:
> <configuration name="xml_ldap.conf">
> 
> <bindings>
> <binding name="directory">
>   <param name="basedn" value="dc=example,dc=com"/>
>   <param name="filter" value="(telephoneNumber=%d)" bindings="directory"/>
>   <param name="url" value="ldap://ldap.example.com <http://ldap.example.com/>"/>
>   <param name="binddn" value="cn=use,dc=example,dc=com"/>
>   <param name="bindpass" value="XXXX"/>
>    <trans>
>    <tran name="id" mapfrom="uid"/>
>    <tran name="password" mapfrom="userPassword"/>
>    </trans>
> </binding>
> </bindings>
> 
> </configuration>
> 
> Please reply ASAP...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20141223/2f0ebbc1/attachment-0001.html