[Freeswitch-users] Authentication of SIP phones against LDAP directory?
Ken Rice
krice at freeswitch.org
Mon Jun 13 00:00:44 MSD 2016
https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/src/mod/directories/mod_ldap
Sent from my iPhone
> On Jun 12, 2016, at 2:07 PM, Colin Morelli <colin.morelli at gmail.com> wrote:
>
> Mod_xml_curl is going to be your best bet for authenticating dynamically. Build a simple HTTP service in your preferred language. LDAP Bindings are widely available in basically every language.
>
> With mod_xml_curl, FS will make an HTTP call to your application each time someone tries to authenticate. You simply need to return a small XML document back with their credentials.
>
> Best,
> Colin
>> On Sun, Jun 12, 2016 at 2:42 PM Kevin Long <kevin.long at haloprivacy.com> wrote:
>>
>> Hi Stanislav, thanks for the response.
>>
>> Even if I do need some separate attributes, plaintext or A1 hashed, does the functionality exist in Freeswitch to do the authentication from LDAP from these attributes?
>>
>> My goal here is to run Freeswitch via Docker, because I intend to deploy it many, many times for small groups of users in an ephemeral way. So the configuration files, including the users extensions etc, would not be permanent and need to be generated on-the-fly when the instance is booted up.
>>
>>
>> If there is another way people are doing this kind of thing, I would love to know.
>>
>>
>> Thanks again,
>>
>> Kevin Long
>>
>>
>> > On Jun 12, 2016, at 7:18 AM, Stanislav Sinyagin <ssinyagin at gmail.com> wrote:
>> >
>> > there's a principal difference in how authentication works in SIP and LDAP:
>> >
>> > SIP is using challenge-response, so the server needs either the
>> > cleartext password, or A1-hash.
>> >
>> > LDAP is primarily using salted hashes to store the passwords, so
>> > there's no way to retrieve the cleartext password.
>> >
>> > So, the best you can do, is to have a separate LDAP attribute for the
>> > SIP password, and keep clear text passwords in it. But then it comes
>> > to the same problem as before, that the users have to maintain two
>> > different passwords.
>> >
>> >
>> >
>> >
>> > On Sun, Jun 12, 2016 at 1:27 AM, Kevin Long <kevin.long at haloprivacy.com> wrote:
>> >>
>> >>
>> >> Hello,
>> >>
>> >>
>> >> Can Freeswitch authenticate SIP phone logins from an LDAP directory ?
>> >>
>> >> Hoping to integrate this so my SIP users can use the same password/username they use for all other applications.
>> >>
>> >>
>> >> Regards,
>> >>
>> >> Kevin Long
>> >>
>> >>
>> >> _________________________________________________________________________
>> >> Professional FreeSWITCH Consulting Services:
>> >> consulting at freeswitch.org
>> >> http://www.freeswitchsolutions.com
>> >>
>> >> Official FreeSWITCH Sites
>> >> http://www.freeswitch.org
>> >> http://confluence.freeswitch.org
>> >> http://www.cluecon.com
>> >>
>> >> FreeSWITCH-users mailing list
>> >> FreeSWITCH-users at lists.freeswitch.org
>> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> >> http://www.freeswitch.org
>> >
>> > _________________________________________________________________________
>> > Professional FreeSWITCH Consulting Services:
>> > consulting at freeswitch.org
>> > http://www.freeswitchsolutions.com
>> >
>> > Official FreeSWITCH Sites
>> > http://www.freeswitch.org
>> > http://confluence.freeswitch.org
>> > http://www.cluecon.com
>> >
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> > http://www.freeswitch.org
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160612/95c456fe/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list