[Freeswitch-users] Authentication of SIP phones against LDAP directory?

Kevin Long kevin.long at haloprivacy.com
Mon Jun 13 00:20:08 MSD 2016


Thanks Colin,

That sounds like a workable idea and would come in handy for other dynamic parts of the configuration .

Cheers,

Kevin Long


On Jun 12, 2016, at 12:07 PM, Colin Morelli <colin.morelli at gmail.com<mailto:colin.morelli at gmail.com>> wrote:

Mod_xml_curl is going to be your best bet for authenticating dynamically. Build a simple HTTP service in your preferred language. LDAP Bindings are widely available in basically every language.

With mod_xml_curl, FS will make an HTTP call to your application each time someone tries to authenticate. You simply need to return a small XML document back with their credentials.

Best,
Colin
On Sun, Jun 12, 2016 at 2:42 PM Kevin Long <kevin.long at haloprivacy.com<mailto:kevin.long at haloprivacy.com>> wrote:

Hi Stanislav,  thanks for the response.

Even if I do need some separate attributes, plaintext or A1 hashed,  does the functionality exist in Freeswitch to do the authentication from LDAP from these attributes?

My goal here is to run Freeswitch via Docker, because I intend to deploy it many, many times for small groups of users in an ephemeral way.  So the configuration files, including the users extensions etc,  would not be permanent and need to be generated on-the-fly when the instance is booted up.


If there is another way people are doing this kind of thing,  I would love to know.


Thanks again,

Kevin Long


> On Jun 12, 2016, at 7:18 AM, Stanislav Sinyagin <ssinyagin at gmail.com<mailto:ssinyagin at gmail.com>> wrote:
>
> there's a principal difference in how authentication works in SIP and LDAP:
>
> SIP is using challenge-response, so the server needs either the
> cleartext password, or A1-hash.
>
> LDAP is primarily using salted hashes to store the passwords, so
> there's no way to retrieve the cleartext password.
>
> So, the best you can do, is to have a separate LDAP attribute for the
> SIP password, and keep clear text passwords in it. But then it comes
> to the same problem as before, that the users have to maintain two
> different passwords.
>
>
>
>
> On Sun, Jun 12, 2016 at 1:27 AM, Kevin Long <kevin.long at haloprivacy.com<mailto:kevin.long at haloprivacy.com>> wrote:
>>
>>
>> Hello,
>>
>>
>> Can Freeswitch authenticate SIP phone logins from an LDAP directory ?
>>
>> Hoping to integrate this so my SIP users can use the same password/username they use for all other applications.
>>
>>
>> Regards,
>>
>> Kevin Long
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org<http://www.freeswitch.org/>
>> http://confluence.freeswitch.org<http://confluence.freeswitch.org/>
>> http://www.cluecon.com<http://www.cluecon.com/>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org<http://www.freeswitch.org/>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org<mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org<http://www.freeswitch.org/>
> http://confluence.freeswitch.org<http://confluence.freeswitch.org/>
> http://www.cluecon.com<http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org<http://www.freeswitch.org/>


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>

Official FreeSWITCH Sites
http://www.freeswitch.org<http://www.freeswitch.org/>
http://confluence.freeswitch.org<http://confluence.freeswitch.org/>
http://www.cluecon.com<http://www.cluecon.com/>

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org<http://www.freeswitch.org/>
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160612/f0868cf8/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list