<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><a href="https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/src/mod/directories/mod_ldap">https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/src/mod/directories/mod_ldap</a></div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature"><br>Sent from my iPhone</div><div><br>On Jun 12, 2016, at 2:07 PM, Colin Morelli <<a href="mailto:colin.morelli@gmail.com">colin.morelli@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div>Mod_xml_curl is going to be your best bet for authenticating dynamically. Build a simple HTTP service in your preferred language. LDAP Bindings are widely available in basically every language.<br><br>With mod_xml_curl, FS will make an HTTP call to your application each time someone tries to authenticate. You simply need to return a small XML document back with their credentials.<br><br>Best,<br>Colin<br><div class="gmail_quote"><div dir="ltr">On Sun, Jun 12, 2016 at 2:42 PM Kevin Long <<a href="mailto:kevin.long@haloprivacy.com">kevin.long@haloprivacy.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Hi Stanislav, thanks for the response.<br>
<br>
Even if I do need some separate attributes, plaintext or A1 hashed, does the functionality exist in Freeswitch to do the authentication from LDAP from these attributes?<br>
<br>
My goal here is to run Freeswitch via Docker, because I intend to deploy it many, many times for small groups of users in an ephemeral way. So the configuration files, including the users extensions etc, would not be permanent and need to be generated on-the-fly when the instance is booted up.<br>
<br>
<br>
If there is another way people are doing this kind of thing, I would love to know.<br>
<br>
<br>
Thanks again,<br>
<br>
Kevin Long<br>
<br>
<br>
> On Jun 12, 2016, at 7:18 AM, Stanislav Sinyagin <<a href="mailto:ssinyagin@gmail.com" target="_blank">ssinyagin@gmail.com</a>> wrote:<br>
><br>
> there's a principal difference in how authentication works in SIP and LDAP:<br>
><br>
> SIP is using challenge-response, so the server needs either the<br>
> cleartext password, or A1-hash.<br>
><br>
> LDAP is primarily using salted hashes to store the passwords, so<br>
> there's no way to retrieve the cleartext password.<br>
><br>
> So, the best you can do, is to have a separate LDAP attribute for the<br>
> SIP password, and keep clear text passwords in it. But then it comes<br>
> to the same problem as before, that the users have to maintain two<br>
> different passwords.<br>
><br>
><br>
><br>
><br>
> On Sun, Jun 12, 2016 at 1:27 AM, Kevin Long <<a href="mailto:kevin.long@haloprivacy.com" target="_blank">kevin.long@haloprivacy.com</a>> wrote:<br>
>><br>
>><br>
>> Hello,<br>
>><br>
>><br>
>> Can Freeswitch authenticate SIP phone logins from an LDAP directory ?<br>
>><br>
>> Hoping to integrate this so my SIP users can use the same password/username they use for all other applications.<br>
>><br>
>><br>
>> Regards,<br>
>><br>
>> Kevin Long<br>
>><br>
>><br>
>> _________________________________________________________________________<br>
>> Professional FreeSWITCH Consulting Services:<br>
>> <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
>> <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
>><br>
>> Official FreeSWITCH Sites<br>
>> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
>> <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
>> <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
>><br>
>> FreeSWITCH-users mailing list<br>
>> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
>> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
>> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
>> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
><br>
> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div>
</div></blockquote><blockquote type="cite"><div><span>_________________________________________________________________________</span><br><span>Professional FreeSWITCH Consulting Services: </span><br><span><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br><span><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br><span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br><span><a href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a></span><br><span><a href="http://www.cluecon.com">http://www.cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-users mailing list</span><br><span><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br><span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br><span>UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span></div></blockquote></body></html>