<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><a href="https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/src/mod/directories/mod_ldap">https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/src/mod/directories/mod_ldap</a></div><div id="AppleMailSignature"><br></div><div id="AppleMailSignature"><br>Sent from my iPhone</div><div><br>On Jun 12, 2016, at 2:07 PM, Colin Morelli &lt;<a href="mailto:colin.morelli@gmail.com">colin.morelli@gmail.com</a>&gt; wrote:<br><br></div><blockquote type="cite"><div>Mod_xml_curl is going to be your best bet for authenticating dynamically. Build a simple HTTP service in your preferred language. LDAP Bindings are widely available in basically every language.<br><br>With mod_xml_curl, FS will make an HTTP call to your application each time someone tries to authenticate. You simply need to return a small XML document back with their credentials.<br><br>Best,<br>Colin<br><div class="gmail_quote"><div dir="ltr">On Sun, Jun 12, 2016 at 2:42 PM Kevin Long &lt;<a href="mailto:kevin.long@haloprivacy.com">kevin.long@haloprivacy.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Hi Stanislav,&nbsp; thanks for the response.<br>
<br>
Even if I do need some separate attributes, plaintext or A1 hashed,&nbsp; does the functionality exist in Freeswitch to do the authentication from LDAP from these attributes?<br>
<br>
My goal here is to run Freeswitch via Docker, because I intend to deploy it many, many times for small groups of users in an ephemeral way.&nbsp; So the configuration files, including the users extensions etc,&nbsp; would not be permanent and need to be generated on-the-fly when the instance is booted up.<br>
<br>
<br>
If there is another way people are doing this kind of thing,&nbsp; I would love to know.<br>
<br>
<br>
Thanks again,<br>
<br>
Kevin Long<br>
<br>
<br>
&gt; On Jun 12, 2016, at 7:18 AM, Stanislav Sinyagin &lt;<a href="mailto:ssinyagin@gmail.com" target="_blank">ssinyagin@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; there's a principal difference in how authentication works in SIP and LDAP:<br>
&gt;<br>
&gt; SIP is using challenge-response, so the server needs either the<br>
&gt; cleartext password, or A1-hash.<br>
&gt;<br>
&gt; LDAP is primarily using salted hashes to store the passwords, so<br>
&gt; there's no way to retrieve the cleartext password.<br>
&gt;<br>
&gt; So, the best you can do, is to have a separate LDAP attribute for the<br>
&gt; SIP password, and keep clear text passwords in it. But then it comes<br>
&gt; to the same problem as before, that the users have to maintain two<br>
&gt; different passwords.<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; On Sun, Jun 12, 2016 at 1:27 AM, Kevin Long &lt;<a href="mailto:kevin.long@haloprivacy.com" target="_blank">kevin.long@haloprivacy.com</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; Hello,<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; Can Freeswitch authenticate SIP phone logins from an LDAP directory ?<br>
&gt;&gt;<br>
&gt;&gt; Hoping to integrate this so my SIP users can use the same password/username they use for all other applications.<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; Regards,<br>
&gt;&gt;<br>
&gt;&gt; Kevin Long<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; _________________________________________________________________________<br>
&gt;&gt; Professional FreeSWITCH Consulting Services:<br>
&gt;&gt; <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
&gt;&gt; <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;&gt;<br>
&gt;&gt; Official FreeSWITCH Sites<br>
&gt;&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
&gt;&gt; <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
&gt;&gt; <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
&gt;&gt;<br>
&gt;&gt; FreeSWITCH-users mailing list<br>
&gt;&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
&gt;&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
&gt;&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
&gt;&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
&gt;<br>
&gt; _________________________________________________________________________<br>
&gt; Professional FreeSWITCH Consulting Services:<br>
&gt; <a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
&gt; <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
&gt;<br>
&gt; Official FreeSWITCH Sites<br>
&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
&gt; <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
&gt; <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
&gt;<br>
&gt; FreeSWITCH-users mailing list<br>
&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br>
<br>
_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div>
</div></blockquote><blockquote type="cite"><div><span>_________________________________________________________________________</span><br><span>Professional FreeSWITCH Consulting Services: </span><br><span><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br><span><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br><span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br><span><a href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a></span><br><span><a href="http://www.cluecon.com">http://www.cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-users mailing list</span><br><span><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br><span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br><span>UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span></div></blockquote></body></html>