[Freeswitch-users] Authentication of SIP phones against LDAP directory?
Colin Morelli
colin.morelli at gmail.com
Sun Jun 12 23:07:33 MSD 2016
Mod_xml_curl is going to be your best bet for authenticating dynamically.
Build a simple HTTP service in your preferred language. LDAP Bindings are
widely available in basically every language.
With mod_xml_curl, FS will make an HTTP call to your application each time
someone tries to authenticate. You simply need to return a small XML
document back with their credentials.
Best,
Colin
On Sun, Jun 12, 2016 at 2:42 PM Kevin Long <kevin.long at haloprivacy.com>
wrote:
>
> Hi Stanislav, thanks for the response.
>
> Even if I do need some separate attributes, plaintext or A1 hashed, does
> the functionality exist in Freeswitch to do the authentication from LDAP
> from these attributes?
>
> My goal here is to run Freeswitch via Docker, because I intend to deploy
> it many, many times for small groups of users in an ephemeral way. So the
> configuration files, including the users extensions etc, would not be
> permanent and need to be generated on-the-fly when the instance is booted
> up.
>
>
> If there is another way people are doing this kind of thing, I would love
> to know.
>
>
> Thanks again,
>
> Kevin Long
>
>
> > On Jun 12, 2016, at 7:18 AM, Stanislav Sinyagin <ssinyagin at gmail.com>
> wrote:
> >
> > there's a principal difference in how authentication works in SIP and
> LDAP:
> >
> > SIP is using challenge-response, so the server needs either the
> > cleartext password, or A1-hash.
> >
> > LDAP is primarily using salted hashes to store the passwords, so
> > there's no way to retrieve the cleartext password.
> >
> > So, the best you can do, is to have a separate LDAP attribute for the
> > SIP password, and keep clear text passwords in it. But then it comes
> > to the same problem as before, that the users have to maintain two
> > different passwords.
> >
> >
> >
> >
> > On Sun, Jun 12, 2016 at 1:27 AM, Kevin Long <kevin.long at haloprivacy.com>
> wrote:
> >>
> >>
> >> Hello,
> >>
> >>
> >> Can Freeswitch authenticate SIP phone logins from an LDAP directory ?
> >>
> >> Hoping to integrate this so my SIP users can use the same
> password/username they use for all other applications.
> >>
> >>
> >> Regards,
> >>
> >> Kevin Long
> >>
> >>
> >>
> _________________________________________________________________________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org
> >> http://www.freeswitchsolutions.com
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://confluence.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160612/7eba0947/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list