hi guys,
our university is using ldap as password
storage for the authentication of several services like webmail,
webproxy, etc. there are so little info regarding the implementation of
ldap and http digest authentication (which sip use). we are trying to implement
scenario where ser would authenticate vs a radius server, which in turn would
query the ldap.
so far, we have only done authentication
between
ser<------->radius and
radius<------->ldap,
but not ser-->radius-->ldap
i know that basic authentication would work but
poses a big risk of the sip passwords being sniffed out of the network. now
my question is, has anybody tried this kind of approach? still i think the best
solution would be an ldap module for ser, probably a basic authentication over
tls, coz ldap's digest auth support
requires an sasl database which i think adds
another point of failure. do you guys have any suggestion on how to
approach this challenge?
~kelvin