The best solution would be to have the LDAP server do the authentication for you. You just get the digest credentials from the message, send them to the LDAP server and the LDAP server will tell you if the user is authenticated or not. That's how radius authentication works in ser, for example.
The question is if there is any LDAP implementation that can do this (I am not aware of any such).
Alternatively you can store HA1 in the LDAP server, fetch the string from the LDAP server and do the authentication in ser. Note that HA1 string is not stronger than plaintext password.
Jan.
On 22-02 00:28, GUSTAVO GARCIA BERNARDO wrote:
Hi,
I'm trying to develop a solution for LDAP authentication in SER, but i have a question. With digest HTTP authentication (RFC 2617) the SIP server doesn't have the plain password, it has a hash of user:realm:password (H(A1)). How could a sip server authenticate the users using a standard LDAP database with this information?
Somebody knows a solution for this?
My ideas are to use HTTP basic authentication (not standard with SIP) or store H(A1) in LDAP (not standard in LDAP, you need to modify the stored information). I think both are bad solutions.
Thank you very much.
G.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers