Hello,
I'd like to authenticate Kamailio users in LDAP. But it looks like Kamailio need to download password from LDAP and authenticate user on it's own. Is there any possibility to send password to LDAP and let LDAP to say, if the user can be sign in?
Thanks Marek Moravčík
On 10 Apr 2015, at 09:23, Marek Moravcik marekmoravcik@imafex.sk wrote:
Hello,
I'd like to authenticate Kamailio users in LDAP. But it looks like Kamailio need to download password from LDAP and authenticate user on it's own. Is there any possibility to send password to LDAP and let LDAP to say, if the user can be sign in?
For MD5 Digest challenge-response authentication the cleartext password is needed. We do not get any cleartext password from the client, so the SIP auth server needs to calculate a hash based on the nonce (the challenge), the authentication realm and the secret. This hash is compared with the hash we get from the client.
This is a good reason to run LDAP over TLS.
/O
-
Marek Moravcik -
Olle E. Johansson