hi guys,
our university is using ldap as password storage for the authentication of several services like webmail, webproxy, etc. there are so little info regarding the implementation of ldap and http digest authentication (which sip use). we are trying to implement scenario where ser would authenticate vs a radius server, which in turn would query the ldap.
so far, we have only done authentication between ser<------->radius and radius<------->ldap, but not ser-->radius-->ldap
i know that basic authentication would work but poses a big risk of the sip passwords being sniffed out of the network. now my question is, has anybody tried this kind of approach? still i think the best solution would be an ldap module for ser, probably a basic authentication over tls, coz ldap's digest auth support requires an sasl database which i think adds another point of failure. do you guys have any suggestion on how to approach this challenge?
~kelvin
Hello,
we have ldap support in ser, but it is not free. Let me know if you are interested.
Jan.
On 16-10 10:12, Kelvin Chua wrote:
hi guys,
our university is using ldap as password storage for the authentication of several services like webmail, webproxy, etc. there are so little info regarding the implementation of ldap and http digest authentication (which sip use). we are trying to implement scenario where ser would authenticate vs a radius server, which in turn would query the ldap.
so far, we have only done authentication between ser<------->radius and radius<------->ldap, but not ser-->radius-->ldap
i know that basic authentication would work but poses a big risk of the sip passwords being sniffed out of the network. now my question is, has anybody tried this kind of approach? still i think the best solution would be an ldap module for ser, probably a basic authentication over tls, coz ldap's digest auth support requires an sasl database which i think adds another point of failure. do you guys have any suggestion on how to approach this challenge?
~kelvin
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Jan Janak -
Kelvin Chua