On Sun, Mar 10, 2013 at 11:37 AM, Paulo Victor Fernandes da Silva <[email protected]> wrote: > hello guys, > > I'm working on a federal university at Brasil, we already have an openLdap > with all users and this base is used to authenticate several services like > email, vpn, wireless (RADIUS), and we have also Shibboleth providing SSO. > > During my studies of Asterisk, i see a lot of people talking about the > incapacity of asterisk (more precisely because of SIP) to authenticate > against a ldap that uses password encrypted for anything other than MD5. > > I like to know if exist any how to use Asterisk + Ldap (using SSHA and SHA > passwords). It can be achieved in some how? > > PS: Sorry for my bad english. > > Best Regards, > Paulo V.
Paulo I was looking at that code a month or so ago. It should be possible to update res_config_ldap.c to use SHA instead of MD5 when talking to the OpenLDAP server. It is also possible, and a good idea. to maintain a separate password/secret object(MD5/SHA) for Asterisk/PBX to mitigate any toll fraud. Keep in mind that the password could be deployed over HTTPS configuration and be a combination of account info (typically MAC address of UA). Mass deployment is key in such an infrastructure. Also take the time to catalog the user devices/software devices that support SHA for direct LDAP directory look up. -- ~ Andrew "lathama" Latham [email protected] http://lathama.net ~ -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
