<div dir="ltr"><div style><div>Andrew, thx for answer, </div><div><br></div><div>In my case, re-coding is not an option. Sadly we have no personal to take such work, in the future, perhaps. We already have a fully functional PBX from Alcatel, i want use Asterisk to provide VOIP only for softphones. (license price for Alcatel softphones kills my budget!)</div>
<div><br></div>The general idea is to provide a softphone to my users, no matter where he is, they will use the same username and password they already have (from LDAP), at the moment the user log in, he are capable of to do calls throught my Alcatel PBX (we've bought the interface to do the interconection).</div>
<div style><br></div><div style>Someone knows any other alternatives to Asterisk to do it so? </div><div style><br></div><div style>Best Regards,</div><div style>Paulo V.</div><div style><br></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">2013/3/10 Andrew Latham <span dir="ltr"><<a href="mailto:lathama@gmail.com" target="_blank">lathama@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5">On Sun, Mar 10, 2013 at 11:37 AM, Paulo Victor Fernandes da Silva<br>
<<a href="mailto:paulovictorsilva@gmail.com">paulovictorsilva@gmail.com</a>> wrote:<br>
> hello guys,<br>
><br>
> I'm working on a federal university at Brasil, we already have an openLdap<br>
> with all users and this base is used to authenticate several services like<br>
> email, vpn, wireless (RADIUS), and we have also Shibboleth providing SSO.<br>
><br>
> During my studies of Asterisk, i see a lot of people talking about the<br>
> incapacity of asterisk (more precisely because of SIP) to authenticate<br>
> against a ldap that uses password encrypted for anything other than MD5.<br>
><br>
> I like to know if exist any how to use Asterisk + Ldap (using SSHA and SHA<br>
> passwords). It can be achieved in some how?<br>
><br>
> PS: Sorry for my bad english.<br>
><br>
> Best Regards,<br>
> Paulo V.<br>
<br>
</div></div>Paulo<br>
<br>
I was looking at that code a month or so ago. It should be possible<br>
to update res_config_ldap.c to use SHA instead of MD5 when talking to<br>
the OpenLDAP server. It is also possible, and a good idea. to<br>
maintain a separate password/secret object(MD5/SHA) for Asterisk/PBX<br>
to mitigate any toll fraud. Keep in mind that the password could be<br>
deployed over HTTPS configuration and be a combination of account info<br>
(typically MAC address of UA). Mass deployment is key in such an<br>
infrastructure. Also take the time to catalog the user<br>
devices/software devices that support SHA for direct LDAP directory<br>
look up.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
~ Andrew "lathama" Latham <a href="mailto:lathama@gmail.com">lathama@gmail.com</a> <a href="http://lathama.net" target="_blank">http://lathama.net</a> ~<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</font></span></blockquote></div><br></div>