[asterisk-users] Asterisk authentication on LDAP (SSHA and SHA passwords)

Paulo Victor Fernandes da Silva paulovictorsilva at gmail.com
Sun Mar 10 17:58:02 CDT 2013


Andrew, thx for answer,

In my case, re-coding is not an option. Sadly we have no personal to take
such work, in the future, perhaps. We already have a fully functional PBX
from Alcatel, i want use Asterisk to provide VOIP only for softphones.
(license price for Alcatel softphones kills my budget!)

The general idea is to provide a softphone to my users, no matter where he
is, they will use the same username and password they already have (from
LDAP), at the moment the user log in, he are capable of to do calls
throught my Alcatel PBX (we've bought the interface to do the
interconection).

Someone knows any other alternatives to Asterisk to do it so?

Best Regards,
Paulo V.



2013/3/10 Andrew Latham <lathama at gmail.com>

> On Sun, Mar 10, 2013 at 11:37 AM, Paulo Victor Fernandes da Silva
> <paulovictorsilva at gmail.com> wrote:
> > hello guys,
> >
> >   I'm working on a federal university at Brasil, we already have an
> openLdap
> > with all users and this base is used to authenticate several services
> like
> > email, vpn, wireless (RADIUS), and we have also Shibboleth providing SSO.
> >
> >  During my studies of Asterisk, i see a lot of people talking about the
> > incapacity of asterisk (more precisely because of SIP) to authenticate
> > against a ldap that uses password encrypted for anything other than MD5.
> >
> >  I like to know if exist any how to use Asterisk + Ldap (using SSHA and
> SHA
> > passwords). It can be achieved in some how?
> >
> > PS: Sorry for my bad english.
> >
> > Best Regards,
> > Paulo V.
>
> Paulo
>
> I was looking at that code a month or so ago.  It should be possible
> to update res_config_ldap.c to use SHA instead of MD5 when talking to
> the OpenLDAP server.  It is also possible, and a good idea. to
> maintain a separate password/secret object(MD5/SHA) for Asterisk/PBX
> to mitigate any toll fraud.  Keep in mind that the password could be
> deployed over HTTPS configuration and be a combination of account info
> (typically MAC address of UA).  Mass deployment is key in such an
> infrastructure.  Also take the time to catalog the user
> devices/software devices that support SHA for direct LDAP directory
> look up.
>
> --
> ~ Andrew "lathama" Latham lathama at gmail.com http://lathama.net ~
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20130310/1ff2e483/attachment.htm>


More information about the asterisk-users mailing list