[Serusers] LDAP with SIP digest HTTP authentication
jan at iptel.org
Mon Feb 23 10:59:54 CET 2004
The best solution would be to have the LDAP server do the authentication
for you. You just get the digest credentials from the message, send them
to the LDAP server and the LDAP server will tell you if the user is
authenticated or not. That's how radius authentication works in ser, for
The question is if there is any LDAP implementation that can do this (I
am not aware of any such).
Alternatively you can store HA1 in the LDAP server, fetch the string
from the LDAP server and do the authentication in ser. Note that HA1
string is not stronger than plaintext password.
On 22-02 00:28, GUSTAVO GARCIA BERNARDO wrote:
> I'm trying to develop a solution for LDAP authentication in SER, but i have a question. With digest HTTP authentication (RFC 2617) the SIP server doesn't have the plain password, it has a hash of user:realm:password (H(A1)). How could a sip server authenticate the users using a standard LDAP database with this information?
> Somebody knows a solution for this?
> My ideas are to use HTTP basic authentication (not standard with SIP) or store H(A1) in LDAP (not standard in LDAP, you need to modify the stored information). I think both are bad solutions.
> Thank you very much.
> Serusers mailing list
> serusers at lists.iptel.org
More information about the sr-users