[SR-Users] Kamailio LDAP authentication
Olle E. Johansson
oej at edvina.net
Sat Apr 11 10:40:52 CEST 2015
On 10 Apr 2015, at 09:23, Marek Moravcik <marekmoravcik at imafex.sk> wrote:
> I'd like to authenticate Kamailio users in LDAP. But it looks like
> Kamailio need to download password from LDAP and authenticate
> user on it's own. Is there any possibility to send password to LDAP
> and let LDAP to say, if the user can be sign in?
For MD5 Digest challenge-response authentication the cleartext password is needed.
We do not get any cleartext password from the client, so the SIP auth server
needs to calculate a hash based on the nonce (the challenge), the authentication
realm and the secret. This hash is compared with the hash we get from the client.
This is a good reason to run LDAP over TLS.
More information about the sr-users