[SR-Users] Kamailio LDAP authentication

Olle E. Johansson oej at edvina.net
Sat Apr 11 10:40:52 CEST 2015

On 10 Apr 2015, at 09:23, Marek Moravcik <marekmoravcik at imafex.sk> wrote:

> Hello,
> I'd like to authenticate Kamailio users in LDAP. But it looks like
> Kamailio need to download password from LDAP and authenticate
> user on it's own. Is there any possibility to send password to LDAP
> and let LDAP to say, if the user can be sign in?

For MD5 Digest challenge-response authentication the cleartext password is needed.
We do not get any cleartext password from the client, so the SIP auth server
needs to calculate a hash based on the nonce (the challenge), the authentication
realm and the secret. This hash is compared with the hash we get from the client.

This is a good reason to run LDAP over TLS.


More information about the sr-users mailing list