On Tue, 2009-06-02 at 08:51 -0400, John A. Sullivan III wrote:
Hello, all. It think I already know the negative answer to this
question but is there a way to synchronize different password fields in
389?
As a relative novice at 389 and a real novice at Asterisk, I've been
dropped into the deep end of building an integrated Asterisk, Kaimalio,
RTPProxy, FreePBX system using our existing LDAP as a database backend.
There is a great article on using 389 in RedHat magazine
(
http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-base...)
but the schema introduces a new password attribute. We'd like to for users to only
have to change passwords once, not once for their data and once for the SIP accounts.
Additionally, for security reasons, users' email addresses (and thus
their SIP IDs) are different than their internal uids.
Kamailio looks like it makes this easier in that we can specify a query
using the email attribute and tell it which password field we want to
retrieve. I'm not sure how it will handle the hashing. I'm more at a
loss for how to do this in Asterisk.
In any event, I will ask the Asterisk folks if we can use the existing
password attribute rather than a specific SIPPassword attribute but, in
case they say no, is there any way to sync the two password fields other
than IPA? Thanks - John
Hmm . . . as I read more, this seems to be complicated by the fact that
SIP wants a hash in the form of hash(username:realm:password). There's
an interesting article on this issue and a solution interposing RADIUS
between LDAP and Asterisk at
http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_extern...
for anyone else who is facing such an issue - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan(a)opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society