[389-users] Synching different passwords

John A. Sullivan III jsullivan at opensourcedevel.com
Tue Jun 2 13:18:20 UTC 2009


On Tue, 2009-06-02 at 08:51 -0400, John A. Sullivan III wrote:
> Hello, all.  It think I already know the negative answer to this
> question but is there a way to synchronize different password fields in
> 389?
> 
> As a relative novice at 389 and a real novice at Asterisk, I've been
> dropped into the deep end of building an integrated Asterisk, Kaimalio,
> RTPProxy, FreePBX system using our existing LDAP as a database backend.
> There is a great article on using 389 in RedHat magazine
> (http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/) but the schema introduces a new password attribute.  We'd like to for users to only have to change passwords once, not once for their data and once for the SIP accounts.
> 
> Additionally, for security reasons, users' email addresses (and thus
> their SIP IDs) are different than their internal uids.
> 
> Kamailio looks like it makes this easier in that we can specify a query
> using the email attribute and tell it which password field we want to
> retrieve.  I'm not sure how it will handle the hashing.  I'm more at a
> loss for how to do this in Asterisk.
> 
> In any event, I will ask the Asterisk folks if we can use the existing
> password attribute rather than a specific SIPPassword attribute but, in
> case they say no, is there any way to sync the two password fields other
> than IPA? Thanks - John

Hmm . . . as I read more, this seems to be complicated by the fact that
SIP wants a hash in the form of hash(username:realm:password).  There's
an interesting article on this issue and a solution interposing RADIUS
between LDAP and Asterisk at
http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html for anyone else who is facing such an issue - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society




More information about the 389-users mailing list