[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Conversion of DIGEST to LDAP



Its been a while since I looked into it, but I don't think that this is
possible. Using the ldap auxprop plugin for Cyrus SASL, systems such as
Cyrus IMAP can 'proxy' the whole sasl conversation directly to OpenLDAP,
but this is not the case with FreeRADIUS... I asked about this more then
a year ago on the FreeRADIUS list, and it wasn't possible and there
wasn't much interest in implementing that kind of feature.. 

The answer is not to try to authenticate the SIP user to LDAP through
FreeRADIUS, but set up a FreeRADIUS account which has read permissions
on the userPassword attr, and have the FreeRADIUS retrieve such data
from LDAP, and handle all the authentication stuff itself.

On Tue, 2004-26-10 at 14:11 +1300, Keith Hofer wrote:
> I'm using a Network Access Client (which is in itself a SIP Server) that 
> handles DIGEST-MD5 requests to from SIP clients to itself. It then 
> proxies the DIGEST-MD5 requests onto a Radius server (FreeRadius) and I 
> want to pass on the DIGEST-MD5 into an OpenLDAP server to read from my 
> LDAP user database. Therefore accomplishing having one authentication 
> database and not two. Freeradius and OpenLdap are on the same box but I 
> would eventually like to integrate the Freeradius into the LDAP module 
> in Active Dircetory but that is another saga not for now.