On Tue, 2009-06-02 at 08:51 -0400, John A. Sullivan III wrote: > Hello, all. It think I already know the negative answer to this > question but is there a way to synchronize different password fields in > 389? > > As a relative novice at 389 and a real novice at Asterisk, I've been > dropped into the deep end of building an integrated Asterisk, Kaimalio, > RTPProxy, FreePBX system using our existing LDAP as a database backend. > There is a great article on using 389 in RedHat magazine > (http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/) but the schema introduces a new password attribute. We'd like to for users to only have to change passwords once, not once for their data and once for the SIP accounts. > > Additionally, for security reasons, users' email addresses (and thus > their SIP IDs) are different than their internal uids. > > Kamailio looks like it makes this easier in that we can specify a query > using the email attribute and tell it which password field we want to > retrieve. I'm not sure how it will handle the hashing. I'm more at a > loss for how to do this in Asterisk. > > In any event, I will ask the Asterisk folks if we can use the existing > password attribute rather than a specific SIPPassword attribute but, in > case they say no, is there any way to sync the two password fields other > than IPA? Thanks - John Hmm . . . as I read more, this seems to be complicated by the fact that SIP wants a hash in the form of hash(username:realm:password). There's an interesting article on this issue and a solution interposing RADIUS between LDAP and Asterisk at http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html for anyone else who is facing such an issue - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
