Retrieving Information from Active Directory
The Oracle Enterprise Communications Broker performs SIP Digest authentication against users attempting to register. It can use pre-configured information from Active Directory to perform such authentication. Access to Active Directory uses standard LDAP processes to retrieve the information needed and to offload the processing from other resources to the Oracle Enterprise Communications Broker.
The Oracle Enterprise Communications Broker can obtain registration authentication information directly from Active Directory when you modify the Active Directory schema to include the Oracle-specific attributes and object classes that the Oracle Enterprise Communications Broker needs to authenticate users..
The Oracle Enterprise Communications Broker operates by issuing LDAP requests from Active Directory for data from "password" attributes, using Active Directory's standard sAMAccountName to match the Request URI username to create new attributes in Active Directory. One of these attributes must be populated with the digest realm. A Dynamic Link Library (DLL) installed on Active Directory intercepts the password change hashes and writes them to another attribute. The DLL then creates a hash of the username, digest realm, and password hash to be returned to the Oracle Enterprise Communications Broker within the LDAP response. The Oracle Enterprise Communications Broker extracts the password hash, compares it to the hash provided by way of SIP digest, authenticates, and registers the user when there is a match.
- orclDigestRealmAttribute—Populated with digest realm.
- orclDigestPwdAttribute—Populated with hash of Active Directory password during each password change.
- orclAgentNameAttribute—Populated with user's agent for the purpose of routing. See Active Directory and Oracle ECB Routing in this document to understand how the Oracle Enterprise Communications Broker uses this attribute.
Oracle can provide the oidpwdcn.dll, scripts to create the needed attributes, scripts to populate the digest realm attribute, and a README.TXT with instructions on how to perform all procedures. Appendix C provides instruction on getting this methodology operational.
