[asterisk-bugs] [Asterisk 0013861]: ERROR[23999]: res_config_ldap.c:1292 update_ldap: Couldn't modify ... Undefined attribute type
Asterisk Bug Tracker
noreply at bugs.digium.com
Sun Jan 11 10:38:29 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=13861
======================================================================
Reported By: scramatte
Assigned To: blitzrage
======================================================================
Project: Asterisk
Issue ID: 13861
Category: Resources/res_config_ldap
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: acknowledged
Asterisk Version: 1.6.0.1
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2008-11-07 11:24 CST
Last Modified: 2009-01-11 10:38 CST
======================================================================
Summary: ERROR[23999]: res_config_ldap.c:1292 update_ldap:
Couldn't modify ... Undefined attribute type
Description:
my Asterisk return me this error on SIP register :
ERROR[23999]: res_config_ldap.c:1292 update_ldap: Couldn't modify
dn:cn=200,ou=Telephony,dc=example,dc=com because Undefined attribute type
In spite of this message I can call and receive calls.
I haven't got more details ...
I've run Asterisk with -vvvvvvvvvvvvvvvvgc
======================================================================
----------------------------------------------------------------------
(0097446) jcovert (reporter) - 2009-01-11 10:38
http://bugs.digium.com/view.php?id=13861#c97446
----------------------------------------------------------------------
(Jump right to the bottom; I may have noticed your problem, but the info
below should be useful for other debugging.)
Let's see what you actually have in LDAP for a few users:
ldapsearch -x -h your.server -b 'dc=<your-domain>,dc=<your-TLD>'
'(cn=<user>)'
Depending on how you have your security set up, you might also need to
specify -D '<exactly-what-you-have-after-user=-in-res_ldap.conf>' -w
<password>
My security setup at the moment (because I'm just testing) is:
access to attrs=AstAccountSecret,AstAccountRealmedPassword
by anonymous auth
by dn.base="<user-in-res_ldap.conf>" write
by * none
access to dn.subtree="ou=sippeers,dc=covert,dc=org"
by dn.base="<user-in-res_ldap.conf>" write
by * read
I would probably not give the world read access in production.
The result I currently get for a not-logged-in user is:
# <user>, sippeers, <my-domain>.<my-TLD>
dn: cn=<user>,ou=sippeers,dc=<my-domain>,dc=<my-TLD>
objectClass: AsteriskSIPUser
cn: <user>
AstAccountCallerID: The Username <2001>
AstAccountHost: dynamic
AstAccountContext: <the-context>
AstAccountIPAddress: 0.0.0.0
AstAccountPort: 0
AstAccountExpirationTimestamp: 1231610206
AstAccountDefaultUser: <user>
I initially created this with just the fields shown in Note 0097430 above.
We don't see the secret in the ldapsearch output because I did the
ldapsearch without the "-D" and "-w", and the additional fields not there
in the initial creation (0097430) are the ones added/updated by
registration and de-registration.
And after writing all of this, I noticed that you didn't mention changing
"name=uid" to "name=cn" which is part of the patch. And I'll bet that some
of your peers are only in objectClass: AsteriskSIPUser (which is all that
should be required for anything that Asterisk does), but others are also in
some other objectClass, like maybe "top". The output before you make any
changes would still be instructive. You can get all of the users that
asterisk will see by saying '(objectClass=AsteriskSIPUser)' instead of
'(cn=<user>)'.
Issue History
Date Modified Username Field Change
======================================================================
2009-01-11 10:38 jcovert Note Added: 0097446
======================================================================
More information about the asterisk-bugs
mailing list