[asterisk-bugs] [JIRA] (ASTERISK-23097) Module res_ldap uses cn for peer username regardless of attribute

Stephen Mandolare (JIRA) noreply at issues.asterisk.org
Fri Jan 3 19:33:03 CST 2014 

Stephen Mandolare created ASTERISK-23097:
--------------------------------------------

             Summary: Module res_ldap uses cn for peer username regardless of attribute
                 Key: ASTERISK-23097
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23097
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Resources/res_config_ldap
    Affects Versions: 11.2.2
         Environment: Asterisk 11.2-cert3 built by root @ us-ma-pbx1.us.ieptechnologies.com on a i686 running Linux on 2013-12-27 20:33:59 UTC

Linux us-ma-pbx1.us.ieptechnologies.com 2.6.32-431.1.2.0.1.el6.i686 #1 SMP Fri Dec 13 11:45:23 UTC 2013 i686 i686 i386 GNU/Linux

CentOS release 6.5 (Final)
            Reporter: Stephen Mandolare


With the following config in res_ldap.conf in conjuction with Active Directory (Global Catalog in my case)

[_general]
url=ldap://***.com:3268/
protocol=3
basedn=dc=***,dc=com
user=***
pass=***

[sip]
name=sAMAccountName
callerid=cn
auth=sAMAccountName
regexten=ipPhone
mailbox=sAMAccountName
host=astAccountHost
type=astAccountType
md5secret=astAccountPassword
context=astAccountContext
insecure=astAccountInsecure
qualify=astQualify
additionalFilter=(objectClass=user)

The registration successfully queries the directory with the file name = sAMAccountName, but authentication fails with error:

[Jan  3 20:27:43] WARNING[31236]: chan_sip.c:16296 check_auth: username mismatch, have <cn>, digest has <sAMAccountName>

it appears that regardless of attribute mappings, the username of the peer is always set to the LDAP cn. To work around this the Auth Username must be set in the client to the LDAP cn, this works but appears "clunky" to users.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list