[asterisk-bugs] [JIRA] (ASTERISK-23097) Module res_ldap uses cn for peer username regardless of attribute

Rusty Newton (JIRA) noreply at issues.asterisk.org
Tue Jan 7 17:53:03 CST 2014 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-23097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rusty Newton updated ASTERISK-23097:
------------------------------------

    Assignee: Stephen Mandolare
      Status: Waiting for Feedback  (was: Triage)

@Stephen, can you attach a debug log following the instructions here: https://wiki.asterisk.org/wiki/display/AST/Collecting+Debug+Information

Along with making sure it has DEBUG messages, make sure "sip set debug on" is enabled so we can see the registration and the relevant messages.
                
> Module res_ldap uses cn for peer username regardless of attribute
> -----------------------------------------------------------------
>
>                 Key: ASTERISK-23097
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23097
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_config_ldap
>    Affects Versions: 11.2.2
>         Environment: Asterisk 11.2-cert3 built by root @ us-ma-pbx1.us.ieptechnologies.com on a i686 running Linux on 2013-12-27 20:33:59 UTC
> Linux us-ma-pbx1.us.ieptechnologies.com 2.6.32-431.1.2.0.1.el6.i686 #1 SMP Fri Dec 13 11:45:23 UTC 2013 i686 i686 i386 GNU/Linux
> CentOS release 6.5 (Final)
>            Reporter: Stephen Mandolare
>            Assignee: Stephen Mandolare
>
> With the following config in res_ldap.conf in conjuction with Active Directory (Global Catalog in my case)
> [_general]
> url=ldap://***.com:3268/
> protocol=3
> basedn=dc=***,dc=com
> user=***
> pass=***
> [sip]
> name=sAMAccountName
> callerid=cn
> auth=sAMAccountName
> regexten=ipPhone
> mailbox=sAMAccountName
> host=astAccountHost
> type=astAccountType
> md5secret=astAccountPassword
> context=astAccountContext
> insecure=astAccountInsecure
> qualify=astQualify
> additionalFilter=(objectClass=user)
> The registration successfully queries the directory with the file name = sAMAccountName, but authentication fails with error:
> [Jan  3 20:27:43] WARNING[31236]: chan_sip.c:16296 check_auth: username mismatch, have <cn>, digest has <sAMAccountName>
> it appears that regardless of attribute mappings, the username of the peer is always set to the LDAP cn. To work around this the Auth Username must be set in the client to the LDAP cn, this works but appears "clunky" to users.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list