[asterisk-bugs] [JIRA] (ASTERISK-23097) Module res_ldap uses cn for peer username regardless of attribute

Rusty Newton (JIRA) noreply at issues.asterisk.org
Mon Jan 27 13:01:04 CST 2014


     [ https://issues.asterisk.org/jira/browse/ASTERISK-23097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rusty Newton updated ASTERISK-23097:
------------------------------------

    Assignee: Rusty Newton  (was: Stephen Mandolare)
      Status: Triage  (was: Waiting for Feedback)
    
> Module res_ldap uses cn for peer username regardless of attribute
> -----------------------------------------------------------------
>
>                 Key: ASTERISK-23097
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23097
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_config_ldap
>    Affects Versions: 11.2.2
>         Environment: Asterisk 11.2-cert3 built by root @ us-ma-pbx1.us.ieptechnologies.com on a i686 running Linux on 2013-12-27 20:33:59 UTC
> Linux us-ma-pbx1.us.ieptechnologies.com 2.6.32-431.1.2.0.1.el6.i686 #1 SMP Fri Dec 13 11:45:23 UTC 2013 i686 i686 i386 GNU/Linux
> CentOS release 6.5 (Final)
>            Reporter: Stephen Mandolare
>            Assignee: Rusty Newton
>         Attachments: myDebugLog, myDebugLog.txt
>
>
> With the following config in res_ldap.conf in conjuction with Active Directory (Global Catalog in my case)
> [_general]
> url=ldap://***.com:3268/
> protocol=3
> basedn=dc=***,dc=com
> user=***
> pass=***
> [sip]
> name=sAMAccountName
> callerid=cn
> auth=sAMAccountName
> regexten=ipPhone
> mailbox=sAMAccountName
> host=astAccountHost
> type=astAccountType
> md5secret=astAccountPassword
> context=astAccountContext
> insecure=astAccountInsecure
> qualify=astQualify
> additionalFilter=(objectClass=user)
> The registration successfully queries the directory with the file name = sAMAccountName, but authentication fails with error:
> [Jan  3 20:27:43] WARNING[31236]: chan_sip.c:16296 check_auth: username mismatch, have <cn>, digest has <sAMAccountName>
> it appears that regardless of attribute mappings, the username of the peer is always set to the LDAP cn. To work around this the Auth Username must be set in the client to the LDAP cn, this works but appears "clunky" to users.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list