[asterisk-bugs] [JIRA] (ASTERISK-23097) Module res_ldap uses cn for peer username regardless of attribute

Sean Bright (JIRA) noreply at issues.asterisk.org
Fri Feb 17 09:10:10 CST 2017 

     [ https://issues.asterisk.org/jira/browse/ASTERISK-23097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean Bright updated ASTERISK-23097:
-----------------------------------

    Assignee: Stephen Mandolare
      Status: Waiting for Feedback  (was: Open)

This is working fine for me with Asterisk 13 git. Can you try with the latest Asterisk 13 release and let us know if the problem persists? If so, please upload a fresh batch of debug logs for us to review.

> Module res_ldap uses cn for peer username regardless of attribute
> -----------------------------------------------------------------
>
>                 Key: ASTERISK-23097
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23097
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_config_ldap
>    Affects Versions: 11.2.2
>         Environment: Asterisk 11.2-cert3 built by root @ us-ma-pbx1.us.ieptechnologies.com on a i686 running Linux on 2013-12-27 20:33:59 UTC
> Linux us-ma-pbx1.us.ieptechnologies.com 2.6.32-431.1.2.0.1.el6.i686 #1 SMP Fri Dec 13 11:45:23 UTC 2013 i686 i686 i386 GNU/Linux
> CentOS release 6.5 (Final)
>            Reporter: Stephen Mandolare
>            Assignee: Stephen Mandolare
>         Attachments: myDebugLog, myDebugLog.txt
>
>
> With the following config in res_ldap.conf in conjuction with Active Directory (Global Catalog in my case)
> [_general]
> url=ldap://***.com:3268/
> protocol=3
> basedn=dc=***,dc=com
> user=***
> pass=***
> [sip]
> name=sAMAccountName
> callerid=cn
> auth=sAMAccountName
> regexten=ipPhone
> mailbox=sAMAccountName
> host=astAccountHost
> type=astAccountType
> md5secret=astAccountPassword
> context=astAccountContext
> insecure=astAccountInsecure
> qualify=astQualify
> additionalFilter=(objectClass=user)
> The registration successfully queries the directory with the file name = sAMAccountName, but authentication fails with error:
> [Jan  3 20:27:43] WARNING[31236]: chan_sip.c:16296 check_auth: username mismatch, have <cn>, digest has <sAMAccountName>
> it appears that regardless of attribute mappings, the username of the peer is always set to the LDAP cn.
> *Workaround:*
> To work around this the Auth Username must be set in the client to the LDAP cn, this works but appears "clunky" to users.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list