[asterisk-users] Integrating Asterisk with LDAP Realtime

Nick Couchman Nick.Couchman at seakr.com
Thu Sep 21 14:45:22 MST 2006 

Hi, All: 
I'm starting to jump into the Asterisk world and try to figure out a
VoIP solution for my company.  I stumbled across the VoiceRD
company/project, which is supposed to integrate Asterisk into Novell
eDirectory (via LDAP).  Unfortunately the project is in its very early
stages, and it just doesn't work that well.  I'm sure that will change
as time goes on, but I'm not feeling real patient right now :-). 

I'm using Asterisk (1.2.12) with the LDAP Realtime driver
(res_config_ldap.so), and I'm experiencing a few problems that I could
really use some help solving. 

First of all, I'd like to configure Asterisk to talk to my LDAP servers
securely.  This is especially critical if I'm going to have to bind as
something other than an anonymous bind (not just for my sake, but the
eDirectory servers require confidentiality by default - and I don't want
to change that).  When I try to set the port to 636 in the res_ldap.conf
file, I get bind errors ("Can't contact server...").  I imagine this is
an issue with certificates and trust, but I'm not exactly sure where I
need to put my CA certificate in order to make the ldap module happy.  I
have my global ldap.conf file (/etc/openldap/ldap.conf) set up to not
require certificate checking, but this doesn't seem to make a difference
with the res_config_ldap module.  Anyone have any tips to help me figure
out what's going on here? 

My second issue (that I've identified so far, anyway) is with the actual
searches that LDAP does.  I can get around the problem above my removing
the username and password so that Asterisk binds anonymously on the
insecure port (389).  I set up the parts of the LDAP tree that Asterisk
needs access to so that Anonymous binds can see all attributes (I know
this isn't safe in a production environment, and that's not how I plan
to do it in production, it was simply a temporary measure to see if I
could actually get anything out of the LDAP tree).  The module binds
successfully and does some searches of the tree.  Unfortunately, I can't
tell my looking at any of the log files for asterisk whether or not it
actually pulls any data out of the tree.  The log files don't seem to
list results for LDAP lookups (I've got full debugging turned on, so
everything should be getting logged), so it's hard to tell what the LDAP
server returned.  I've tried to use tcpdump to see this data, but
tcpdump doesn't grab the full packet, it truncates it at a certain
point, so I can't see the data.  Also, Asterisk seems to only query the
.conf file entries from extconfig.conf and not the other entries
(sipusers, extensions, etc.). 

Here's my extconfig.conf file (I did patch Asterisk to recognize the
quotation marks for this file): 
[settings] 
;voicemail => ldap,"o=SEAKR",voicemail 
voicemail => ldap,"ou=People,o=SEAKR",voicemail 
;realtime_ext => ldap,"o=SEAKR",extensions 
realtime_ext =>
ldap,"ou=Extensions,ou=VoIP,ou=Servers,o=SEAKR",extensions 
voicemail.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config 
;voicemail.conf => ldap,"o=SEAKR",config 
meetme.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config 
;meetme.conf => ldap,"o=SEAKR",config 
sip.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config 
;sip.conf => ldap,"o=SEAKR",config 
extensions.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config 
;extensions.conf => ldap,o=SEAKR,config 
sipusers => ldap,"ou=People,o=SEAKR",sip 
sippeers => ldap,"ou=People,o=SEAKR",sip 
;sipfriends => ldap,o=SEAKR,sip 

and here's the first part of the res_ldap.conf file (the rest of it
identifies the attributes for each of the configuration "tables"): 
[_general] 
dbhost=my.ldap.host                 ; LDAP host(s) 
dbport=636 
dbbasedn=o=SEAKR                                        ; Base DN 
dbpass=SUPERSECRETWORD                                 ; Bind password 
dbuser=cn=MYADMIN,ou=People,o=SEAKR ; Bind DN 

Please let me know if you need any further information.  I have updated
my LDAP schema with the schema for the LDAP realtime driver (so that is
has all the oxy attributes plus a few VoiceRD attributes from the
VoiceRD vendor).  I've verified that I can do both anonymous binds and
authenticated binds from the server command line (using ldapsearch) and
that the anonymous binds return the attributes from the server that
Asterisk needs to see. 

Thanks, 
Nick Couchman
Systems Integrator
SEAKR Engineering, Inc.
6221 South Racine Circle
Centennial, CO 80111
Main: (303) 790-8499
Fax: (303) 790-8720
Web: http://www.seakr.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060921/8620e5a7/attachment.htm

More information about the asterisk-users mailing list