[asterisk-users] Integrating Asterisk with LDAP Realtime

Nick Couchman Nick.Couchman at seakr.com
Sat Sep 23 15:00:59 MST 2006 

(Got a quarantine notice on the first one, so I'm resending - sorry if
this ends up a duplicate...)
 
I'll give strace a try on Monday and see if I can figure that out.  In
any case, that's not a huge deal right now - I can bind anonymously for
now and get the information out, and I'm not terribly concerned about
support LDAP writes from Asterisk - I'd just like to get the
configuration read out of LDAP for now.
 
I figured out the issue with nothing getting pulled from LDAP - it
seems that if you apply the quotation mark patch for external
configuration resources (so that you can put "ou=People,o=myorg" in the
extconfig.conf file) that you have to have the quotes for the LDAP
search to succeed.  As soon as I put the quotes in, it started working
and it is at least partially reading my configuration out of the LDAP
tree.
 
I'm still having a couple issues, though - first, my .conf files get
read out of LDAP, but the "realtime_ext" and "voicemail" tables don't
get pulled from LDAP.  I don't know if I need a parameter somewhere else
in my other LDAP configuration stuff that tells Asterisk to try to load
these items from extconfig, but I don't even seen an LDAP searches for
this stuff when I use tcpdump to trace the TCP/IP traffic.  Also,
sipusers and sippeers doesn't seem to get read from the LDAP tree.
 
Another question - with the LDAPRealtime plugin, when a user
authenticates, does it use the existing user password or is it stored in
another password field?  I've seen some references to a "realmPassword"
field or something similar.  Is it possible to have Asterisk try to bind
to LDAP as the user that's trying to log in instead of having to grant
read or compare access to a password field?
 
Thanks,
 
Nick Couchman
Systems Integrator
SEAKR Engineering, Inc.
6221 South Racine Circle
Centennial, CO 80111
Main: (303) 790-8499
Fax: (303) 790-8720
Web: http://www.seakr.com


>>> On 2006/09/22 at 11:36:38, Nick Burch <nick at torchbox.com> wrote:
On Fri, 22 Sep 2006, Nick Couchman wrote:
>> Probably wherever openssl looks for them. Try /etc/pki/tls/certs/,
>> /etc/ssl/certs/ or /usr/share/ssl/certs/, depending on your distro.
You'll
>> also need to symlink the certificate to its hash, check the openssl
docs
>> if you haven't done this before.
>
> I've just finished trying this and I still get an error when Asterisk

> tries to connect.  I have a couple other things I need to try (I need
to 
> try to adjust my CA a little bit), but if anyone else has other 
> suggestions for me, I'd appreciate it.

Try strace? You might be able to see the real place it tries for the 
certificates, and what the real errors are

>> Even better, use wireshark (the new name for ethereal). It'll do a
very
>> nice job (I tend to find better than tcpdump) at showing you the
contents
>> of you ldap queries and responses.
>
> I was using ethereal to interpret the data, but my servers don't have
X 
> on them so it's hard to run Ethereal or Wireshark directly on the 
> server.  So, I use tcpdump to capture to a file, then copy to my 
> workstation and use Ethereal to open it.

Make sure you use tcpdump with "-s 0" then

Nick

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060923/df14f131/attachment-0001.htm

More information about the asterisk-users mailing list