[asterisk-users] Authenticating SIP user in LDAP database instead of SIP.conf file

Abhishek M S abhishek.suhas at gmail.com
Fri Aug 24 04:37:55 CDT 2007 

Dear All,
Am happy to say that I've successfully been able to register a SIP user from
a soft phone terminal via LDAP. The biggest hurdle that I had to overcome
was the  LDAP-Asterisk schema.  The schema example given in the astirectory
installation document is incomplete.
Here's are a few pointers in this regard:

The attributes have to be defined in the following way. Also tab spaces
should be avoided.

dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.23935.5.4.1
                NAME 'astUsername'
                DESC ''
                SUP name
                EQUALITY caseIgnoreMatch
                SUBSTR caseIgnoreSubstringsMatch
                SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
NAME should be the same as objectIdentifier

 DESC should be the description of the attribute

 EQUALITY is the rule to use when doing a search/compare for an
  attribute value.

 SUBSTR is the rule to use when doing a substring search (*foo*)

 SYNTAX is the syntax (i.e., type) of the attribute. We should
 probably stick to syntaxes:

       1.3.6.1.4.1.1466.115.121.1.15   -> directoryString (UTF-8 string)
       1.3.6.1.4.1.1466.115.121.1.26   -> IA5String (ASCII String)
       1.3.6.1.4.1.1466.115.121.1.27   -> integer (Integer value)

The object class has to be always defined as AUXILLARY and never ABSTRACT.

dn: cn=schema
changetype: modify
add: objectclasses
objectClasses: ( 1.3.6.1.4.1.23935.5.5.1
        NAME 'astSipGeneric'
        DESC ''
        SUP top AUXILIARY
                    MUST ( astContext )
                    MAY ( astSecret $ astPermit $ astDeny $ astMd5Secret $
astDtmfmode $ astCanreinvite $ astNat $ astCallgroup $ astPickupgroup $
astAllow $ astDisallow $ astInsecure $ astTrustrpid $ astProgressinband $
astPromiscredir $ astRegseconds $ astname $ astLanguage ) )

Best Regards
Abhishek



On 8/16/07, Anthony Francis <anthonyf at rockynet.com> wrote:
>
> You will need to extend your schema to include all of the attributes
> that can be used in sip.conf plus the extra ones that allow realtime to
> store connection information. Please refer to the realtime info at
> voipinfo.org to get a feel for what your schema should look like.
>
> Anthony
>
> Abhishek M S wrote:
> > Dear all,
> >  May I first introduce myself. I'm a student of HAW Hamburg University
> > currently working for my professor on a VOIP project.  We have a
> > Debian Linux system (server) on which Asterisk 1.2.6 has been
> > successfully installed and running. Also the asterisk SIP server has
> > been connected to the PSTN so users could make calls externally. We
> > use Xlite softphone to make calls between users in the network.
> > Currently there are very few users and I have been able to register
> > them in the in *sip.conf *file and declare extensions in the
> > *extensions.conf *file.
> >    Now there is a requirement to assign extensions to all students in
> > the university(over thousand) whose credentials and information is
> > stored in the Novel based LDAP database. Moving along I've managed to
> > successfully install astirectory which is a real time database driver
> > that allows to fetch configuration data from LDAP directories. Have
> > also installed the LDAPget module that can lookup data in the LDAP
> > directory. I'm looking for SIP attributes on LDAP  or an LDAP schema
> > that would facilitate astirectory or LDAPget to retrieve the username,
> > telephone number and password from the LDAP database to register the
> > soft phone user.  I'd be extremely grateful for any help or suggestion
> > in this connection.
> > Thanks in advance,
> > Abhishek
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > --Bandwidth and Colocation Provided by http://www.api-digital.com--
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070824/c76f585d/attachment.htm

More information about the asterisk-users mailing list