[asterisk-users] Asterisk and LDAP
linus.luessing at web.de
Wed Jun 18 16:06:53 CDT 2014
I'm trying to get Asterisk running with LDAP to be able to
authenticate sip user registrations. I'm using Asterisk
(184.108.40.206~dfsg1-3+deb7u3) on a Debian server.
Unfortunately I wasn't successful so far.
My res_ldap.conf looks like this (so pretty minimal):
name = uid
I've also added "alwaysauthreject=no" to sip.conf/[general]
to easily check whether it's the user or password the LDAP
The LDAP connection seems to work, there are packets going back
and forth. Nevertheless I get a:
"handle_request_register: Registration from
'<sip:tux at chaotikum.org>' failed for '220.127.116.11:5060' - No
matching peer found"
Here's a tcpdump of the LDAP communication:
So it seems like it is able to get the user "tux" successfully. At
least on second try.
Does anybody know why there are two requests anway? Also, what
might be my issue of this user not being registered?
Also, I've read about schema files for ldap. Is it mandatory to
change things on the LDAP server to get Asterisk to work with
LDAP? Or is it enough to simply have the right variable mappings?
Thirdly, is it possible to authorize against an LDAP server
without exposing the (hashed) user password to the requesting LDAP
client / asterisk server? This article made me wonder whether this
might not that easily possible with LDAP due to the nature of the
SIP protocol (i.e. it's challenge-response handshake) and that
I'd need to use RADIUS instead:
More information about the asterisk-users