<html>
<head>
<style type="text/css">
<!--
body { margin-bottom: 1px; font-variant: normal; margin-left: 4px; margin-top: 4px; line-height: normal; margin-right: 4px }
p { margin-bottom: 0; margin-top: 0 }
-->
</style>
</head>
<body>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">Hi, All:</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">I'm starting to jump into the Asterisk world and try to figure out a VoIP solution for my company. I stumbled across the VoiceRD company/project, which is supposed to integrate Asterisk into Novell eDirectory (via LDAP). Unfortunately the project is in its very early stages, and it just doesn't work that well. I'm sure that will change as time goes on, but I'm not feeling real patient right now :-).</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">I'm using Asterisk (1.2.12) with the LDAP Realtime driver (res_config_ldap.so), and I'm experiencing a few problems that I could really use some help solving.</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">First of all, I'd like to configure Asterisk to talk to my LDAP servers securely. This is especially critical if I'm going to have to bind as something other than an anonymous bind (not just for my sake, but the eDirectory servers require confidentiality by default - and I don't want to change that). When I try to set the port to 636 in the res_ldap.conf file, I get bind errors ("Can't contact server..."). I imagine this is an issue with certificates and trust, but I'm not exactly sure where I need to put my CA certificate in order to make the ldap module happy. I have my global ldap.conf file (/etc/openldap/ldap.conf) set up to not require certificate checking, but this doesn't seem to make a difference with the res_config_ldap module. Anyone have any tips to help me figure out what's going on here?</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">My second issue (that I've identified so far, anyway) is with the actual searches that LDAP does. I can get around the problem above my removing the username and password so that Asterisk binds anonymously on the insecure port (389). I set up the parts of the LDAP tree that Asterisk needs access to so that Anonymous binds can see all attributes (I know this isn't safe in a production environment, and that's not how I plan to do it in production, it was simply a temporary measure to see if I could actually get anything out of the LDAP tree). The module binds successfully and does some searches of the tree. Unfortunately, I can't tell my looking at any of the log files for asterisk whether or not it actually pulls any data out of the tree. The log files don't seem to list results for LDAP lookups (I've got full debugging turned on, so everyth!
ing should be getting logged), so it's hard to tell what the LDAP server returned. I've tried to use tcpdump to see this data, but tcpdump doesn't grab the full packet, it truncates it at a certain point, so I can't see the data. Also, Asterisk seems to only query the .conf file entries from extconfig.conf and not the other entries (sipusers, extensions, etc.).</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">Here's my extconfig.conf file (I did patch Asterisk to recognize the quotation marks for this file):</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">[settings]</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">;voicemail => ldap,"o=SEAKR",voicemail</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">voicemail => ldap,"ou=People,o=SEAKR",voicemail</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">;realtime_ext => ldap,"o=SEAKR",extensions</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">realtime_ext => ldap,"ou=Extensions,ou=VoIP,ou=Servers,o=SEAKR",extensions</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">voicemail.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">;voicemail.conf => ldap,"o=SEAKR",config</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">meetme.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">;meetme.conf => ldap,"o=SEAKR",config</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">sip.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">;sip.conf => ldap,"o=SEAKR",config</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">extensions.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">;extensions.conf => ldap,o=SEAKR,config</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">sipusers => ldap,"ou=People,o=SEAKR",sip</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">sippeers => ldap,"ou=People,o=SEAKR",sip</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">;sipfriends => ldap,o=SEAKR,sip</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">and here's the first part of the res_ldap.conf file (the rest of it identifies the attributes for each of the configuration "tables"):</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">[_general]</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">dbhost=my.ldap.host ; LDAP host(s)</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">dbport=636</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">dbbasedn=o=SEAKR ; Base DN</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">dbpass=SUPERSECRETWORD ; Bind password</font> </p>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">dbuser=cn=MYADMIN,ou=People,o=SEAKR ; Bind DN</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">Please let me know if you need any further information. I have updated my LDAP schema with the schema for the LDAP realtime driver (so that is has all the oxy attributes plus a few VoiceRD attributes from the VoiceRD vendor). I've verified that I can do both anonymous binds and authenticated binds from the server command line (using ldapsearch) and that the anonymous binds return the attributes from the server that Asterisk needs to see.</font> </p>
<br>
<p style="margin-bottom: 0; margin-top: 0">
<font size="2" face="Dialog">Thanks,</font> </p>
<br>Nick Couchman<BR>Systems Integrator<BR>SEAKR Engineering, Inc.<BR>6221 South Racine Circle<BR>Centennial, CO 80111<BR>Main: (303) 790-8499<BR>Fax: (303) 790-8720<BR>Web: <a href="http://www.seakr.com">http://www.seakr.com</a><BR><BR><br><br></body>
</html>