
<html>

<head>

    <base href="https://wiki.asterisk.org/wiki">

            <link rel="stylesheet" href="/wiki/s/en/2176/25/9/_/styles/combined.css?spaceKey=AST&amp;forWysiwyg=true" type="text/css">

    </head>

<body style="background: white;" bgcolor="white" class="email-body">

<div id="pageContent">

<div id="notificationFormat">

<div class="wiki-content">

<div class="email">

    <h2><a href="https://wiki.asterisk.org/wiki/display/AST/LDAP+Realtime+Driver">LDAP Realtime Driver</a></h2>

    <h4>Page <b>edited</b> by             <a href="https://wiki.asterisk.org/wiki/display/~lathama">Andrew Latham</a>

    </h4>

        <div id="versionComment">

        <b>Comment:</b>

        Note the various methods of secret authentication possible.<br />

    </div>

        <br/>

                         <h4>Changes (2)</h4>

                                 
<div id="page-diffs">

                    <table class="diff" cellpadding="0" cellspacing="0">

    
            <tr><td class="diff-snipped" >...<br></td></tr>

            <tr><td class="diff-unchanged" > <br>When creating your own record schema, you&#39;ll obviously want to incorporate authentication. Asterisk + LDAP requires that the user secrets be stored as an MD5 hash. MD5 hashes can be created using &#39;md5sum&#39;. <br></td></tr>

            <tr><td class="diff-added-lines" style="background-color: #dfd;"> <br>For AstAccountRealmedPassword authentication use this. <br></td></tr>

            <tr><td class="diff-unchanged" >{code} <br>echo &quot;&lt;secret composed of username, realm, and password goes here&gt;&quot; | md5sum <br>{code} <br></td></tr>

            <tr><td class="diff-added-lines" style="background-color: #dfd;"> <br>For AstMD5secret authentication use this. <br>{code} <br>echo &quot;password&quot; | md5sum <br>{code} <br></td></tr>

    
            </table>

    </div>                            <h4>Full Content</h4>

                    <div class="notificationGreySide">

        <h1><a name="LDAPRealtimeDriver-AsteriskRealtimeLightweightDirectoryAccessProtocol%28LDAP%29Driver"></a>Asterisk Realtime Lightweight Directory Access Protocol (LDAP) Driver</h1>


<p>With this driver Asterisk can retrieve information from an LDAP directory service, including  SIP/IAX2 users, extensions and configuration. This guide assumes you have a working knowledge of LDAP and have an LDAP server with authentication already setup.</p>


<p>See <a href="http://svn.asterisk.org/svn/asterisk/trunk/configs/res_ldap.conf.sample" class="external-link" rel="nofollow">configs/res_ldap.conf.sample</a> for a configuration file sample.<br/>

See contrib/scripts for the LDAP <a href="http://svn.asterisk.org/svn/asterisk/trunk/contrib/scripts/asterisk.ldap-schema" class="external-link" rel="nofollow">schema</a> and <a href="http://svn.asterisk.org/svn/asterisk/trunk/contrib/scripts/asterisk.ldif" class="external-link" rel="nofollow">ldif</a> files needed for the LDAP server.</p>


<p>From within your Asterisk source directory:</p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">

<pre class="theme: Confluence; brush: java; gutter: false">cd contrib/scripts

sudo cp asterisk.ldap-schema /etc/ldap/schema/

sudo service slapd restart

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ./asterisk.ldif</pre>

</div></div>

<p>Let's edit the extconfig.conf file to specify LDAP as our realtime storage engine and where Asterisk will look for data.</p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">

<pre class="theme: Confluence; brush: java; gutter: false">sippeers = ldap,"ou=sip,dc=example,dc=domain",sip

sipusers = ldap,"ou=sip,dc=example,dc=domain",sip

extensions = ldap,"ou=extensions,dc=example,dc=domain",extensions</pre>

</div></div>


<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/wiki/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>You'll want to reference the Asterisk res_ldap.conf file which holds the LDAP mapping configuration when building your own record schema.</td></tr></table></div>

<p><b>Basic</b> sip users record layout which will need to be saved to a file (we'll use 'createduser.ldif' here as an example). This example record is for sip user '1000'.  This example record is for sip user '1000'. </p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">

<pre class="theme: Confluence; brush: java; gutter: false">dn: cn=1000,ou=sip,dc=digium,dc=internal

objectClass: AsteriskAccount

objectClass: AsteriskExtension

objectClass: AsteriskSIPUser

objectClass: top

AstAccountName: sip user

cn: 1000

AstAccountDefaultUser: 0

AstAccountExpirationTimestamp: 0

AstAccountFullContact: 0

AstAccountHost: dynamic

AstAccountIPAddress: 0

AstAccountLastQualifyMilliseconds: 0

AstAccountPort: 0

AstAccountRegistrationServer: 0

AstAccountType: 0

AstAccountUserAgent: 0

AstExtension: 1000</pre>

</div></div>


<p>Let's add the record to the LDAP server:</p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">

<pre class="theme: Confluence; brush: java; gutter: false">sudo ldapadd -D "cn=admin,dc=example,dc=domain" -x -W -f createduser.ldif</pre>

</div></div>


<p>When creating your own record schema, you'll obviously want to incorporate authentication. Asterisk + LDAP requires that the user secrets be stored as an MD5 hash. MD5 hashes can be created using 'md5sum'.</p>


<p>For AstAccountRealmedPassword authentication use this.</p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">

<pre class="theme: Confluence; brush: java; gutter: false">echo "&lt;secret composed of username, realm, and password goes here&gt;" | md5sum</pre>

</div></div>


<p>For AstMD5secret authentication use this.</p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">

<pre class="theme: Confluence; brush: java; gutter: false">echo "password" | md5sum</pre>

</div></div>

    </div>

        <div id="commentsSection" class="wiki-content pageSection">

        <div style="float: right;" class="grey">

                        <a href="https://wiki.asterisk.org/wiki/users/removespacenotification.action?spaceKey=AST">Stop watching space</a>

            <span style="padding: 0px 5px;">|</span>

                <a href="https://wiki.asterisk.org/wiki/users/editmyemailsettings.action">Change email notification preferences</a>

</div>

        <a href="https://wiki.asterisk.org/wiki/display/AST/LDAP+Realtime+Driver">View Online</a>

        |

        <a href="https://wiki.asterisk.org/wiki/pages/diffpagesbyversion.action?pageId=4260014&revisedVersion=7&originalVersion=6">View Changes</a>

                |

        <a href="https://wiki.asterisk.org/wiki/display/AST/LDAP+Realtime+Driver?showComments=true&amp;showCommentArea=true#addcomment">Add Comment</a>

            </div>

</div>

</div>

</div>

</div>

</body>

</html>