[asterisk-users] Asterisk and LDAP

Linus Lüssing linus.luessing at web.de
Wed Jun 18 16:06:53 CDT 2014


Hi,

I'm trying to get Asterisk running with LDAP to be able to
authenticate sip user registrations. I'm using Asterisk
(1.8.13.1~dfsg1-3+deb7u3) on a Debian server.

Unfortunately I wasn't successful so far.

My res_ldap.conf looks like this (so pretty minimal):
---
[_general]
;url=ldaps://ldap.chaotikum.org
url=ldap://ldap.chaotikum.org
protocol=3
basedn=dc=chaotikum,dc=org

[sip]
name = uid
---

I've also added "alwaysauthreject=no" to sip.conf/[general]
to easily check whether it's the user or password the LDAP
doesn't accept.

The LDAP connection seems to work, there are packets going back
and forth. Nevertheless I get a:

---
"handle_request_register: Registration from
'<sip:tux at chaotikum.org>' failed for '95.211.148.154:5060' - No
matching peer found"
---

Here's a tcpdump of the LDAP communication:

https://metameute.de/~tux/asterisk/ldap-asterisk.cap

So it seems like it is able to get the user "tux" successfully. At
least on second try.

Does anybody know why there are two requests anway? Also, what
might be my issue of this user not being registered?

Also, I've read about schema files for ldap. Is it mandatory to
change things on the LDAP server to get Asterisk to work with
LDAP? Or is it enough to simply have the right variable mappings?

Thirdly, is it possible to authorize against an LDAP server
without exposing the (hashed) user password to the requesting LDAP
client / asterisk server? This article made me wonder whether this
might not that easily possible with LDAP due to the nature of the
SIP protocol (i.e. it's challenge-response handshake) and that
I'd need to use RADIUS instead:

https://who.rocq.inria.fr/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html

Cheers, Linus



More information about the asterisk-users mailing list