<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>I'll give strace a try on Monday and see if I can figure that out. In any case, that's not a huge deal right now - I can bind anonymously for now and get the information out, and I'm not terribly concerned about support LDAP writes from Asterisk - I'd just like to get the configuration read out of LDAP for now.</DIV>
<DIV> </DIV>
<DIV>I figured out the issue with nothing getting pulled from LDAP - it seems that if you apply the quotation mark patch for external configuration resources (so that you can put "ou=People,o=myorg" in the extconfig.conf file) that you have to have the quotes for the LDAP search to succeed. As soon as I put the quotes in, it started working and it is at least partially reading my configuration out of the LDAP tree.</DIV>
<DIV> </DIV>
<DIV>I'm still having a couple issues, though - first, my .conf files get read out of LDAP, but the "realtime_ext" and "voicemail" tables don't get pulled from LDAP. I don't know if I need a parameter somewhere else in my other LDAP configuration stuff that tells Asterisk to try to load these items from extconfig, but I don't even seen an LDAP searches for this stuff when I use tcpdump to trace the TCP/IP traffic. Also, sipusers and sippeers doesn't seem to get read from the LDAP tree.</DIV>
<DIV> </DIV>
<DIV>Another question - with the LDAPRealtime plugin, when a user authenticates, does it use the existing user password or is it stored in another password field? I've seen some references to a "realmPassword" field or something similar. Is it possible to have Asterisk try to bind to LDAP as the user that's trying to log in instead of having to grant read or compare access to a password field?</DIV>
<DIV> </DIV>
<DIV>Thanks,</DIV>
<DIV> </DIV>
<DIV>Nick Couchman<BR>Systems Integrator<BR>SEAKR Engineering, Inc.<BR>6221 South Racine Circle<BR>Centennial, CO 80111<BR>Main: (303) 790-8499<BR>Fax: (303) 790-8720<BR>Web: http://www.seakr.com<BR><BR><BR>>>> On 2006/09/22 at 11:36:38, Nick Burch <nick@torchbox.com> wrote:<BR></DIV>
<DIV style="PADDING-LEFT: 7px; MARGIN: 0px 0px 0px 15px; BORDER-LEFT: #050505 1px solid; BACKGROUND-COLOR: #f3f3f3">On Fri, 22 Sep 2006, Nick Couchman wrote:<BR>>> Probably wherever openssl looks for them. Try /etc/pki/tls/certs/,<BR>>> /etc/ssl/certs/ or /usr/share/ssl/certs/, depending on your distro. You'll<BR>>> also need to symlink the certificate to its hash, check the openssl docs<BR>>> if you haven't done this before.<BR>><BR>> I've just finished trying this and I still get an error when Asterisk <BR>> tries to connect. I have a couple other things I need to try (I need to <BR>> try to adjust my CA a little bit), but if anyone else has other <BR>> suggestions for me, I'd appreciate it.<BR><BR>Try strace? You might be able to see the real place it tries for the <BR>certificates, and what the real errors are<BR><BR>>> Even better, use wireshark (the new name for ethereal). It'll do a very<BR>>> nice job (I tend to find better than tcpdump) at showing you the contents<BR>>> of you ldap queries and responses.<BR>><BR>> I was using ethereal to interpret the data, but my servers don't have X <BR>> on them so it's hard to run Ethereal or Wireshark directly on the <BR>> server. So, I use tcpdump to capture to a file, then copy to my <BR>> workstation and use Ethereal to open it.<BR><BR>Make sure you use tcpdump with "-s 0" then<BR><BR>Nick<BR><BR></DIV></BODY></HTML>