<html>
<head>
<base href="https://wiki.asterisk.org/wiki">
<link rel="stylesheet" href="/wiki/s/en/2176/25/9/_/styles/combined.css?spaceKey=AST&forWysiwyg=true" type="text/css">
</head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
<h2><a href="https://wiki.asterisk.org/wiki/display/AST/LDAP+Realtime+Driver">LDAP Realtime Driver</a></h2>
<h4>Page <b>edited</b> by <a href="https://wiki.asterisk.org/wiki/display/~lathama">Andrew Latham</a>
</h4>
<div id="versionComment">
<b>Comment:</b>
mention queues and alter wording to express the read write relationship<br />
</div>
<br/>
<h4>Changes (2)</h4>
<div id="page-diffs">
<table class="diff" cellpadding="0" cellspacing="0">
<tr><td class="diff-unchanged" >h1. Asterisk Realtime Lightweight Directory Access Protocol (LDAP) Driver <br> <br></td></tr>
<tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">With this driver Asterisk can retrieve information from an LDAP directory service, including SIP/IAX2 users, extensions and configuration. This guide assumes you have a working knowledge of LDAP and have an LDAP server with authentication already setup. <br></td></tr>
<tr><td class="diff-added-lines" style="background-color: #dfd;">With this driver Asterisk can access and update information in an LDAP directory. Asterisk can configure SIP/IAX2 users, extensions, queues, queue members, and entire configuration files. This guide assumes you have a working knowledge of LDAP and have an LDAP server with authentication already setup. Asterisk requires read and write permissions to update the directory. <br></td></tr>
<tr><td class="diff-unchanged" > <br>See [configs/res_ldap.conf.sample|http://svn.asterisk.org/svn/asterisk/trunk/configs/res_ldap.conf.sample] for a configuration file sample. <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
</table>
</div> <h4>Full Content</h4>
<div class="notificationGreySide">
<h1><a name="LDAPRealtimeDriver-AsteriskRealtimeLightweightDirectoryAccessProtocol%28LDAP%29Driver"></a>Asterisk Realtime Lightweight Directory Access Protocol (LDAP) Driver</h1>
<p>With this driver Asterisk can access and update information in an LDAP directory. Asterisk can configure SIP/IAX2 users, extensions, queues, queue members, and entire configuration files. This guide assumes you have a working knowledge of LDAP and have an LDAP server with authentication already setup. Asterisk requires read and write permissions to update the directory.</p>
<p>See <a href="http://svn.asterisk.org/svn/asterisk/trunk/configs/res_ldap.conf.sample" class="external-link" rel="nofollow">configs/res_ldap.conf.sample</a> for a configuration file sample.<br/>
See contrib/scripts for the LDAP <a href="http://svn.asterisk.org/svn/asterisk/trunk/contrib/scripts/asterisk.ldap-schema" class="external-link" rel="nofollow">schema</a> and <a href="http://svn.asterisk.org/svn/asterisk/trunk/contrib/scripts/asterisk.ldif" class="external-link" rel="nofollow">ldif</a> files needed for the LDAP server.</p>
<p>From within your Asterisk source directory:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false">cd contrib/scripts
sudo cp asterisk.ldap-schema /etc/ldap/schema/
sudo service slapd restart
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ./asterisk.ldif</pre>
</div></div>
<p>Let's edit the extconfig.conf file to specify LDAP as our realtime storage engine and where Asterisk will look for data.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false">sippeers = ldap,"ou=sip,dc=example,dc=domain",sip
sipusers = ldap,"ou=sip,dc=example,dc=domain",sip
extensions = ldap,"ou=extensions,dc=example,dc=domain",extensions</pre>
</div></div>
<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/wiki/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td>You'll want to reference the Asterisk res_ldap.conf file which holds the LDAP mapping configuration when building your own record schema.</td></tr></table></div>
<p><b>Basic</b> sip users record layout which will need to be saved to a file (we'll use 'createduser.ldif' here as an example). This example record is for sip user '1000'. This example record is for sip user '1000'. </p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false">dn: cn=1000,ou=sip,dc=digium,dc=internal
objectClass: AsteriskAccount
objectClass: AsteriskExtension
objectClass: AsteriskSIPUser
objectClass: top
AstAccountName: sip user
cn: 1000
AstAccountDefaultUser: 0
AstAccountExpirationTimestamp: 0
AstAccountFullContact: 0
AstAccountHost: dynamic
AstAccountIPAddress: 0
AstAccountLastQualifyMilliseconds: 0
AstAccountPort: 0
AstAccountRegistrationServer: 0
AstAccountType: 0
AstAccountUserAgent: 0
AstExtension: 1000</pre>
</div></div>
<p>Let's add the record to the LDAP server:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false">sudo ldapadd -D "cn=admin,dc=example,dc=domain" -x -W -f createduser.ldif</pre>
</div></div>
<p>When creating your own record schema, you'll obviously want to incorporate authentication. Asterisk + LDAP requires that the user secrets be stored as an MD5 hash. MD5 hashes can be created using 'md5sum'.</p>
<p>For AstAccountRealmedPassword authentication use this.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false">printf "<secret composed of username, realm, and password goes here>" | md5sum</pre>
</div></div>
<p>For AstMD5secret authentication use this.</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Confluence; brush: java; gutter: false">printf "password" | md5sum</pre>
</div></div>
</div>
<div id="commentsSection" class="wiki-content pageSection">
<div style="float: right;" class="grey">
<a href="https://wiki.asterisk.org/wiki/users/removespacenotification.action?spaceKey=AST">Stop watching space</a>
<span style="padding: 0px 5px;">|</span>
<a href="https://wiki.asterisk.org/wiki/users/editmyemailsettings.action">Change email notification preferences</a>
</div>
<a href="https://wiki.asterisk.org/wiki/display/AST/LDAP+Realtime+Driver">View Online</a>
|
<a href="https://wiki.asterisk.org/wiki/pages/diffpagesbyversion.action?pageId=4260014&revisedVersion=9&originalVersion=8">View Changes</a>
|
<a href="https://wiki.asterisk.org/wiki/display/AST/LDAP+Realtime+Driver?showComments=true&showCommentArea=true#addcomment">Add Comment</a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>