Hi, All:
I'm starting to jump into the Asterisk world and try to figure out a VoIP solution for my company. I stumbled across the VoiceRD company/project, which is supposed to integrate Asterisk into Novell eDirectory (via LDAP). Unfortunately the project is in its very early stages, and it just doesn't work that well. I'm sure that will change as time goes on, but I'm not feeling real patient right now :-).
I'm using Asterisk (1.2.12) with the LDAP Realtime driver (res_config_ldap.so), and I'm experiencing a few problems that I could really use some help solving.
First of all, I'd like to configure Asterisk to talk to my LDAP servers securely. This is especially critical if I'm going to have to bind as something other than an anonymous bind (not just for my sake, but the eDirectory servers require confidentiality by default - and I don't want to change that). When I try to set the port to 636 in the res_ldap.conf file, I get bind errors ("Can't contact server..."). I imagine this is an issue with certificates and trust, but I'm not exactly sure where I need to put my CA certificate in order to make the ldap module happy. I have my global ldap.conf file (/etc/openldap/ldap.conf) set up to not require certificate checking, but this doesn't seem to make a difference with the res_config_ldap module. Anyone have any tips to help me figure out what's going on here?
My second issue (that I've identified so far, anyway) is with the actual searches that LDAP does. I can get around the problem above my removing the username and password so that Asterisk binds anonymously on the insecure port (389). I set up the parts of the LDAP tree that Asterisk needs access to so that Anonymous binds can see all attributes (I know this isn't safe in a production environment, and that's not how I plan to do it in production, it was simply a temporary measure to see if I could actually get anything out of the LDAP tree). The module binds successfully and does some searches of the tree. Unfortunately, I can't tell my looking at any of the log files for asterisk whether or not it actually pulls any data out of the tree. The log files don't seem to list results for LDAP lookups (I've got full debugging turned on, so everyth! ing should be getting logged), so it's hard to tell what the LDAP server returned. I've tried to use tcpdump to see this data, but tcpdump doesn't grab the full packet, it truncates it at a certain point, so I can't see the data. Also, Asterisk seems to only query the .conf file entries from extconfig.conf and not the other entries (sipusers, extensions, etc.).
Here's my extconfig.conf file (I did patch Asterisk to recognize the quotation marks for this file):
[settings]
;voicemail => ldap,"o=SEAKR",voicemail
voicemail => ldap,"ou=People,o=SEAKR",voicemail
;realtime_ext => ldap,"o=SEAKR",extensions
realtime_ext => ldap,"ou=Extensions,ou=VoIP,ou=Servers,o=SEAKR",extensions
voicemail.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config
;voicemail.conf => ldap,"o=SEAKR",config
meetme.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config
;meetme.conf => ldap,"o=SEAKR",config
sip.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config
;sip.conf => ldap,"o=SEAKR",config
extensions.conf => ldap,"ou=Conf,ou=VoIP,ou=Servers,o=SEAKR",config
;extensions.conf => ldap,o=SEAKR,config
sipusers => ldap,"ou=People,o=SEAKR",sip
sippeers => ldap,"ou=People,o=SEAKR",sip
;sipfriends => ldap,o=SEAKR,sip
and here's the first part of the res_ldap.conf file (the rest of it identifies the attributes for each of the configuration "tables"):
[_general]
dbhost=my.ldap.host ; LDAP host(s)
dbport=636
dbbasedn=o=SEAKR ; Base DN
dbpass=SUPERSECRETWORD ; Bind password
dbuser=cn=MYADMIN,ou=People,o=SEAKR ; Bind DN
Please let me know if you need any further information. I have updated my LDAP schema with the schema for the LDAP realtime driver (so that is has all the oxy attributes plus a few VoiceRD attributes from the VoiceRD vendor). I've verified that I can do both anonymous binds and authenticated binds from the server command line (using ldapsearch) and that the anonymous binds return the attributes from the server that Asterisk needs to see.
Thanks,
Nick Couchman
Systems Integrator
SEAKR Engineering, Inc.
6221 South Racine Circle
Centennial, CO 80111
Main: (303) 790-8499
Fax: (303) 790-8720
Web: http://www.seakr.com
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
