[asterisk-users] Realtime LDAP passwords
Hello, all. I'm afraid I've been dropped into the deep end even though I am an Asterisk novice. I've set up a few tiny, tiny systems in the past and have now been asked to pull together Asterisk, FreePBX, Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. After googling and reading for most of the last 24 hours, I finally have my head around the components and how they work but am a little stumped by password synchronization using existing LDAP accounts. Maintaining separate accounts with a shared database between Kamailio and Asterisk seems quite reasonable. Integrating with the existing LDAP database seems like much more of a challenge. I did find http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html and http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ very helpful. For security reasons, we keep internal UIDs different from public email IDs. Thus, we might use john.doe internally and j...@example.com for email. Since it is a multi-tenant environment, I'd imagine we will use the Kamailio domain module, make the SIP domain match the email domain, and use the email user portion of the email address as the SIP ID. I think this is straightforward using LDAP and Kamailio as we would query LDAP for the email address and have return the password. Asterisk seems a little trickier. I've looked at the schema extensions and it looks like we add an auxiliary objectclass of AstSIPUser. I suppose we would add this objectclass to a structure inetOrgPerson object. We could then use the email name for the AstAccountName (or whatever the actual attribute is) but the password befuddles me. I notice we add an AstAccountRealmedPassword attribute. I suppose this is because of the need to furnish SIP a hash derived from username:realm:password. We would prefer our users only need to change their passwords in one place. Is there anyway beside deploying something like IPA to have Asterisk use the regular posix password stored in LDAP rather than a separate AstAccountRealmedPassword? I'm looking forward to diving in; I just wish it was with a little less time pressure! Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
Where do they currently change their password? If it's somewhere you control, why not add some to create the realmed password? Gavin. On 02/06/2009, John A. Sullivan III jsulli...@opensourcedevel.com wrote: Hello, all. I'm afraid I've been dropped into the deep end even though I am an Asterisk novice. I've set up a few tiny, tiny systems in the past and have now been asked to pull together Asterisk, FreePBX, Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. After googling and reading for most of the last 24 hours, I finally have my head around the components and how they work but am a little stumped by password synchronization using existing LDAP accounts. Maintaining separate accounts with a shared database between Kamailio and Asterisk seems quite reasonable. Integrating with the existing LDAP database seems like much more of a challenge. I did find http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html and http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ very helpful. For security reasons, we keep internal UIDs different from public email IDs. Thus, we might use john.doe internally and j...@example.com for email. Since it is a multi-tenant environment, I'd imagine we will use the Kamailio domain module, make the SIP domain match the email domain, and use the email user portion of the email address as the SIP ID. I think this is straightforward using LDAP and Kamailio as we would query LDAP for the email address and have return the password. Asterisk seems a little trickier. I've looked at the schema extensions and it looks like we add an auxiliary objectclass of AstSIPUser. I suppose we would add this objectclass to a structure inetOrgPerson object. We could then use the email name for the AstAccountName (or whatever the actual attribute is) but the password befuddles me. I notice we add an AstAccountRealmedPassword attribute. I suppose this is because of the need to furnish SIP a hash derived from username:realm:password. We would prefer our users only need to change their passwords in one place. Is there anyway beside deploying something like IPA to have Asterisk use the regular posix password stored in LDAP rather than a separate AstAccountRealmedPassword? I'm looking forward to diving in; I just wish it was with a little less time pressure! Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
It also depends where you are registering your users. If merely using Asterisk for a media server, do the auth via LDAP in Kamailio, which will just use the userPassword attribute (or however the Kamailio LDAP module binds to check auth or what you script it to do) then a normal password change will do. On 02/06/2009, John A. Sullivan III jsulli...@opensourcedevel.com wrote: Hello, all. I'm afraid I've been dropped into the deep end even though I am an Asterisk novice. I've set up a few tiny, tiny systems in the past and have now been asked to pull together Asterisk, FreePBX, Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. After googling and reading for most of the last 24 hours, I finally have my head around the components and how they work but am a little stumped by password synchronization using existing LDAP accounts. Maintaining separate accounts with a shared database between Kamailio and Asterisk seems quite reasonable. Integrating with the existing LDAP database seems like much more of a challenge. I did find http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html and http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ very helpful. For security reasons, we keep internal UIDs different from public email IDs. Thus, we might use john.doe internally and j...@example.com for email. Since it is a multi-tenant environment, I'd imagine we will use the Kamailio domain module, make the SIP domain match the email domain, and use the email user portion of the email address as the SIP ID. I think this is straightforward using LDAP and Kamailio as we would query LDAP for the email address and have return the password. Asterisk seems a little trickier. I've looked at the schema extensions and it looks like we add an auxiliary objectclass of AstSIPUser. I suppose we would add this objectclass to a structure inetOrgPerson object. We could then use the email name for the AstAccountName (or whatever the actual attribute is) but the password befuddles me. I notice we add an AstAccountRealmedPassword attribute. I suppose this is because of the need to furnish SIP a hash derived from username:realm:password. We would prefer our users only need to change their passwords in one place. Is there anyway beside deploying something like IPA to have Asterisk use the regular posix password stored in LDAP rather than a separate AstAccountRealmedPassword? I'm looking forward to diving in; I just wish it was with a little less time pressure! Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
Sorry, lastly I defined it as auxilary to do exactly that; add it to any existing entry. Thanks. On 02/06/2009, John A. Sullivan III jsulli...@opensourcedevel.com wrote: Hello, all. I'm afraid I've been dropped into the deep end even though I am an Asterisk novice. I've set up a few tiny, tiny systems in the past and have now been asked to pull together Asterisk, FreePBX, Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. After googling and reading for most of the last 24 hours, I finally have my head around the components and how they work but am a little stumped by password synchronization using existing LDAP accounts. Maintaining separate accounts with a shared database between Kamailio and Asterisk seems quite reasonable. Integrating with the existing LDAP database seems like much more of a challenge. I did find http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html and http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ very helpful. For security reasons, we keep internal UIDs different from public email IDs. Thus, we might use john.doe internally and j...@example.com for email. Since it is a multi-tenant environment, I'd imagine we will use the Kamailio domain module, make the SIP domain match the email domain, and use the email user portion of the email address as the SIP ID. I think this is straightforward using LDAP and Kamailio as we would query LDAP for the email address and have return the password. Asterisk seems a little trickier. I've looked at the schema extensions and it looks like we add an auxiliary objectclass of AstSIPUser. I suppose we would add this objectclass to a structure inetOrgPerson object. We could then use the email name for the AstAccountName (or whatever the actual attribute is) but the password befuddles me. I notice we add an AstAccountRealmedPassword attribute. I suppose this is because of the need to furnish SIP a hash derived from username:realm:password. We would prefer our users only need to change their passwords in one place. Is there anyway beside deploying something like IPA to have Asterisk use the regular posix password stored in LDAP rather than a separate AstAccountRealmedPassword? I'm looking forward to diving in; I just wish it was with a little less time pressure! Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
One last thing ;-) use OpenLDAP! On 02/06/2009, John A. Sullivan III jsulli...@opensourcedevel.com wrote: Hello, all. I'm afraid I've been dropped into the deep end even though I am an Asterisk novice. I've set up a few tiny, tiny systems in the past and have now been asked to pull together Asterisk, FreePBX, Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. After googling and reading for most of the last 24 hours, I finally have my head around the components and how they work but am a little stumped by password synchronization using existing LDAP accounts. Maintaining separate accounts with a shared database between Kamailio and Asterisk seems quite reasonable. Integrating with the existing LDAP database seems like much more of a challenge. I did find http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html and http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ very helpful. For security reasons, we keep internal UIDs different from public email IDs. Thus, we might use john.doe internally and j...@example.com for email. Since it is a multi-tenant environment, I'd imagine we will use the Kamailio domain module, make the SIP domain match the email domain, and use the email user portion of the email address as the SIP ID. I think this is straightforward using LDAP and Kamailio as we would query LDAP for the email address and have return the password. Asterisk seems a little trickier. I've looked at the schema extensions and it looks like we add an auxiliary objectclass of AstSIPUser. I suppose we would add this objectclass to a structure inetOrgPerson object. We could then use the email name for the AstAccountName (or whatever the actual attribute is) but the password befuddles me. I notice we add an AstAccountRealmedPassword attribute. I suppose this is because of the need to furnish SIP a hash derived from username:realm:password. We would prefer our users only need to change their passwords in one place. Is there anyway beside deploying something like IPA to have Asterisk use the regular posix password stored in LDAP rather than a separate AstAccountRealmedPassword? I'm looking forward to diving in; I just wish it was with a little less time pressure! Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
Most of the desktops are KDE and they use the KDE change password facility. It works via pam I believe. Is there an Asterisk interface with pam that would cause it to simultaneously change the Asterisk SIP realm password? If there is, I wonder how we pass it the requisite information? Thanks - John On Tue, 2009-06-02 at 21:04 +0100, Gavin Henry wrote: Where do they currently change their password? If it's somewhere you control, why not add some to create the realmed password? Gavin. On 02/06/2009, John A. Sullivan III jsulli...@opensourcedevel.com wrote: Hello, all. I'm afraid I've been dropped into the deep end even though I am an Asterisk novice. I've set up a few tiny, tiny systems in the past and have now been asked to pull together Asterisk, FreePBX, Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. After googling and reading for most of the last 24 hours, I finally have my head around the components and how they work but am a little stumped by password synchronization using existing LDAP accounts. Maintaining separate accounts with a shared database between Kamailio and Asterisk seems quite reasonable. Integrating with the existing LDAP database seems like much more of a challenge. I did find http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html and http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ very helpful. For security reasons, we keep internal UIDs different from public email IDs. Thus, we might use john.doe internally and j...@example.com for email. Since it is a multi-tenant environment, I'd imagine we will use the Kamailio domain module, make the SIP domain match the email domain, and use the email user portion of the email address as the SIP ID. I think this is straightforward using LDAP and Kamailio as we would query LDAP for the email address and have return the password. Asterisk seems a little trickier. I've looked at the schema extensions and it looks like we add an auxiliary objectclass of AstSIPUser. I suppose we would add this objectclass to a structure inetOrgPerson object. We could then use the email name for the AstAccountName (or whatever the actual attribute is) but the password befuddles me. I notice we add an AstAccountRealmedPassword attribute. I suppose this is because of the need to furnish SIP a hash derived from username:realm:password. We would prefer our users only need to change their passwords in one place. Is there anyway beside deploying something like IPA to have Asterisk use the regular posix password stored in LDAP rather than a separate AstAccountRealmedPassword? I'm looking forward to diving in; I just wish it was with a little less time pressure! Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
grin OpenLDAP isn't an option. And thanks very much for all the responses. I've not had a chance to mock it up yet and see how it works hands on. I am planning that the users ultimately interface SIP to Kamailio and use Asterisk for the call tree, voice mail, conference, etc. I was assuming they would need to authenticate to Asterisk as well as Kamailio but I suppose it may be more a matter of Asterisk trusting Kamailio rather than the individual users. I would also assume voice mail passwords will be very different from user passwords as they should be designed to be entered from a phone keypad rather than a keyboard (I told you I'm a real Asterisk newbie!). I guess I'll find out as I start to set it up. As I want to build it piecemeal and add complexity rather than diving into the end product (RTPProxy, Kamailio, Asterisk, FreePBX with interaction as described above), any suggestions on whether I should build and test Kamailio or Asterisk first? Thanks - John On Tue, 2009-06-02 at 21:08 +0100, Gavin Henry wrote: One last thing ;-) use OpenLDAP! On 02/06/2009, John A. Sullivan III jsulli...@opensourcedevel.com wrote: Hello, all. I'm afraid I've been dropped into the deep end even though I am an Asterisk novice. I've set up a few tiny, tiny systems in the past and have now been asked to pull together Asterisk, FreePBX, Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. After googling and reading for most of the last 24 hours, I finally have my head around the components and how they work but am a little stumped by password synchronization using existing LDAP accounts. Maintaining separate accounts with a shared database between Kamailio and Asterisk seems quite reasonable. Integrating with the existing LDAP database seems like much more of a challenge. I did find http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html and http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ very helpful. For security reasons, we keep internal UIDs different from public email IDs. Thus, we might use john.doe internally and j...@example.com for email. Since it is a multi-tenant environment, I'd imagine we will use the Kamailio domain module, make the SIP domain match the email domain, and use the email user portion of the email address as the SIP ID. I think this is straightforward using LDAP and Kamailio as we would query LDAP for the email address and have return the password. Asterisk seems a little trickier. I've looked at the schema extensions and it looks like we add an auxiliary objectclass of AstSIPUser. I suppose we would add this objectclass to a structure inetOrgPerson object. We could then use the email name for the AstAccountName (or whatever the actual attribute is) but the password befuddles me. I notice we add an AstAccountRealmedPassword attribute. I suppose this is because of the need to furnish SIP a hash derived from username:realm:password. We would prefer our users only need to change their passwords in one place. Is there anyway beside deploying something like IPA to have Asterisk use the regular posix password stored in LDAP rather than a separate AstAccountRealmedPassword? I'm looking forward to diving in; I just wish it was with a little less time pressure! Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
2009/6/2 John A. Sullivan III jsulli...@opensourcedevel.com: Most of the desktops are KDE and they use the KDE change password facility. It works via pam I believe. Is there an Asterisk interface with pam that would cause it to simultaneously change the Asterisk SIP realm password? If there is, I wonder how we pass it the requisite information? Thanks - John No, but you could write one. You never mentioned how Asterisk is used with Kamailio? http://search.cpan.org/~nikip/Authen-PAM-0.16/d/PAM.pm -- http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
2009/6/2 John A. Sullivan III jsulli...@opensourcedevel.com: grin OpenLDAP isn't an option. And thanks very much for all the responses. I've not had a chance to mock it up yet and see how it works hands on. I am planning that the users ultimately interface SIP to Kamailio and use Asterisk for the call tree, voice mail, conference, etc. I was assuming they would need to authenticate to Asterisk as well as Kamailio but I suppose it may be more a matter of Asterisk trusting Kamailio rather than the individual users. I would also assume voice mail passwords will be very different from user passwords as they should be designed to be entered from a phone keypad rather than a keyboard (I told you I'm a real Asterisk newbie!). I guess I'll find out as I start to set it up. OK, depends how you set it up. You might not authenticate at all like some ITSPs do (based on IP). Is this for your company? I committed a patch for voicemail passwords in the Asterisk LDAP schema last week, so you'll need svn for that: https://issues.asterisk.org/view.php?id=15155 As I want to build it piecemeal and add complexity rather than diving into the end product (RTPProxy, Kamailio, Asterisk, FreePBX with interaction as described above), any suggestions on whether I should build and test Kamailio or Asterisk first? Thanks - John So, Asterisk and FreePBX? Why both? This is a mighty big pie to take a bite out of, so it doesn't really matter. Kamailio is harder is you don't know SIP. Depends, depends, depends ;-) What is the overall project goal here? We should have asked that first. -- http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
Thanks. I do appreciate the input as I am jumping into the deep end as I said :) On Tue, 2009-06-02 at 21:43 +0100, Gavin Henry wrote: 2009/6/2 John A. Sullivan III jsulli...@opensourcedevel.com: grin OpenLDAP isn't an option. And thanks very much for all the responses. I've not had a chance to mock it up yet and see how it works hands on. I am planning that the users ultimately interface SIP to Kamailio and use Asterisk for the call tree, voice mail, conference, etc. I was assuming they would need to authenticate to Asterisk as well as Kamailio but I suppose it may be more a matter of Asterisk trusting Kamailio rather than the individual users. I would also assume voice mail passwords will be very different from user passwords as they should be designed to be entered from a phone keypad rather than a keyboard (I told you I'm a real Asterisk newbie!). I guess I'll find out as I start to set it up. OK, depends how you set it up. You might not authenticate at all like some ITSPs do (based on IP). Is this for your company? We are launching a new company whose primary product is a complete, hosted, virtualized environment including desktops for micro-businesses, charitable organizations, schools, and municipalities. Unexpectedly, though not surprisingly, our initial customers are asking for a VoIP solution utilizing the same infrastructure. Hence the plunge into VoIP. We will be contracting with an ITSP for SIP trunking into our data center and need to set up the whole shooting match. I committed a patch for voicemail passwords in the Asterisk LDAP schema last week, so you'll need svn for that: https://issues.asterisk.org/view.php?id=15155 As I want to build it piecemeal and add complexity rather than diving into the end product (RTPProxy, Kamailio, Asterisk, FreePBX with interaction as described above), any suggestions on whether I should build and test Kamailio or Asterisk first? Thanks - John So, Asterisk and FreePBX? Why both? From looking at the press release for AsteriskNOW (which I don't plan to use as I'd like a little tighter control over the system), it appears FreePBX and Asterisk 1.6 are a nice pairing and might ease some of our administration. Just going on what I'm reading and not experience. This is a mighty big pie to take a bite out of, so it doesn't really matter. Kamailio is harder is you don't know SIP. Depends, depends, depends ;-) I'm reasonably comfortable with protocols and how they work (my background is as a network engineer although the skills are a bit rusty). SIP seems quite comprehensible and all the docs I read through the night on the innards of Kamailio and SER made perfect sense. What is the overall project goal here? We should have asked that first. In effect, we will become a voice aggregator for micro-businesses and a shared PBX services provider to complement our data offerings. I was going to build Asterisk first to have complete standalone functionality but, if the user authentication will be primarily to Kamailio, it may make sense to start there. I'll probably circle the pool a few times and then jump in wherever I stop unless someone with more experiences advises specifically! Thanks again - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Realtime LDAP passwords
2009/6/2 John A. Sullivan III jsulli...@opensourcedevel.com: Thanks. I do appreciate the input as I am jumping into the deep end as I said :) On Tue, 2009-06-02 at 21:43 +0100, Gavin Henry wrote: 2009/6/2 John A. Sullivan III jsulli...@opensourcedevel.com: grin OpenLDAP isn't an option. And thanks very much for all the responses. I've not had a chance to mock it up yet and see how it works hands on. I am planning that the users ultimately interface SIP to Kamailio and use Asterisk for the call tree, voice mail, conference, etc. I was assuming they would need to authenticate to Asterisk as well as Kamailio but I suppose it may be more a matter of Asterisk trusting Kamailio rather than the individual users. I would also assume voice mail passwords will be very different from user passwords as they should be designed to be entered from a phone keypad rather than a keyboard (I told you I'm a real Asterisk newbie!). I guess I'll find out as I start to set it up. OK, depends how you set it up. You might not authenticate at all like some ITSPs do (based on IP). Is this for your company? We are launching a new company whose primary product is a complete, hosted, virtualized environment including desktops for micro-businesses, charitable organizations, schools, and municipalities. Unexpectedly, though not surprisingly, our initial customers are asking for a VoIP solution utilizing the same infrastructure. Hence the plunge into VoIP. We will be contracting with an ITSP for SIP trunking into our data center and need to set up the whole shooting match. OK, to be honest then, since it's for a commercial solution and you're so new, I'd buy something. I've seen: http://www.sipwise.com/index.php/products?start=2 http://www.asipto.com/ http://www.voice-system.ro/ I prefer the last one, but all vary on price and the money spent will be saved on your dev time and learning curve. Then send yourself to the training course. That way you know all the loop holes are closed to allowing fraudulent calls etc. I committed a patch for voicemail passwords in the Asterisk LDAP schema last week, so you'll need svn for that: https://issues.asterisk.org/view.php?id=15155 As I want to build it piecemeal and add complexity rather than diving into the end product (RTPProxy, Kamailio, Asterisk, FreePBX with interaction as described above), any suggestions on whether I should build and test Kamailio or Asterisk first? Thanks - John So, Asterisk and FreePBX? Why both? From looking at the press release for AsteriskNOW (which I don't plan to use as I'd like a little tighter control over the system), it appears FreePBX and Asterisk 1.6 are a nice pairing and might ease some of our administration. Just going on what I'm reading and not experience. Sorry, I thought I read FreeSWITCH! This is a mighty big pie to take a bite out of, so it doesn't really matter. Kamailio is harder is you don't know SIP. Depends, depends, depends ;-) I'm reasonably comfortable with protocols and how they work (my background is as a network engineer although the skills are a bit rusty). SIP seems quite comprehensible and all the docs I read through the night on the innards of Kamailio and SER made perfect sense. What is the overall project goal here? We should have asked that first. In effect, we will become a voice aggregator for micro-businesses and a shared PBX services provider to complement our data offerings. I was going to build Asterisk first to have complete standalone functionality but, if the user authentication will be primarily to Kamailio, it may make sense to start there. I'll probably circle the pool a few times and then jump in wherever I stop unless someone with more experiences advises specifically! Thanks again - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users