Nick Couchman
2006-Sep-22 09:34 UTC
[asterisk-users] Re: [asterisk‑users] Integrating Asterisk with LDAP Realtime
> On Thu, 21 Sep 2006, Nick Couchman wrote: >> When I try to set the port to 636 in the res_ldap.conf file, I get bind >> errors ("Can't contact server..."). I imagine this is an issue with >> certificates and trust, but I'm not exactly sure where I need to put my >> CA certificate in order to make the ldap module happy.> Probably wherever openssl looks for them. Try /etc/pki/tls/certs/, > /etc/ssl/certs/ or /usr/share/ssl/certs/, depending on your distro. You'll > also need to symlink the certificate to its hash, check the openssl docs > if you haven't done this before.I've just finished trying this and I still get an error when Asterisk tries to connect. I have a couple other things I need to try (I need to try to adjust my CA a little bit), but if anyone else has other suggestions for me, I'd appreciate it.>> I've tried to use tcpdump to see this data, but tcpdump doesn't grab the >> full packet, it truncates it at a certain point, so I can't see the >> data.> Try doing your tcpdump with "?s 0" ? it tells tcpdump to "snarf" the whole > packet> Even better, use wireshark (the new name for ethereal). It'll do a very > nice job (I tend to find better than tcpdump) at showing you the contents > of you ldap queries and responses.I was using ethereal to interpret the data, but my servers don't have X on them so it's hard to run Ethereal or Wireshark directly on the server. So, I use tcpdump to capture to a file, then copy to my workstation and use Ethereal to open it.> I haven't gotten around to playing with direct integration with asterisk > and ldap, so I can't help on your other issues.Nick Couchman Systems Integrator SEAKR Engineering, Inc. 6221 South Racine Circle Centennial, CO 80111 Main: (303) 790-8499 Fax: (303) 790-8720 Web: http://www.seakr.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060922/a7fa76b5/attachment.htm
Nick Burch
2006-Sep-22 10:36 UTC
[asterisk-users] Re: [asterisk‑users] Integrating Asterisk with LDAP Realtime
On Fri, 22 Sep 2006, Nick Couchman wrote:>> Probably wherever openssl looks for them. Try /etc/pki/tls/certs/, >> /etc/ssl/certs/ or /usr/share/ssl/certs/, depending on your distro. You'll >> also need to symlink the certificate to its hash, check the openssl docs >> if you haven't done this before. > > I've just finished trying this and I still get an error when Asterisk > tries to connect. I have a couple other things I need to try (I need to > try to adjust my CA a little bit), but if anyone else has other > suggestions for me, I'd appreciate it.Try strace? You might be able to see the real place it tries for the certificates, and what the real errors are>> Even better, use wireshark (the new name for ethereal). It'll do a very >> nice job (I tend to find better than tcpdump) at showing you the contents >> of you ldap queries and responses. > > I was using ethereal to interpret the data, but my servers don't have X > on them so it's hard to run Ethereal or Wireshark directly on the > server. So, I use tcpdump to capture to a file, then copy to my > workstation and use Ethereal to open it.Make sure you use tcpdump with "-s 0" then Nick