Hi all, I looked on the Internet but I didn't find any good how-to. I would like to integrate a ldap server ( with all users data) with asterisk to authenticate SIP users. With this solution I will only need to add a user on ldap, it will not be necessary to add any special configuration on sip.conf Is that possible???If so, How can I configure this setup??? Thanks in advance -- Rafael S. Seste
You could get the Free PERL module Asterisk::Ldap and use it to periodically update your users from the LDAP server. You could make it a daily cron job run at midnight so any new LDAP users would be Asterisk users the new business day and you could also run the module on-demand. -----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Rafael Seste Sent: Tuesday, September 29, 2009 9:02 AM To: asterisk-users at lists.digium.com Subject: [asterisk-users] LDAP integration Hi all, I looked on the Internet but I didn't find any good how-to. I would like to integrate a ldap server ( with all users data) with asterisk to authenticate SIP users. With this solution I will only need to add a user on ldap, it will not be necessary to add any special configuration on sip.conf Is that possible???If so, How can I configure this setup??? Thanks in advance -- Rafael S. Seste _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, A realtime ldap driver exist. He can put the user/peer sip/iax in a ldap directory and configuration files. A friend has updated as part of his final study of. You can find-it there : http://wiki.ouranos.be/doku.php/stage:ldap Or contact us at : magicrhesus at ouranos.be For other questions, I'm a here ... - -- Antoine Patte Rafael Seste wrote:> Hi all, > > I looked on the Internet but I didn't find any good how-to. > I would like to integrate a ldap server ( with all users data) with > asterisk to authenticate SIP users. With this solution I will only > need to add a user on ldap, it will not be necessary to add any > special configuration on sip.conf > > Is that possible???If so, How can I configure this setup??? > > Thanks in advance >-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrCJ6EACgkQBnIOcv+j7+wXtgCcDaoIAGZJfva39XFUtqRoMkih XqYAoOnaMYa//DwR9F0doxtd3otPTeeF =3D09 -----END PGP SIGNATURE-----
On Tue, 2009-09-29 at 11:01 -0300, Rafael Seste wrote:> Hi all, > > I looked on the Internet but I didn't find any good how-to. > I would like to integrate a ldap server ( with all users data) with > asterisk to authenticate SIP users. With this solution I will only > need to add a user on ldap, it will not be necessary to add any > special configuration on sip.conf > > Is that possible???If so, How can I configure this setup??? > > Thanks in advance >I considered doing this using LDAP as a real-time database. I decided not to for two reasons which I'll share below. However, I am very new to Asterisk so I would be very curious to know from more experienced folks if my assumptions were false. First, there were some good how-tos about using LDAP as a real-time database but, if I recall, the schema is extended in such a way that the regular user password is not the password used by Asterisk. Second, I believe we saw a way we could map the Asterisk password to the regular user password (it's been a while so I'm not sure about that) but were concerned about the problems of entering secure passwords from a phone keypad. We enforce fairly secure passwords - at least nine characters with some variety of characters and encourage much longer passwords. Having to enter lots of characters in both cases as well as symbols seemed difficult from a phone keypad. Thus, we decided (reluctantly) to use separate simple passwords for phone access instead of the very secure passwords we use to data access. Hope this helps and looking forward to more informed comments than mine! - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society