Hello, all. I'm afraid I've been dropped into the deep end even though I am an Asterisk novice. I've set up a few tiny, tiny systems in the past and have now been asked to pull together Asterisk, FreePBX, Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service.
After googling and reading for most of the last 24 hours, I finally have my head around the components and how they work but am a little stumped by password synchronization using existing LDAP accounts. Maintaining separate accounts with a shared database between Kamailio and Asterisk seems quite reasonable. Integrating with the existing LDAP database seems like much more of a challenge. I did find http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html and http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ very helpful. For security reasons, we keep internal UIDs different from public email IDs. Thus, we might use john.doe internally and [email protected] for email. Since it is a multi-tenant environment, I'd imagine we will use the Kamailio domain module, make the SIP domain match the email domain, and use the email user portion of the email address as the SIP ID. I think this is straightforward using LDAP and Kamailio as we would query LDAP for the email address and have return the password. Asterisk seems a little trickier. I've looked at the schema extensions and it looks like we add an auxiliary objectclass of AstSIPUser. I suppose we would add this objectclass to a structure inetOrgPerson object. We could then use the email name for the AstAccountName (or whatever the actual attribute is) but the password befuddles me. I notice we add an AstAccountRealmedPassword attribute. I suppose this is because of the need to furnish SIP a hash derived from username:realm:password. We would prefer our users only need to change their passwords in one place. Is there anyway beside deploying something like IPA to have Asterisk use the regular posix password stored in LDAP rather than a separate AstAccountRealmedPassword? I'm looking forward to diving in; I just wish it was with a little less time pressure! Thanks - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 [email protected] http://www.spiritualoutreach.com Making Christianity intelligible to secular society _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
