<grin> OpenLDAP isn't an option. And thanks very much for all the responses. I've not had a chance to mock it up yet and see how it works hands on. I am planning that the users ultimately interface SIP to Kamailio and use Asterisk for the call tree, voice mail, conference, etc. I was assuming they would need to authenticate to Asterisk as well as Kamailio but I suppose it may be more a matter of Asterisk trusting Kamailio rather than the individual users. I would also assume voice mail passwords will be very different from user passwords as they should be designed to be entered from a phone keypad rather than a keyboard (I told you I'm a real Asterisk newbie!). I guess I'll find out as I start to set it up.
As I want to build it piecemeal and add complexity rather than diving into the end product (RTPProxy, Kamailio, Asterisk, FreePBX with interaction as described above), any suggestions on whether I should build and test Kamailio or Asterisk first? Thanks - John On Tue, 2009-06-02 at 21:08 +0100, Gavin Henry wrote: > One last thing ;-) use OpenLDAP! > > On 02/06/2009, John A. Sullivan III <[email protected]> wrote: > > Hello, all. I'm afraid I've been dropped into the deep end even though > > I am an Asterisk novice. I've set up a few tiny, tiny systems in the > > past and have now been asked to pull together Asterisk, FreePBX, > > Kamailio, RTPProxy, and Fedora Directory Server into a VoIP service. > > > > After googling and reading for most of the last 24 hours, I finally have > > my head around the components and how they work but am a little stumped > > by password synchronization using existing LDAP accounts. Maintaining > > separate accounts with a shared database between Kamailio and Asterisk > > seems quite reasonable. Integrating with the existing LDAP database > > seems like much more of a challenge. > > > > I did find > > http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html > > and > > http://magazine.redhat.com/2008/07/24/open-source-telephony-a-fedora-based-voip-server-with-asterisk/ > > very helpful. > > > > For security reasons, we keep internal UIDs different from public email > > IDs. Thus, we might use john.doe internally and [email protected] for > > email. Since it is a multi-tenant environment, I'd imagine we will use > > the Kamailio domain module, make the SIP domain match the email domain, > > and use the email user portion of the email address as the SIP ID. I > > think this is straightforward using LDAP and Kamailio as we would query > > LDAP for the email address and have return the password. > > > > Asterisk seems a little trickier. I've looked at the schema extensions > > and it looks like we add an auxiliary objectclass of AstSIPUser. I > > suppose we would add this objectclass to a structure inetOrgPerson > > object. We could then use the email name for the AstAccountName (or > > whatever the actual attribute is) but the password befuddles me. > > > > I notice we add an AstAccountRealmedPassword attribute. I suppose this > > is because of the need to furnish SIP a hash derived from > > username:realm:password. We would prefer our users only need to change > > their passwords in one place. Is there anyway beside deploying > > something like IPA to have Asterisk use the regular posix password > > stored in LDAP rather than a separate AstAccountRealmedPassword? > > > > I'm looking forward to diving in; I just wish it was with a little less > > time pressure! Thanks - John > > -- > > John A. Sullivan III > > Open Source Development Corporation > > +1 207-985-7880 > > [email protected] > > > > http://www.spiritualoutreach.com > > Making Christianity intelligible to secular society > > > > > > _______________________________________________ > > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 [email protected] http://www.spiritualoutreach.com Making Christianity intelligible to secular society _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
