Hi, I'm trying to get Asterisk running with LDAP to be able to authenticate sip user registrations. I'm using Asterisk (1.8.13.1~dfsg1-3+deb7u3) on a Debian server.
Unfortunately I wasn't successful so far. My res_ldap.conf looks like this (so pretty minimal): --- [_general] ;url=ldaps://ldap.chaotikum.org url=ldap://ldap.chaotikum.org protocol=3 basedn=dc=chaotikum,dc=org [sip] name = uid --- I've also added "alwaysauthreject=no" to sip.conf/[general] to easily check whether it's the user or password the LDAP doesn't accept. The LDAP connection seems to work, there are packets going back and forth. Nevertheless I get a: --- "handle_request_register: Registration from '<sip:[email protected]>' failed for '95.211.148.154:5060' - No matching peer found" --- Here's a tcpdump of the LDAP communication: https://metameute.de/~tux/asterisk/ldap-asterisk.cap So it seems like it is able to get the user "tux" successfully. At least on second try. Does anybody know why there are two requests anway? Also, what might be my issue of this user not being registered? Also, I've read about schema files for ldap. Is it mandatory to change things on the LDAP server to get Asterisk to work with LDAP? Or is it enough to simply have the right variable mappings? Thirdly, is it possible to authorize against an LDAP server without exposing the (hashed) user password to the requesting LDAP client / asterisk server? This article made me wonder whether this might not that easily possible with LDAP due to the nature of the SIP protocol (i.e. it's challenge-response handshake) and that I'd need to use RADIUS instead: https://who.rocq.inria.fr/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html Cheers, Linus -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
