Difference between pages "OpenLDAP" and "OwnCloud"

From Wikislax
(Difference between pages)
Jump to: navigation, search
(Creating Directory Entries)
 
(Created page with "{{RightTOC}} == What is OwnCloud ? == [http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different cli...")
 
Line 1: Line 1:
 
{{RightTOC}}
 
{{RightTOC}}
  
== What is OpenLDAP ? ==
+
== What is OwnCloud ? ==
  
[http://www.openldap.org OpenLdap] is an open source implementation of the '''Ligthweigth Directory Access Protocol''', a lightweight alternative to the '''X500 Directory Address Protocol'''. In our installation, we use it as an address book and authentication server. To keep it safe, ldap access is restricted to localhost (slapd daemon listening only on localhost, ldap and ldaps ports closed at firewall level). The referecence document to read is the  [http://www.openldap.org/doc/admin24/index.html Open Ldap Admin Guide] but it's lengthy. [http://en.wikipedia.org/wiki/OpenLDAP Wikipedia] has a nice summary page that could help setting up the big view.
+
[http://owncloud.com/ OwnCloud] is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.
  
== Installing OpenLDAP ==
+
== Installing OwnCloud ==
  
There is a chicken-and-egg problem with OpenLdap and CyrusSasl as they reference each other. So first install OpenLdap without '''--enable-spasswd --with-cyrus-sasl''', then after installing Cyrus-sasl (next chapter), reinstall OpenLdap with '''--enable-spasswd --with-cyrus-sasl''' (this will be reminded at next chapter). [http://www.openldap.org/software/download Download OpenLDAP], untar to /usr/local then compile and install as described below :
+
OwnCloud is available as a PHP application relying on various databases. See the OwnCloud documentation for details. We will be using MySQL. [https://owncloud.com/download-server download] tarball then untar and install.
  
# tar -tvf openldap-x.y.z.tgz
+
  # tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
  # tar -C /usr/local -xvf openldap-x.y.z.tgz
+
# chown -R apache:apache owncloud
  # cd /usr/local
+
  # cd /var/www/htdocs
  # chown -R root:root openldap-x.y.z
+
# ln -s /usr/local/owncloud owncloud
  # cd openldap-x.y.z
+
# cd ..
  # ./configure --help | less
+
  # chown -R apache:apache owncloud
  # ./configure --libdir=/usr/local/lib64 --mandir=/usr/local/man \
+
 
--disable-ipv6 --with-tls
+
That's it. <u>Note</u> : the other package Dahdi-tools is not required. <u>Other note</u> : Dahdi requires a kernel compiled with CONFIG_CRC_CCITT=y.
# make depend
+
 
 +
== Installing Jansson ==
 +
 
 +
Jansson is a required Json development library. [http://www.digip.org/jansson/releases/ Download] then untar and install.
 +
 
 +
  # tar -C /usr/local -xvf jansson-x.y.z.tar.gz
 +
  # cd /usr/local/jansson-linux-x.y.z
 +
  # ./configure --prefix=/usr/local --libdir=/usr/local/lib64
 
  # make
 
  # make
# make test
 
 
  # make install
 
  # make install
 
  # make clean
 
  # make clean
  
To prepare running ldap as an unpriviledged user, execute the commands below. <u>Note</u> : it will also be a good idea to review the individual file permissions under the openldap directories and to restrict access to the ldap user :
+
== Installing c-client ==
  
# groupadd ldap
+
The asterisk imap option requires presence of library c-lient.a, which is part of Imap-uw, by the University of Washington. The University of Washington seems to be no longer distributing the software so we keep a copy for your convenience. [{{SERVER}}/wikislax/download/c-client.tar.Z Download] then untar and install :
# mkdir /var/run/ldap
 
# useradd -s /bin/false -d /var/run/ldap -g ldap ldap
 
# chown -R ldap:ldap /etc/openldap /usr/local/etc/openldap /usr/local/var/openldap-data /var/run/ldap
 
  
== Configuring OpenLDAP ==
+
# gunzip c-client.tar.Z
 +
# tar -C /usr/local -xvf c-client.tar
 +
# cd /usr/local
 +
# chown -R root:root imap-2007f
 +
# chmod -R o-w imap-2007f
 +
# cd imap2007f
 +
# make slx EXTRACFLAGS="-I/usr/include/openssl -g -O2 -fPIC" SSLCERTS=/etc/ssl/certs SSLKEYS=/etc/ssl/private
  
OpenLdap is made of two daemons but we will use only one. '''slapd''' is the stand-alone LDAP daemon and '''slurpd''' is the stand-alone LDAP update replication daemon, that we will not use. Below is a working example of a '''/usr/local/etc/openldap/slapd.conf''' configuration file that you can use, just replacing the '''domain''' and the '''rootpw''' value. The '''password-hash {CLEARTEXT}''' option is mandatory for SASL to use LDAP (the format is enforced when using the password). The '''authz-regexp''' maps an authentication request to a real entry in the directory. The reason why this mapping is useful is that it avoids knowing anything about the underlying directory structure to authenticate. See [http://www.openldap.org/software/man.cgi?query=slapd.conf&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html man slapd.conf] for more configuration details.
+
== Installing Speex ==
  
#
+
Speex is a required free codec. [https://www.speex.org/downloads/ Download] speex source code then untar and install.
# See slapd.conf(5) for details on configuration options.
 
# This file should NOT be world readable.
 
#
 
include        /usr/local/etc/openldap/schema/core.schema
 
include        /usr/local/etc/openldap/schema/cosine.schema
 
include        /usr/local/etc/openldap/schema/inetorgperson.schema
 
 
# Do not enable referrals until AFTER you have a working directory
 
# service AND an understanding of referrals.
 
# referral      ldap://root.openldap.org
 
 
pidfile        /var/run/ldap/slapd.pid
 
argsfile        /var/run/ldap/slapd.args
 
 
# Load dynamic backend modules:
 
# modulepath    /usr/local/libexec/openldap
 
# moduleload    back_bdb.la
 
# moduleload    back_hdb.la
 
# moduleload    back_ldap.la
 
 
# Sample security restrictions
 
#      Require integrity protection (prevent hijacking)
 
#      Require 112-bit (3DES or better) encryption for updates
 
#      Require 63-bit encryption for simple bind
 
# security ssf=1 update_ssf=112 simple_bind=64
 
 
# Sample access control policy:
 
#      Root DSE: allow anyone to read it
 
#      Subschema (sub)entry DSE: allow anyone to read it
 
#      Other DSEs:
 
#              Allow self write access
 
#              Allow authenticated users read access
 
#              Allow anonymous users to authenticate
 
 
access to dn.base="" by * read
 
access to dn.base="cn=Subschema" by * read
 
 
access to *
 
        by self write
 
        by users read
 
        by anonymous auth
 
 
access to attrs=userPassword
 
        by self =dxw
 
        by users none
 
        by anonymous auth
 
 
# if no access controls are present, the default policy
 
# allows anyone and everyone to read anything but restricts
 
# updates to rootdn.  (e.g., "access to * by * read")
 
#
 
# rootdn can always read and write EVERYTHING!
 
 
#######################################################################
 
# proxy user definitions - SASL requires CLEARTEXT
 
#######################################################################
 
 
password-hash  {CLEARTEXT}
 
 
authz-regexp
 
                uid=([^,]*),cn=digest-md5,cn=auth
 
                cn=$1,dc=domain,dc=com
 
 
authz-policy    to
 
 
access to attrs=authzTo
 
        by self none
 
        by users none
 
        by anonymous none
 
 
#######################################################################
 
# Berkeley Data Base front end definitions
 
#######################################################################
 
 
database        bdb
 
suffix          "dc=domain,dc=com"
 
rootdn          "cn=Manager,dc=domain,dc=com"
 
 
# Cleartext passwords, especially for the rootdn, should
 
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
 
# To generate {SSHA} secret : slappasswd -s secret
 
rootpw          {SSHA}16U2kC8+yDaWDtaKWsyvKSRHMWCUmcKg
 
 
# The database directory MUST exist prior to running slapd AND
 
# should only be accessible by the slapd and slap tools.
 
# Mode 700 recommended.
 
directory      /usr/local/var/openldap-data
 
 
# Indexing options for database #1
 
index          objectClass    eq
 
index          cn,sn          eq
 
 
#######################################################################
 
# TLS Certificates
 
#######################################################################
 
 
TLSCACertificateFile    /etc/ssl/certs/cacert.pem
 
TLSCACertificatePath    /etc/ssl/certs
 
TLSCertificateFile      /etc/ssl/certs/mtacert.pem
 
TLSCertificateKeyFile  /etc/ssl/private/ldap.mtakey.pem.unsecure
 
  
When using LDAP clients on the same host, the file '''/usr/local/etc/openldap/ldap.conf''' must include a TLS_CACERT directive specifiying the same certificate as in TLSCACertificateFile above :
+
# tar -C /usr/local -xvf speex-x.y.z.tar.gz
 +
# cd /usr/local/speex-x.y.z
 +
# ./configure --prefix=/usr/local --libdir=/usr/local/lib64
 +
# make
 +
# make install
 +
# make clean
  
#
+
== Installing Asterisk ==
# LDAP Defaults
 
#
 
 
# See ldap.conf(5) for details
 
# This file should be world readable but not world writable.
 
 
BASE  dc=example,dc=com
 
URI    ldap://ldap.example.com
 
 
#SIZELIMIT      12
 
#TIMELIMIT      15
 
#DEREF          never
 
 
TLS_CACERT      /etc/ssl/certs/cacert.pem
 
TLS_CACERTDIR  /etc/ssl/certs
 
  
After that it is possible to listen on port ldaps and to use TLS to encapsulate the communications.
+
[http://www.asterisk.org/downloads Download Asterisk] then untar and install. Make menuselect affords choosing which components to use. If using mysql, be sure to read the next paragraph before invoking make. Otherwise proceed. make samples affords creating the configuration files in /usr/local/etc/asterisk.
  
== Running OpenLDAP ==
+
# groupadd asterisk
 +
# useradd -g asterisk asterisk
 +
# tar -C /usr/local --no-same-permissions --no-same-owner -xvf asterisk-x.y.z.t.tar.gz
 +
# cd /usr/local/asterisk-x.y.z.t
 +
# ./configure --prefix=/usr/local --libdir=/usr/local/lib64 --mandir=/usr/local/man \
 +
--with-asound --with-crypto --with-iconv --with-imap=/usr/local/imap-2007f \
 +
--with-jansson --with-ldap --with-speex --with-ssl
 +
# make menuselect
 +
# make
 +
# make install
 +
# make install-logrotate
 +
# make samples
 +
# make clean
 +
# chown -R asterisk:asterisk /usr/local/lib64/asterisk
 +
# chown -R asterisk:asterisk /usr/local/var/lib/asterisk
 +
# chown -R asterisk:asterisk /usr/local/var/log/asterisk
 +
# chown -R asterisk:asterisk /usr/local/var/run/asterisk
 +
# chown -R asterisk:asterisk /usr/local/var/spool/asterisk
 +
# chmod o+x /usr/local/etc/asterisk
 +
# chmod o-x /usr/local/lib64/asterisk
 +
# chmod o-x /usr/local/var/lib/asterisk
 +
# chmod o-x /usr/local/var/log/asterisk
 +
# chmod o-x /usr/local/var/run/asterisk
 +
# chmod o-x /usr/local/var/spool/asterisk
  
Start the stand-alone LDAP server '''slapd''', then check to see if the server is running with '''ps -ef | grep slapd''' and if not use switch '''-d296''' to troubleshoot from '''slapd''' output (see [http://www.openldap.org/software/man.cgi?query=slapd&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html man slapd] for details). When OK try a '''ldapsearch'''.
+
If using mysql modules, there might be a glitch with the mysql include path. Replace in the files below the lines with "#include <mysql/mysql.h>" by lines with "#include <mysql.h>" (removing the directory) :
  
  # /usr/local/libexec/slapd -u ldap -g ldap -h ldap://localhost/
+
  addons/app_mysql.c
  # ps -ef | grep slapd
+
  addons/cdr_mysql.c
  # /usr/local/bin/ldapsearch -x -H ldap://localhost/ -b "" -s base "(objectclass=*)" namingContexts
+
  addons/res_config_mysql.c
  
Slapd runs as a daemon so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly :
+
It is then possible to launch asterisk in the foreground with various levels of verbosity (depending on the number of v's). However the default configuration files include a number of options that we don't want, so we'll rename them first and start with empty files. Asterisk includes a console and then proposes a shell  :
 +
 
 +
# cd /usr/local/etc/asterisk
 +
# mv extensions.conf extensions.conf.sample
 +
# mv extensions.ael extensions.ael.sample
 +
# mv sip.conf sip.conf.sample
 +
# sudo -u asterisk asterisk -vvvc
 +
. . .
 +
*CLI>
 +
 
 +
Type '''help''' to view the available commands, however before doing anything useful we'll need to modify the configuration files so let's just '''core stop gracefully''' here.
 +
 
 +
== Running asterisk ==
 +
 
 +
Asterisk runs as a daemon so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly :
  
 
  # vi /etc/rc.d/rc.local
 
  # vi /etc/rc.d/rc.local
 
  . . .
 
  . . .
  # start slapd
+
  # start asterisk
  if [ -x /usr/local/libexec/slapd ]; then
+
  if [ -x /usr/local/sbin/safe_asterisk ]; then
         echo "Starting slapd daemon: /usr/local/libexec/slapd -u ldap -g ldap -h ldap://localhost/"
+
         echo "Starting asterisk: /usr/local/sbin/safe_asterisk -G asterisk -U asterisk -p"
         /usr/local/libexec/slapd -u ldap -g ldap -h ldap://localhost/
+
         /usr/local/sbin/safe_asterisk -G asterisk -U asterisk -p
 
  fi
 
  fi
  <esc>
+
<esc>
 
  :x
 
  :x
 
  # vi /etc/rc.d/rc.local_shutdown
 
  # vi /etc/rc.d/rc.local_shutdown
 
  . . .
 
  . . .
  # stop slapd
+
  # stop asterisk
  if [ -r /var/run/ldap/slapd.pid ]; then
+
  if [ -r /usr/local/var/run/asterisk/asterisk.pid ]; then
         echo "Stopping slapd: kill -INT `cat /var/run/ldap/slapd.pid`"
+
         echo "Stopping asterisk: kill -INT `cat /usr/local/var/run/asterisk/asterisk.pid`"
         kill -INT `cat /var/run/ldap/slapd.pid`
+
         kill -INT `cat /usr/local/var/run/asterisk/asterisk.pid`
 
  fi
 
  fi
 
  <esc>
 
  <esc>
 
  :x
 
  :x
  
== Creating Directory Entries ==
+
== Configuring Asterisk ==
 +
 
 +
Asterisk running in the backgroung, it's possible to attach to the process using '''asterisk -r''' and to exit the asterisk shell by typing '''exit'''. Most of the configuration files can be modified externally then reloaded using commands such as '''dialplan reload''', '''sip reload''', or '''voicemail reload'''. A few files however cannot (example confbridge.conf), and require restarting using '''core restart now'''. Type '''help''' to get a complete list of commands.
 +
 
 +
The configuration files are created under EPREFIX/etc and there are many of them (112 in version 1.15.0.0 !). The bad news is that they must be all reviewed and modified to remove unneeded configuration options. When done though, modifying only a few will afford getting a working system with a reasonnable set of features. We decided to use LDAP to configure our users so this is what is detailed below.
 +
 
 +
<u>Note</u> : the asterisk configuration files are organized in contexts whose names are enclosed in square brackets on a line of its own. Definitions in these contexts - otherwise mentionned - are valid inside these contexts only.
 +
 
 +
{| {{thead}}
 +
|-
 +
! {{chead}} width="150" | Configuration file
 +
! {{chead}} | Usage
 +
|-
 +
| [[Sip.conf|sip.conf]]
 +
| to configure sip accounts
 +
|-
 +
| [[Res_ldap.conf|res_ldap.conf]]
 +
| to configure LDAP users
 +
|-
 +
| [[Confbridge.conf|confbridge.conf]]
 +
| to configure conferences
 +
|-
 +
| [[Voicemail.conf|voicemail.conf]]
 +
| to configure voicemail boxes
 +
|-
 +
| [[Extensions.conf|extensions.conf]]
 +
| to configure the dialplan
 +
|}
 +
 
 +
<br clear=all>
  
To add entries to the directory, create an '''ldif''' file. Run '''ldapadd''' to add the entries, then run '''ldapsearch''' to make sure it worked.
+
== Documentation ==
  
# cd /usr/local/etc/openldap
+
[https://wiki.asterisk.org/wiki/display/AST/Asterisk+15+Documentation Asterisk Wiki]
# vi create.ldif
 
i
 
dn: dc=domain,dc=com
 
objectClass: dcObject
 
objectClass: organization
 
o: organization
 
dc: domain
 
 
dn: cn=Manager,dc=domain,dc=com
 
objectclass: organizationalRole
 
cn: Manager
 
 
dn: cn=proxyUser,dc=domain,dc=com
 
objectclass: person
 
cn: proxyUser
 
sn: proxyUser
 
userPassword: proxyPassword
 
authzTo: ldap:///dc=domain,dc=com??sub?(objectclass=person)
 
 
dn: cn=postmaster,dc=domain,dc=com
 
objectclass: person
 
cn: postmaster
 
sn: postmaster
 
userPassword: postmasterPassword
 
 
dn: cn=myUser,dc=domain,dc=com
 
objectclass: person
 
cn: myUser
 
sn: myUser
 
userPassword: myUserPassword
 
 
dn: cn=news,dc=domain,dc=com
 
objectclass: person
 
cn: news
 
sn: news
 
userPassword: newsPassword
 
 
dn: cn=xen,dc=domain,dc=com
 
objectclass: person
 
cn: xen
 
sn: xen
 
userPassword: xenPassword
 
<esc>
 
# chmod go-rx create.ldif
 
# vi delete.ldif
 
i
 
cn=xen,dc=domain,dc=com
 
cn=news,dc=domain,dc=com
 
cn=myUser,dc=domain,dc=com
 
cn=postmaster,dc=domain,dc=com
 
cn=proxyUser,dc=domain,dc=com
 
cn=Manager,dc=domain,dc=com
 
dc=domain,dc=com
 
<esc>
 
 
# ldapadd -x -H ldap://localhost/ -D "cn=Manager,dc=domain,dc=com" -W -f create.ldif
 
# ldapsearch -x -H ldap://localhost/ -D "cn=Manager,dc=domain,dc=com" -W -b "dc=domain,dc=com" "(objectclass=*)"
 
# ldapdelete -x -H ldap://localhost/ -D "cn=Manager,dc=domain,dc=com" -W -f delete.ldif
 
  
the '''authzTo:''' item above defines an OpenLdap proxy user. Once authenticated, an OpenLdap proxy user can impersonate other OpenLdap users. This affords e.g. checking passwords (needed by SASL) or updating data for other users.
+
[{{SERVER}}/wikislax/download/Asterisk.pdf Asterisk Book]
  
<br>
+
<br/>
  
{{pFoot|[[OpenSSL]]|[[Main Page]]|[[Cyrus-SASL]]}}
+
{{pFoot|[[Sucknews]]|[[Main Page]]|[[Sip.conf]]}}

Revision as of 15:13, 18 January 2025

What is OwnCloud ?

OwnCloud is a file synchronization server. It affords keeping a hierarchy of files synchronized on different clients and operating systems.

Installing OwnCloud

OwnCloud is available as a PHP application relying on various databases. See the OwnCloud documentation for details. We will be using MySQL. download tarball then untar and install. 

# tar -C /usr/local -xvf owncloud-complete-20240724.tar.bz2
# chown -R apache:apache owncloud
# cd /var/www/htdocs
# ln -s /usr/local/owncloud owncloud
# cd ..
# chown -R apache:apache owncloud

That's it. Note : the other package Dahdi-tools is not required. Other note : Dahdi requires a kernel compiled with CONFIG_CRC_CCITT=y.

Installing Jansson

Jansson is a required Json development library. Download then untar and install. 

# tar -C /usr/local -xvf jansson-x.y.z.tar.gz
# cd /usr/local/jansson-linux-x.y.z
# ./configure --prefix=/usr/local --libdir=/usr/local/lib64
# make
# make install
# make clean

Installing c-client

The asterisk imap option requires presence of library c-lient.a, which is part of Imap-uw, by the University of Washington. The University of Washington seems to be no longer distributing the software so we keep a copy for your convenience. Download then untar and install : 

# gunzip c-client.tar.Z
# tar -C /usr/local -xvf c-client.tar
# cd /usr/local
# chown -R root:root imap-2007f
# chmod -R o-w imap-2007f
# cd imap2007f
# make slx EXTRACFLAGS="-I/usr/include/openssl -g -O2 -fPIC" SSLCERTS=/etc/ssl/certs SSLKEYS=/etc/ssl/private

Installing Speex

Speex is a required free codec. Download speex source code then untar and install. 

# tar -C /usr/local -xvf speex-x.y.z.tar.gz
# cd /usr/local/speex-x.y.z
# ./configure --prefix=/usr/local --libdir=/usr/local/lib64
# make
# make install
# make clean

Installing Asterisk

Download Asterisk then untar and install. Make menuselect affords choosing which components to use. If using mysql, be sure to read the next paragraph before invoking make. Otherwise proceed. make samples affords creating the configuration files in /usr/local/etc/asterisk. 

# groupadd asterisk
# useradd -g asterisk asterisk
# tar -C /usr/local --no-same-permissions --no-same-owner -xvf asterisk-x.y.z.t.tar.gz
# cd /usr/local/asterisk-x.y.z.t
# ./configure --prefix=/usr/local --libdir=/usr/local/lib64 --mandir=/usr/local/man \
--with-asound --with-crypto --with-iconv --with-imap=/usr/local/imap-2007f \
--with-jansson --with-ldap --with-speex --with-ssl
# make menuselect
# make
# make install
# make install-logrotate
# make samples
# make clean
# chown -R asterisk:asterisk /usr/local/lib64/asterisk
# chown -R asterisk:asterisk /usr/local/var/lib/asterisk
# chown -R asterisk:asterisk /usr/local/var/log/asterisk
# chown -R asterisk:asterisk /usr/local/var/run/asterisk
# chown -R asterisk:asterisk /usr/local/var/spool/asterisk
# chmod o+x /usr/local/etc/asterisk
# chmod o-x /usr/local/lib64/asterisk
# chmod o-x /usr/local/var/lib/asterisk
# chmod o-x /usr/local/var/log/asterisk
# chmod o-x /usr/local/var/run/asterisk
# chmod o-x /usr/local/var/spool/asterisk

If using mysql modules, there might be a glitch with the mysql include path. Replace in the files below the lines with "#include <mysql/mysql.h>" by lines with "#include <mysql.h>" (removing the directory) : 

addons/app_mysql.c
addons/cdr_mysql.c
addons/res_config_mysql.c

It is then possible to launch asterisk in the foreground with various levels of verbosity (depending on the number of v's). However the default configuration files include a number of options that we don't want, so we'll rename them first and start with empty files. Asterisk includes a console and then proposes a shell  : 

# cd /usr/local/etc/asterisk
# mv extensions.conf extensions.conf.sample
# mv extensions.ael extensions.ael.sample
# mv sip.conf sip.conf.sample
# sudo -u asterisk asterisk -vvvc
. . .
*CLI>

Type help to view the available commands, however before doing anything useful we'll need to modify the configuration files so let's just core stop gracefully here.

Running asterisk

Asterisk runs as a daemon so must be launched at startup and stopped at shutdown. Update /etc/rc.d/rc.local and /etc/rc.d/rc.local_shutdown accordingly : 

# vi /etc/rc.d/rc.local
. . .
# start asterisk
if [ -x /usr/local/sbin/safe_asterisk ]; then
        echo "Starting asterisk: /usr/local/sbin/safe_asterisk -G asterisk -U asterisk -p"
        /usr/local/sbin/safe_asterisk -G asterisk -U asterisk -p
fi
<esc>
:x
# vi /etc/rc.d/rc.local_shutdown
. . .
# stop asterisk
if [ -r /usr/local/var/run/asterisk/asterisk.pid ]; then
        echo "Stopping asterisk: kill -INT `cat /usr/local/var/run/asterisk/asterisk.pid`"
        kill -INT `cat /usr/local/var/run/asterisk/asterisk.pid`
fi
<esc>
:x

Configuring Asterisk

Asterisk running in the backgroung, it's possible to attach to the process using asterisk -r and to exit the asterisk shell by typing exit. Most of the configuration files can be modified externally then reloaded using commands such as dialplan reload, sip reload, or voicemail reload. A few files however cannot (example confbridge.conf), and require restarting using core restart now. Type help to get a complete list of commands.

The configuration files are created under EPREFIX/etc and there are many of them (112 in version 1.15.0.0 !). The bad news is that they must be all reviewed and modified to remove unneeded configuration options. When done though, modifying only a few will afford getting a working system with a reasonnable set of features. We decided to use LDAP to configure our users so this is what is detailed below.

Note : the asterisk configuration files are organized in contexts whose names are enclosed in square brackets on a line of its own. Definitions in these contexts - otherwise mentionned - are valid inside these contexts only.

Configuration file Usage
sip.conf to configure sip accounts
res_ldap.conf to configure LDAP users
confbridge.conf to configure conferences
voicemail.conf to configure voicemail boxes
extensions.conf to configure the dialplan


Documentation

Asterisk Wiki

Asterisk Book


Sucknews Main Page Sip.conf
Retrieved from "http://studioware.com/wikislax/index.php?title=OpenLDAP&oldid=112"