Res ldap.conf

LDAP configuration

The OpenLDAP directory built earlier must be modified to include the asterisk schema, that can be copied from /usr/local/asterisk-x.y.z.t/contrib/scripts/asterisk.ldap-schema into /usr/local/etc/openldap/schema. The schema must then be included from /usr/local/etc/openldap/slapd.conf:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/asterisk.schema
. . .

A restart is required:

# /etc/rc.d/rc.slapd restart

We need to define a structure in the OpenLDAP directory where to store the asterisk information. For example we can put our users and extentions under entries by the same name just below the root of the directory. This can be done with the following LDIF file that we add to the directory using the ldapadd command:

#OU users
dn: ou=users,dc=studioware,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
# OU extensions
dn: ou=extensions,dc=studioware,dc=com
objectClass: top
objectClass: organizationalUnit
ou: extensions

# ldapadd -x -D "cn=Manager,dc=studioware,dc=com" -W -f yourLDIFpath

• -x : affords using a simple authentication (as opposed to SASL tricky schemes)
• -D : affords defining the user (here cn=Manager,dc=studioware,dc=com)
• -W : affords being prompted to enter the password
• -f : affords specifying the LDIF file name

res_ldap.conf

The res_ldap.conf file affords detailing how to access the LDAP database and which schema variables to use. Let's start with the LDAP connection information, located in the [_general] context:

[_general]
;
; Specify one of either host and port OR url.  URL is preferred, as you can
; use more options.
host=localhost                       ; LDAP host
port=389
url=ldap://localhost
protocol=3                           ; Version of the LDAP protocol to use; default is 3.
basedn=dc=studioware,dc=com          ; Base DN
user=cn=Manager,dc=studioware,dc=com ; Bind DN
pass=mysecret                        ; Bind password

The other contexts, [extensions], [sip], and [IAX], afford defining the correspondance between the variable names in Asterisk (on the left) and the variable names in the LDAP schema (on the right). Here is an example for the [extensions] context:

;
; Extensions Table
;
[extensions]
;context  =  AstExtensionContext
;exten  =  AstExtensionExten
;priority = AstExtensionPriority
;app = AstExtensionApplication
;appdata = AstExtensionApplicationData
;additionalFilter=(objectClass=AstExtension)
context  =  AstContext
exten  =  AstExtension
priority = AstPriority
app = AstApplication
appdata = AstApplicationData
additionalFilter=(objectClass=AsteriskExtension)

For a full content example of the res_ldap.conf file please click here. But please note that some names in your particular situation might differ from the names listed in this file and you could have to fix it.

extconfig.conf

The [settings] context of extconfig.conf affords defining in which subtrees Asterisk should get the users and extension entries:

;
; Static and realtime external configuration
; engine configuration
;
; See https://wiki.asterisk.org/wiki/display/AST/Realtime+Database+Configuration
; for basic table formatting information.
;
[settings]

sipusers => ldap,"ou=users,dc=studioware,dc=com",sip
sippeers => ldap,"ou=users,dc=studioware,dc=com",sip
extensions => ldap,"ou=extensions,dc=studioware,dc=com",extensions
. . .

sip.conf

For OpenLDAP to properly work these options must be added to the [general] context of the sip.conf file:

[general]
rtcachefriends=yes
callevents=yes
realm=studioware.com
. . .

• rtcachefriends=yes // affords putting in cache the user info (mandatory at it affords keeping in memory the IP address with which the user connected).
• callevents=yes // affords raising information about a call
• realm=studioware.com // LDAP domain name

extensions.conf

The switch statement can be declared in one or more contexts to include the users or extensions LDAP records that have an AstAccountContext field matching the context name, for example:

[internal]
switch => Realtime/@
. . .

[freephonie]
. . .
switch => Realtime/@
. . .

Note : including the extensions LDAP records in several contexts is possible thanks to the fact the the AstAccountContext field is multivalued.

Making sure

At this point Asterisk should be able to take the new configuration into account (with no user defined). Connect to the asterisk console, reload the modules and the configuration files and display the ldap status:

# asterisk -r
Asterisk 15.0.0, Copyright (C) 1999 - 2016, Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 15.0.0 currently running on inner (pid = 2563)
inner*CLI> module reload
[Nov 28 21:29:09] NOTICE[2827]: sorcery.c:1407 sorcery_object_load: Type 'system' is not reloadable, maintaining previous values
[Nov 28 21:29:09] WARNING[2818]: res_phoneprov.c:1230 get_defaults: Unable to find a valid server address or name.
[Nov 28 21:29:09] NOTICE[2818]: chan_skinny.c:8445 config_load: Configuring skinny from skinny.conf
[Nov 28 21:29:09] NOTICE[2818]: cel_custom.c:95 load_config: No mappings found in cel_custom.conf. Not logging CEL to custom CSVs.
[Nov 28 21:29:09] NOTICE[2818]: app_queue.c:8999 reload_queue_rules: queuerules.conf has not changed since it was last loaded. Not taking any action.
inner*CLI> sip reload
inner*CLI> dialplan reload
Dialplan reloaded.
inner*CLI> realtime show ldap status
Connected to 'ldap://localhost', baseDN dc=studioware,dc=com with username cn=Manager,dc=studioware,dc=com for 40 seconds
inner*CLI> quit
Asterisk cleanly ending (0).
Executing last minute cleanups
root@inner:/usr/local/etc/asterisk#

Adding Asterisk users

A small script will afford adding users to the users and extensions subtrees of the directory. In this script we create users in context [internal] and extensions in contexts [internal] and [freephonie], creating two values in multivalued field AstAccountContext. Once the user created in LDAP, SIP registration can be checked on the display of the phone and on the Asterisk console:

root@inner:/usr/local/etc/asterisk# asterisk -r
Asterisk 15.0.0, Copyright (C) 1999 - 2016, Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 15.0.0 currently running on inner (pid = 2563)
[Nov 28 21:39:46] NOTICE[2678]: chan_sip.c:24648 handle_response_peerpoke: Peer 'jp' is now Reachable. (9ms / 2000ms)
inner*CLI> quit
Asterisk cleanly ending (0).
Executing last minute cleanups
root@inner:/usr/local/etc/asterisk#