diff options
| -rw-r--r-- | channels/chan_sip.c | 6 | ||||
| -rw-r--r-- | configs/res_ldap.conf.sample | 36 | ||||
| -rw-r--r-- | contrib/scripts/asterisk.ldif | 171 |
3 files changed, 168 insertions, 45 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 2e8cfe230..8ffc323df 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -4622,6 +4622,12 @@ static void realtime_update_peer(const char *peername, struct sockaddr_in *sin, else if (sip_cfg.rtsave_sysname) syslabel = "regserver"; + /* XXX IMPORTANT: Anytime you add a new parameter to be updated, you + * must also add it to contrib/scripts/asterisk.ldap-schema, + * contrib/scripts/asterisk.ldif, + * and to configs/res_ldap.conf.sample as described in + * bugs 15156 and 15895 + */ if (fc) { ast_update_realtime(tablename, "name", peername, "ipaddr", ipaddr, "port", port, "regseconds", regseconds, diff --git a/configs/res_ldap.conf.sample b/configs/res_ldap.conf.sample index b9ab8dffc..739e4ba11 100644 --- a/configs/res_ldap.conf.sample +++ b/configs/res_ldap.conf.sample @@ -9,6 +9,10 @@ ; extensions = ldap,"dc=myDomain,dc=myDomainExt",extensions ; sip.conf = ldap,"dc=myDomain,dc=myDomainExt",config +; ********************************************************************************* +; NOTE: res_ldap.conf should be chmod 600 because it contains the plain-text LDAP +; password to an account with WRITE access to the asterisk configuration. +; ********************************************************************************* [_general] ; @@ -18,8 +22,8 @@ ;port=389 ;url=ldap://ldap3.mydomain.com:3890 ;protocol=3 ; Version of the LDAP protocol to use; default is 3. -;basedn=MyRootDN ; Base DN -;user=MyDN ; Bind DN +;basedn=dc=example,dc=tld ; Base DN +;user=cn=asterisk,dc=example,dc=tld ; Bind DN ;pass=MyPassword ; Bind password ; Configuration Table @@ -56,7 +60,15 @@ additionalFilter=(objectClass=AstExtension) ; Sip Users Table ; [sip] -name = cn +name = cn ; We use the "cn" as the default value for name on the line above + ; because objectClass=AsteriskSIPUser does not include a uid as an allowed field + ; If your entry combines other objectClasses and uid is available, you may + ; prefer to change the line to be name = uid, especially if your LDAP entries + ; contain spaces in the cn field. + ; You may also find it appropriate to use something completely different. + ; This is possible by changing the line above to name = AstAccountName (or whatever you + ; prefer). + ; amaflags = AstAccountAMAFlags callgroup = AstAccountCallGroup callerid = AstAccountCallerID @@ -70,8 +82,10 @@ fullcontact = gecos host = AstAccountHost insecure = AstAccountInsecure mailbox = AstAccountMailbox -md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with - ; {md5} but it is not required. +md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with + ; {md5} but it is not required. + ; Generate the password via the md5sum command, e.g. + ; echo "my_password" | md5sum nat = AstAccountNAT deny = AstAccountDeny permit = AstAccountPermit @@ -106,8 +120,10 @@ fullcontact = AstAccountFullContact fullcontact = gecos host = AstAccountHost mailbox = AstAccountMailbox -md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with - ; {md5} but it is not required. +md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with + ; {md5} but it is not required. + ; Generate the password via the md5sum command, e.g. + ; echo "my_password" | md5sum deny = AstAccountDeny permit = AstAccountPermit port = AstAccountPort @@ -143,8 +159,10 @@ fullcontact = gecos host = AstAccountHost insecure = AstAccountInsecure mailbox = AstAccountMailbox -md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with - ; {md5} but it is not required. +md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with + ; {md5} but it is not required. + ; Generate the password via the md5sum command, e.g. + ; echo "my_password" | md5sum nat = AstAccountNAT deny = AstAccountDeny permit = AstAccountPermit diff --git a/contrib/scripts/asterisk.ldif b/contrib/scripts/asterisk.ldif index 7286d90b1..5a05d9e85 100644 --- a/contrib/scripts/asterisk.ldif +++ b/contrib/scripts/asterisk.ldif @@ -99,8 +99,15 @@ olcObjectIdentifier: AstVoicemailOptions AstAttrType:56 olcObjectIdentifier: AstVoicemailTimestamp AstAttrType:57 olcObjectIdentifier: AstVoicemailContext AstAttrType:58 olcObjectIdentifier: AstAccountSubscribeContext AstAttrType:59 -olcObjectIdentifier: AstAccountIpAddr AstAttrType:60 olcObjectIdentifier: AstAccountUserAgent AstAttrType:61 +olcObjectIdentifier: AstAccountLanguage AstAttrType:62 +olcObjectIdentifier: AstAccountTransport AstAttrType:63 +olcObjectIdentifier: AstAccountPromiscRedir AstAttrType:64 +olcObjectIdentifier: AstAccountAccountCode AstAttrType:65 +olcObjectIdentifier: AstAccountSetVar AstAttrType:66 +olcObjectIdentifier: AstAccountAllowOverlap AstAttrType:67 +olcObjectIdentifier: AstAccountVideoSupport AstAttrType:68 +olcObjectIdentifier: AstAccountIgnoreSDPVersion AstAttrType:69 # # ############################################################################# @@ -112,6 +119,9 @@ olcObjectIdentifier: AsteriskIAXUser AstObjectClass:2 olcObjectIdentifier: AsteriskSIPUser AstObjectClass:3 olcObjectIdentifier: AsteriskConfig AstObjectClass:4 olcObjectIdentifier: AsteriskVoiceMail AstObjectClass:5 +olcObjectIdentifier: AsteriskDialplan AstObjectClass:6 +olcObjectIdentifier: AsteriskAccount AstObjectClass:7 +olcObjectIdentifier: AsteriskMailbox AstObjectClass:8 # # ############################################################################# @@ -563,16 +573,65 @@ olcAttributeTypes: ( AstAccountSubscribeContext SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) # -olcAttributeTypes: ( AstAccountIpAddr - NAME 'AstAccountIpAddr' - DESC 'Asterisk aaccount IP address' +olcAttributeTypes: ( AstAccountUserAgent + NAME 'AstAccountUserAgent' + DESC 'Asterisk account user context' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) # -olcAttributeTypes: ( AstAccountUserAgent - NAME 'AstAccountUserAgent' - DESC 'Asterisk account user context' +olcAttributeTypes: ( AstAccountLanguage + NAME 'AstAccountLanguage' + DESC 'Asterisk account user language' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +# +olcAttributeTypes: ( AstAccountTransport + NAME 'AstAccountTransport' + DESC 'Asterisk account transport type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +# +olcAttributeTypes: ( AstAccountPromiscRedir + NAME 'AstAccountPromiscRedir' + DESC 'Asterisk account promiscous redirects' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +# +olcAttributeTypes: ( AstAccountAccountCode + NAME 'AstAccountAccountCode' + DESC 'Asterisk account billing code' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +# +olcAttributeTypes: ( AstAccountSetVar + NAME 'AstAccountSetVar' + DESC 'Asterisk account setvar' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +# +olcAttributeTypes: ( AstAccountAllowOverlap + NAME 'AstAccountAllowOverlap' + DESC 'Asterisk account allow overlap dialing' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +# +olcAttributeTypes: ( AstAccountVideoSupport + NAME 'AstAccountVideoSupport' + DESC 'Asterisk account video support' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) +# +olcAttributeTypes: ( AstAccountIgnoreSDPVersion + NAME 'AstAccountIgnoreSDPVersion' + DESC 'Asterisk account ignore SDP version' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) @@ -632,6 +691,7 @@ olcObjectClasses: ( AsteriskIAXUser AstAccountPort $ AstAccountQualify $ AstAccountType $ + AstAccountLanguage $ AstAccountDisallowedCodec $ AstAccountExpirationTimestamp $ AstAccountRegistrationContext $ @@ -639,7 +699,10 @@ olcObjectClasses: ( AsteriskIAXUser AstAccountNoTransfer $ AstAccountName $ AstAccountLastQualifyMilliseconds $ - AstAccountCallLimit + AstAccountCallLimit $ + AstAccountSubscribeContext $ + AstAccountIPAddress $ + AstAccountUserAgent ) ) # @@ -649,43 +712,53 @@ olcObjectClasses: ( AsteriskSIPUser SUP AsteriskExtension AUXILIARY MUST cn MAY ( - AstAccountAMAFlags $ - AstAccountCallGroup $ - AstAccountCallerID $ + AstAccountAccountCode $ + AstAccountAllowOverlap $ + AstAccountAllowedCodec $ + AstAccountAMAFlags $ + AstAccountCallGroup $ + AstAccountCallLimit $ + AstAccountCallerID $ + AstAccountCanCallForward $ AstAccountCanReinvite $ AstAccountContext $ + AstAccountDTMFMode $ AstAccountDefaultUser $ - AstAccountDTMFMode $ - AstAccountFromUser $ - AstAccountFromDomain $ - AstAccountFullContact $ - AstAccountHost $ - AstAccountInsecure $ + AstAccountDeny $ + AstAccountDisallowedCodec $ + AstAccountExpirationTimestamp $ + AstAccountFromDomain $ + AstAccountFromUser $ + AstAccountFullContact $ + AstAccountHost $ + AstAccountIgnoreSDPVersion $ + AstAccountInsecure $ AstAccountIPAddress $ - AstAccountMailbox $ - AstAccountRealmedPassword $ + AstAccountLanguage $ + AstAccountLastQualifyMilliseconds $ + AstAccountMailbox $ + AstAccountMusicOnHold $ AstAccountNAT $ - AstAccountDeny $ - AstAccountPermit $ - AstAccountPickupGroup $ + AstAccountName $ + AstAccountPermit $ + AstAccountPickupGroup $ AstAccountPort $ - AstAccountQualify $ - AstAccountRestrictCID $ - AstAccountRTPTimeout $ + AstAccountPromiscRedir $ + AstAccountQualify $ AstAccountRTPHoldTimeout $ - AstAccountType $ - AstAccountDisallowedCodec $ - AstAccountAllowedCodec $ - AstAccountMusicOnHold $ - AstAccountExpirationTimestamp $ - AstAccountRegistrationContext $ + AstAccountRTPTimeout $ + AstAccountRealmedPassword $ + AstAccountRegistrationContext $ AstAccountRegistrationExten $ AstAccountRegistrationServer $ - AstAccountCanCallForward $ - AstAccountSecret $ - AstAccountName $ - AstAccountLastQualifyMilliseconds $ - AstAccountCallLimit + AstAccountRestrictCID $ + AstAccountSecret $ + AstAccountSetVar $ + AstAccountSubscribeContext $ + AstAccountTransport $ + AstAccountType $ + AstAccountUserAgent $ + AstAccountVideoSupport ) ) # @@ -734,3 +807,29 @@ olcObjectClasses: ( AsteriskVoiceMail ) ) # +olcObjectClasses: ( AsteriskDialplan + NAME 'AsteriskDialplan' + DESC 'Asterisk Dialplan Information' + SUP top STRUCTURAL + MUST ( + AstExtension + ) + ) +# +olcObjectClasses: ( AsteriskAccount + NAME 'AsteriskAccount' + DESC 'Asterisk Account Information' + SUP top STRUCTURAL + MUST ( + AstAccountName + ) + ) +# +olcObjectClasses: ( AsteriskMailbox + NAME 'AsteriskMailbox' + DESC 'Asterisk Mailbox Information' + SUP top STRUCTURAL + MUST ( + AstVoicemailMailbox + ) + ) |