1 files changed, 27 insertions, 9 deletions

diff --git a/configs/res_ldap.conf.sample b/configs/res_ldap.conf.sample
index b9ab8dffc..739e4ba11 100644
--- a/configs/res_ldap.conf.sample
+++ b/configs/res_ldap.conf.sample
@@ -9,6 +9,10 @@
 ; extensions = ldap,"dc=myDomain,dc=myDomainExt",extensions
 ; sip.conf = ldap,"dc=myDomain,dc=myDomainExt",config
 
+; *********************************************************************************
+; NOTE: res_ldap.conf should be chmod 600 because it contains the plain-text LDAP
+;       password to an account with WRITE access to the asterisk configuration. 
+; *********************************************************************************
 
 [_general]
 ;
@@ -18,8 +22,8 @@
 ;port=389
 ;url=ldap://ldap3.mydomain.com:3890
 ;protocol=3                          ; Version of the LDAP protocol to use; default is 3.
-;basedn=MyRootDN                     ; Base DN
-;user=MyDN                           ; Bind DN
+;basedn=dc=example,dc=tld            ; Base DN
+;user=cn=asterisk,dc=example,dc=tld  ; Bind DN
 ;pass=MyPassword                     ; Bind password
 
 ; Configuration Table
@@ -56,7 +60,15 @@ additionalFilter=(objectClass=AstExtension)
 ; Sip Users Table
 ;
 [sip]
-name = cn
+name = cn       ; We use the "cn" as the default value for name on the line above
+                ; because objectClass=AsteriskSIPUser does not include a uid as an allowed field
+                ; If your entry combines other objectClasses and uid is available, you may
+                ; prefer to change the line to be name = uid, especially if your LDAP entries
+                ; contain spaces in the cn field.
+                ; You may also find it appropriate to use something completely different.
+                ; This is possible by changing the line above to name = AstAccountName (or whatever you
+                ; prefer).
+                ;
 amaflags = AstAccountAMAFlags
 callgroup = AstAccountCallGroup
 callerid = AstAccountCallerID
@@ -70,8 +82,10 @@ fullcontact = gecos
 host = AstAccountHost
 insecure = AstAccountInsecure
 mailbox = AstAccountMailbox
-md5secret = AstAccountRealmedPassword		; Must be an MD5 hash. Field value can start with
-					; {md5} but it is not required.
+md5secret = AstAccountRealmedPassword           ; Must be an MD5 hash. Field value can start with
+                                                ; {md5} but it is not required.
+                                                ; Generate the password via the md5sum command, e.g.
+                                                ; echo "my_password" | md5sum
 nat = AstAccountNAT
 deny = AstAccountDeny
 permit = AstAccountPermit
@@ -106,8 +120,10 @@ fullcontact = AstAccountFullContact
 fullcontact = gecos
 host = AstAccountHost
 mailbox = AstAccountMailbox
-md5secret = AstAccountRealmedPassword		; Must be an MD5 hash. Field value can start with
-					; {md5} but it is not required.
+md5secret = AstAccountRealmedPassword           ; Must be an MD5 hash. Field value can start with
+                                                ; {md5} but it is not required.
+                                                ; Generate the password via the md5sum command, e.g.
+                                                ; echo "my_password" | md5sum
 deny = AstAccountDeny
 permit = AstAccountPermit
 port = AstAccountPort
@@ -143,8 +159,10 @@ fullcontact = gecos
 host = AstAccountHost
 insecure = AstAccountInsecure
 mailbox = AstAccountMailbox
-md5secret = AstAccountRealmedPassword		; Must be an MD5 hash. Field value can start with
-					; {md5} but it is not required.
+md5secret = AstAccountRealmedPassword           ; Must be an MD5 hash. Field value can start with
+                                                ; {md5} but it is not required.
+                                                ; Generate the password via the md5sum command, e.g.
+                                                ; echo "my_password" | md5sum
 nat = AstAccountNAT
 deny = AstAccountDeny
 permit = AstAccountPermit