1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
;
; Configuration file for res_config_ldap
;
; Realtime configuration
; ----------------------
; In order to use this module, you start
; in extconfig.conf with a configuration like this:
;
; sipusers = ldap,"dc=myDomain,dc=myDomainExt",sip
; sippeers = ldap,"dc=myDomain,dc=myDomainExt",sip
; extensions = ldap,"dc=myDomain,dc=myDomainExt",extensions
; sip.conf = ldap,"dc=myDomain,dc=myDomainExt",config
;
; In the case of LDAP the last keyword in each line above specifies
; a section in this file.
; TLS support
; -----------
; Note that you can configure an ldaps: url here to get TLS support.
; Detailed configuration of certificates and supported CAs is done in your
; ldap.conf file for OpenLDAP clients on your system.
; This requires that you have OpenLDAP libraries compiled with TLS support
; *********************************************************************************
; NOTE: res_ldap.conf should be chmod 600 because it contains the plain-text LDAP
; password to an account with WRITE access to the asterisk configuration.
; *********************************************************************************
[_general]
;
; Specify one of either host and port OR url. URL is preferred, as you can
; use more options.
;host=192.168.1.1 ; LDAP host
;port=389
;url=ldap://ldap3.mydomain.com:3890
;protocol=3 ; Version of the LDAP protocol to use; default is 3.
;basedn=dc=example,dc=tld ; Base DN
;user=cn=asterisk,dc=example,dc=tld ; Bind DN
;pass=MyPassword ; Bind password
; Configuration Table
[config]
;
; additionalFilter - This specifies an additional set of criteria to be used
; when querying the LDAP server.
;
additionalFilter=(objectClass=AstConfig)
;
; Attributes mapping (asterisk variable name = ldap attribute name)
; When Asterisk requests the variable by the name of the value on the left,
; this module will look up the attribute listed on the right.
;
filename = AstConfigFilename
category = AstConfigCategory
variable_name = AstConfigVariableName
variable_value = AstConfigVariableValue
cat_metric = AstConfigCategoryMetric
commented = AstConfigCommented
;
; Extensions Table
;
[extensions]
context = AstExtensionContext
exten = AstExtensionExten
priority = AstExtensionPriority
app = AstExtensionApplication
appdata = AstExtensionApplicationData
additionalFilter=(objectClass=AstExtension)
;
; Sip Users Table
;
[sip]
name = cn ; We use the "cn" as the default value for name on the line above
; because objectClass=AsteriskSIPUser does not include a uid as an allowed field
; If your entry combines other objectClasses and uid is available, you may
; prefer to change the line to be name = uid, especially if your LDAP entries
; contain spaces in the cn field.
; You may also find it appropriate to use something completely different.
; This is possible by changing the line above to name = AstAccountName (or whatever you
; prefer).
;
amaflags = AstAccountAMAFlags
callgroup = AstAccountCallGroup
callerid = AstAccountCallerID
directmedia = AstAccountDirectMedia
context = AstAccountContext
dtmfmode = AstAccountDTMFMode
fromuser = AstAccountFromUser
fromdomain = AstAccountFromDomain
fullcontact = AstAccountFullContact
fullcontact = gecos
host = AstAccountHost
insecure = AstAccountInsecure
mailbox = AstAccountMailbox
md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with
; {md5} but it is not required.
; Generate the password via the md5sum command, e.g.
; echo "my_password" | md5sum
nat = AstAccountNAT
deny = AstAccountDeny
permit = AstAccountPermit
pickupgroup = AstAccountPickupGroup
port = AstAccountPort
qualify = AstAccountQualify
restrictcid = AstAccountRestrictCID
rtptimeout = AstAccountRTPTimeout
rtpholdtimeout = AstAccountRTPHoldTimeout
type = AstAccountType
disallow = AstAccountDisallowedCodec
allow = AstAccountAllowedCodec
MusicOnHold = AstAccountMusicOnHold
regseconds = AstAccountExpirationTimestamp
regcontext = AstAccountRegistrationContext
regexten = AstAccountRegistrationExten
CanCallForward = AstAccountCanCallForward
ipaddr = AstAccountIPAddress
defaultuser = AstAccountDefaultUser
regserver = AstAccountRegistrationServer
lastms = AstAccountLastQualifyMilliseconds
additionalFilter=(objectClass=AsteriskSIPUser)
;
; IAX Users Table
;
[iax]
amaflags = AstAccountAMAFlags
callerid = AstAccountCallerID
context = AstAccountContext
fullcontact = AstAccountFullContact
fullcontact = gecos
host = AstAccountHost
mailbox = AstAccountMailbox
md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with
; {md5} but it is not required.
; Generate the password via the md5sum command, e.g.
; echo "my_password" | md5sum
deny = AstAccountDeny
permit = AstAccountPermit
port = AstAccountPort
qualify = AstAccountQualify
type = AstAccountType
disallow = AstAccountDisallowedCodec
allow = AstAccountAllowedCodec
regseconds = AstAccountExpirationTimestamp
regcontext = AstAccountRegistrationContext
regexten = AstAccountRegistrationExten
notransfer = AstAccountNoTransfer
lastms = AstAccountLastQualifyMilliseconds
additionalFilter=(objectClass=AstAccountIAX)
;
; A Test Family
;
[testfamily]
MyUSERID = uid
additionalFilter=(objectClass=*)
[accounts]
amaflags = AstAccountAMAFlags
callgroup = AstAccountCallGroup
callerid = AstAccountCallerID
directmedia = AstAccountDirectMedia
context = AstAccountContext
dtmfmode = AstAccountDTMFMode
fromuser = AstAccountFromUser
fromdomain = AstAccountFromDomain
fullcontact = AstAccountFullContact
fullcontact = gecos
host = AstAccountHost
insecure = AstAccountInsecure
mailbox = AstAccountMailbox
md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with
; {md5} but it is not required.
; Generate the password via the md5sum command, e.g.
; echo "my_password" | md5sum
nat = AstAccountNAT
deny = AstAccountDeny
permit = AstAccountPermit
pickupgroup = AstAccountPickupGroup
port = AstAccountPort
qualify = AstAccountQualify
restrictcid = AstAccountRestrictCID
rtptimeout = AstAccountRTPTimeout
rtpholdtimeout = AstAccountRTPHoldTimeout
type = AstAccountType
disallow = AstAccountDisallowedCodec
allow = AstAccountAllowedCodec
MusicOnHold = AstAccountMusicOnHold
regseconds = AstAccountExpirationTimestamp
regcontext = AstAccountRegistrationContext
regexten = AstAccountRegistrationExten
CanCallForward = AstAccountCanCallForward
additionalFilter=(objectClass=AstAccount)
|
