Asterisk's external configuration (LDAP)

De Ensiwiki
Aller à : navigation, rechercher
VoIP deployment
"Projet de Spécialité 2010" Deployment of VoIP platform
Team Ouakkadi Mohamed Yassine, Rafiq Oualid, Legras-Lecarpentier Matthieu,Piton Benjamin, Torre Luc-Alexandre
Professors Franck Rousseau
Alphand Olivier
LIG laboratory, Drakkar group
Location Grenoble INP Ensimag
Date June 2010




Introduction

Since the 1.6.x version, Asterisk has given the opportunity to export its configuration's data to an LDAP directory tree About LDAP. This externalisation is very useful because it allows to centralize the server's configuration and also to manage easily with a web interface as phpldapadmin.

How to Install and configure Asterisk

Installing Asterisk

This section deals with the additionnal steps that allow to recognize LDAP by the VoIP's server. If you want more information about all the steps for installing Asterisk and its normal configuration, you can find it here Asterisk installation. In order to use LDAP with Asterisk, you have to specify it before compiling it with the following commands:

    LIBS=-lldap
    export LIBS

Once you installed Asterisk, you, now have to configure it so that he can get its data from the LDAP directory tree.

Asterisk's configuration

  • sip.conf

The file sip.conf contains some general settings that concern all the clients in the [general] section and one section for each user that specifies his own parameters. In our case, these sections will be exported to LDAP. The general section would be for example stored in an entry "ou=sip.conf,dc=***,dc=**" and the clients parameters in an entry "ou=sipusers,dc=***,dc=**" for example.

  • extensions.conf

In this file, we have sections named contexts that describe different categories of calls. In these sections, all the steps that Asterisk has to follow should be specified for each extension. all these contexts will be stored in an entry "ou=extensions,dc=***,dc=**" for example but Asterisk has to know that where to find the extensions. The following instruction specify this :

   switch => Realtime / context@family

Here is a short example of an extensions.conf with three contexts :

   [incoming_calls]
   switch => Realtime/@ // In this case, Asterisk searchs for the current context in the extensions family by default. 
   //The family's path is specified in extconfig.conf
   [demo]
   switch => Realtime/@
   [default]
   include => incoming_calls
   include => demo
  • extconfig.conf

In this file, we specify where the different families are stored wich allows Asterisk to go and get the parameters he needs. The extconfig.conf file could be like this for example :

   sipusers => ldap,"dc=***,dc=**",sip
   sippeers => ldap,"dc=***,dc=**",sip
   extensions => ldap,"dc=***,dc=**",extensions
   sip.conf => ldap,"dc=***,dc=**",config

The last line for example means that the family "sip.conf" is stored in the LDAP directory with the specified base DN. At the end of each line we specify the section that corresponds to the family in the res_ldap.conf file. Other configuration files not mentionned in the above example can be exported as the voicemai.conf.

  • res_ldap.conf

This file specifies the LDAP server's url and all the connexion's parameters that Asterisk needs to be connected to the directory. We have also sections with the family names that we saw in the above paragraph, in which we match the Asterisk's configuration parameters to the corresponding attributes and classes in LDAP. You can find an example of this file Media:res_ldap.pdf

AttentionYou can change the attributes and classes names if you want and also add or retrieve some of them depending on what you need but don't forget to make the same changes in the schema you will add to LDAP's configuration. This will be explained in the next section


Once you complete this configuration, you have ton install and configure LDAP and fill it with your data.

How to install and configure LDAP

LDAP's installation and configuration don't change wether you use it with Asterisk or another client. To get more information about this you can go to this page LDAP installation

How to add the Asterisk's schema to LDAP

when you install your LDAP, you will find some schemas included by default as core.schema, cosine.schema or inetorgperson.schema. To store your Asterisk's configuration in LDAP, you have to add a specific schema with the attributes you defined in res_ldap.conf, so that LDAP can recognize them. There are two ways to do this depending on your version.Let's begin with the easy one.

  • For an LDAP version previous to the 2.3 one, you have a configuration file "/etc/openldap/slapd.conf" where you can add the following line:
    include /etc/openldap/schema/asterisk.schema

Of course you have to put the asterisk.schema at the directory mentionned. you can find a generic schema for asterisk in here Media:Asterisk_schema.pdf.

  • Since the 2.3 version, the configuration has become dynamic and is stored in directory tree with cn=config as base DN. You can find it at "/etc/ldap/slapd.d/". To add the schema, you have to follow the next steps ( you can find it also here help-ubuntu [1]

1.Fisrt of all, put your Asterisk.schema at "/etc/ldap/schema/"

AttentionAs we said before, this is a generic schema that can be adapted to what you need. You can add some attributes and make some changes in the different classes. For example, if you want to create an entry which type is "AsteriskExtension", you may have to change it to a STRUCTURAL class because in LDAP, you can't have an object belonging only to an AUXILIARY class


2.Create a new file named "schema_convert.conf" that will contain the following lines:

include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/asterisk.schema

3.Create a temporary directory where we'll put the conversion's result

      mkdir /tmp/ldif_output

4.With the "slapcat" command, convert your schema to a ".ldif" file :

  slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "cn={4}asterisk,cn=schema,
  cn=config" > /tmp/cn=asterisk.ldif

5.Modify the file in the temporary directory /tmp/cn\=asterisk.ldif : at the top, change the following lines

               dn: cn=asterisk,cn=schema,cn=config
               ...
               cn: asterisk

then, delete the lines at the bottom of the file

               structuralObjectClass: olcSchemaConfig
               entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757
               creatorsName: cn=config
               createTimestamp: 20080826021140Z
               entryCSN: 20080826021140.791425Z#000000#000#000000
               modifiersName: cn=config
               modifyTimestamp: 20080826021140Z

6.Finally, add the "asterisk.ldiff" file to the configuration directory tree :

     ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\=asterisk.ldif

To verify that all went right, make sure that you have cn={4}asterisk.ldiff at "/etc/ldap/slapd.d/cn=config/cn=schema/"

An example of Asterisk's data in LDAP

If you want to have an idea about how you can organize your asterik's configuration in a directory tree you can take look at the example given here Media:example_ldif.pdf

the file can be add to LDAP using the "ldapadd" command as you explained in LDAP installation

How to know that it works

In order to test if Asterisk is connected to your LDAP directory tree, you can use the following command :

     CLI> realtime show ldaps status 
 Connected to 'ldap://adresse.server.ldap/', baseDN dc=*****,dc=** with username cn=admin,dc=*****,dc=** for 10 seconds
AttentionFirst of all, you have to read carefully the messages that Asterisk gives when it starts. Sometimes, you can have some errors that concern the connexion to LDAP. For example, you can have something like "couldn't load 'sip.conf'". In this case, it would be better to catch some captures with wireshark and see what Asterisk tries to find because sometimes it's just a difference between the name of the class that he searches for and the one that you stored.


if everything goes right, you can check if your settings have bee loaded with :

     CLI> sip show settings

To import your users parameters from LDAP, you can use the command:

     CLI> sip show peer "name of peer" load

The above command is used when your users are offline because when they register, their parameters are recorded and you can see them with :

     CLI> sip show peers 
     or 
     CLI> sip show users
AttentionWhen a user try to register to Asterisk, he's authentificated with his password and then Asterisk try to update his parameters. At this point, an error may occur and you will see "coudn't modify : dn:********** because undefined attribute type". Don't worry because your user registration went well but Asterisk is trying to update attributes that you, maybe, didin't define in your schema. It has no impact on the platform performance.


PHPLDAPADMIN: an easy way to manage your LDAP Directory tree

Administring your LDAP with the ldif files and the different shell commands is quite difficult and may take a long time to do. Hopefully, you can use phpldapadmin [3], a very intuitive web-based LDAP client. Before installing it [2] , you must install an apache2 server with php5.

      sudo apt-get install apache2 php5 libapache2-mod-php5
      cd /var/www

In this directory, you have to edit "info.php" and make sure you have the following line:

      <?php phpinfo(); ?>

then restart your server

      /etc/init.d/apache2 restart

you can check that everything is alright by putting "http://localhost/" in your browser. You wills ee a message saying "It works". Then you can check the php settings by visiting "http://localhost/info.php". Now you have to install phpldapadmin:

      sudo apt-get install phpldapadmin
      cd /etc/phpldapadmin/

Now edit config.php and change the default values by your owns, expecially for the following lines:

      $ldapservers->SetValue($i,'server','name','Your LDAP name');
      $ldapservers->SetValue($i,'server','host','ldap://your_server/');
      $ldapservers->SetValue($i,'server','base',array('dc=**,dc=**'));  // your base DN
      $ldapservers->SetValue($i,'login','attr','uid'); 
      // here, you specify which part of the dn to use for the authentification
      $ldapservers->SetValue($i,'login','fallback_dn',true);  
      // allow you to connect with both the Distiguiched Name and the one you specify
      // at the above line (uid in the example)

To go on your phpldapadmin pageyou just have to go to "http://ip.adress/phpldapadmin/" Here, you can see how phpldapadmin looks like Media:phpldapadmin.png

References

[1] - Ubuntu help : Openldap

[2] - Ubuntu help : Installing phpldapadmin

[3] - phpldapadmin main page

Home page

VoIP & mobile IPv6 Speciality Project