Asterisk LDAP Realtime driver ----------------------------- This driver allows configuration, extensions and accounts to be stored in a LDAP directory. It also enable ldap query with app_realtime. It uses/need openldap libraries (http://www.openldap.org). How to configure it ------------------- First you have to add attributes definitions to your ldap database and restart ldap server You can use configs/asterisk.ldap-schema (just include it in your /etc/openldap/slapd.conf). Note: I've prefixed ldap attribute names with "oxy" to avoid conflict with other schemas but feel free to do what you want ! You only need to use same names in res_ldap.conf Next you have to customize res_ldap.conf: There's a required section: [_global] where you put your ldap server access parameters. Here is an example: [_general] dbhost=ldap.mydomain.com, ldap2.mydomain.com ; Here, I specify my 2 servers dbbasedn=dc=mydomain,dc=com ; My baseDN dbuser=cn=master,ou=accounts,dc=mydomain,dc=com ; My bind DN dbpass=my_secret ; Bind password Next, you have to put parameters for each family you want to use. Here's a family for configurations files: [config] attributes=filename=oxyPBXConfigFilename,category=oxyPBXConfigCategory,variable_name=oxyPBXConfigVariableName,variable_value=oxyPBXConfigVariableValue,cat_metric=oxyPBXConfigCategoryMetric,commented=oxyPBXConfigCommented additionalFilter=(objectClass=oxyPBXConfig) The attributes parameter does mapping between variables names and ldap attributes names. Here this mean that when asterisk search for a value of 'filename', the driver will build a filter using 'oxyPBXConfigFilename' attribute and before it send back results to asterisk, it rename each retrieved ldap attribute name by its asterisk variable name. Missing attribute/variable names stay untranslated. The additional filter allow to restrict the search (it is added to the filter built by the driver accordingto parameters given by asterisk. You can use this family in extconfig.conf, like this: sip.conf => ldap,ou=asterisk-configs,dc=mydomain,dc=com,config This will replace the configuration from sip.conf by configuration variables retrieved from ldap. Here is some ldap entry for this: dn: cn=sip-context,ou=asterisk-configs,dc=mydomain,dc=com objectClass: top objectClass: oxyPBXConfig cn: sip-context oxyPBXConfigCommented: FALSE oxyPBXConfigFilename: sip.conf oxyPBXConfigCategory: general oxyPBXConfigVariableName: context oxyPBXConfigVariableValue: default oxyPBXConfigCategoryMetric: 1 dn: cn=sip-realm,ou=asterisk-configs,dc=mydomain,dc=com objectClass: top objectClass: oxyPBXConfig cn: sip-realm oxyPBXConfigFilename: sip.conf oxyPBXConfigCommented: FALSE oxyPBXConfigCategory: general oxyPBXConfigVariableName: realm oxyPBXConfigVariableValue: MyRealm oxyPBXConfigCategoryMetric: 1 This is the ldap version of 2 variables of the [general] section of sip.conf: [general] context=default realm=MyRealm You can also configure sip accounts in extconfig.conf like this: sipusers => ldap,dc=mydomain,dc=com,sipusers sippeers => ldap,dc=mydomain,dc=com,sippeers and add the appropriate definitions in res_ldap.conf: [sipusers] attributes=accountBaseDN=oxyPBXAccountBaseDN,accountcode=oxyPBXAccountAccountingCode,amaflags,oxyPBXAccountAMAFlags,callgroup,oxyPBXAccountCallGroup,callerid=oxyPBXAccountCallerID,canreinvite=oxyPBXAccountCanReinvite,context=oxyPBXAccountContext,dtmfmode=oxyPBXAccountDTMFMode,fromuser=oxyPBXAccountFromUser,fromdomain=oxyPBXAccountFromDomain,fullcontact=oxyPBXAccountFullContact,fullcontact=gecos,host=oxyPBXAccountHost,insecure=oxyPBXAccountInsecure,mailbox=oxyPBXAccountMailbox,md5secret=realmedPassword,nat=oxyPBXAccountNAT,deny=oxyPBXAccountDeny,permit=oxyPBXAccountPermit,pickupgroup=oxyPBXAccountPickupGroup,port,oxyPBXAccountPort,qualify=oxyPBXAccountQualify,restrictcid=oxyPBXAccountRestrictCID,rtptimeout=oxyPBXAccountRTPTimeout,rtpholdtimeout=oxyPBXAccountRTPHoldTimeout,type=oxyPBXAccountType,disallow=oxyPBXAccountDisallowedCodec,allow=oxyPBXAccountAllowedCodec,MusicOnHold=oxyPBXAccountMusicOnHold,regseconds=oxyPBXAccountExpirationTimestamp,regcontext=oxyPBXAccountRegistrationContext,regexten=oxyPBXAccountRegistrationExten,CanCallForward=oxyPBXAccountCanCallForward additionalFilter=(objectClass=oxyPBXAccountSIP)(oxyPBXAccountType=user) [sippeers] attributes=accountBaseDN=oxyPBXAccountBaseDN,accountcode=oxyPBXAccountAccountingCode,amaflags,oxyPBXAccountAMAFlags,callgroup,oxyPBXAccountCallGroup,callerid=oxyPBXAccountCallerID,canreinvite=oxyPBXAccountCanReinvite,context=oxyPBXAccountContext,dtmfmode=oxyPBXAccountDTMFMode,fromuser=oxyPBXAccountFromUser,fromdomain=oxyPBXAccountFromDomain,fullcontact=oxyPBXAccountFullContact,fullcontact=gecos,host=oxyPBXAccountHost,insecure=oxyPBXAccountInsecure,mailbox=oxyPBXAccountMailbox,md5secret=realmedPassword,nat=oxyPBXAccountNAT,deny=oxyPBXAccountDeny,permit=oxyPBXAccountPermit,pickupgroup=oxyPBXAccountPickupGroup,port,oxyPBXAccountPort,qualify=oxyPBXAccountQualify,restrictcid=oxyPBXAccountRestrictCID,rtptimeout=oxyPBXAccountRTPTimeout,rtpholdtimeout=oxyPBXAccountRTPHoldTimeout,type=oxyPBXAccountType,disallow=oxyPBXAccountDisallowedCodec,allow=oxyPBXAccountAllowedCodec,MusicOnHold=oxyPBXAccountMusicOnHold,regseconds=oxyPBXAccountExpirationTimestamp,regcontext=oxyPBXAccountRegistrationContext,regexten=oxyPBXAccountRegistrationExten,CanCallForward=oxyPBXAccountCanCallForward additionalFilter=(objectClass=oxyPBXAccountSIP)(oxyPBXAccountType=peer) Next you can configure extensions: In your extensions.conf, set the default context like this: [default] switch => Realtime/default@realtime_ext in extconfig.conf: realtime_ext => ldap,ou=extensions,dc=mydomain,dc=com,extensions and in res_ldap: [extensions] attributes=context=oxyPBXExtensionContext,exten=oxyPBXExtensionExten,priority=oxyPBXExtensionPriority,app=oxyPBXExtensionApplication,appdata=oxyPBXExtensionApplicationData additionalFilter=(objectClass=oxyPBXExtension) You can try with 2 ldap entries like these: dn: cn=203-1,ou=extensions,dc=mydomain,dc=com objectClass: top objectClass: oxyPBXExtension cn: 203-1 oxyPBXExtensionContext: default oxyPBXExtensionExten: 203 oxyPBXExtensionPriority: 1 oxyPBXExtensionApplication: NoOp oxyPBXExtensionApplicationData: TEST LDAP dn: cn=203-2,ou=extensions,dc=mydomain,dc=com objectClass: top objectClass: oxyPBXExtension cn: 203-2 oxyPBXExtensionContext: default oxyPBXExtensionExten: 203 oxyPBXExtensionPriority: 2 oxyPBXExtensionApplication: NoOp oxyPBXExtensionApplicationData: TEST LDAP Priority 2 this is equivalent to: [default] exten => 203,1,NoOp(TEST LDAP) exten => 203,2,NoOp(TEST LDAP Priority 2) And a last thing: you can use ldap realtime driver to get values from ldap in an extension by using app_realtime.so like this: [default] exten => 210,1,NoOp(210) exten => 210,2,RealTime(testfamily|uid|manu|aprefix_) exten => 210,3,NoOp(Result=${aprefix_gecos}) will give you: -- Executing NoOp("SIP/myphone-4582", "210") in new stack -- Executing RealTime("SIP/myphone-4582", "testfamily|uid|manu|aprefix_") in new stack > Realtime Lookup: family:'testfamily' colmatch:'uid' value:'manu' -- Executing NoOp("SIP/myphone-4582", "Result=Manuel Guesdon") in new stack if you have an entry like that: dn: cn=manu,ou=people,dc=mydomain,dc=com objectClass: person uid: manu gecos: Manuel Guesdon and configured extconfig.conf like this: testfamily => ldap,dc=mydomain,dc=com,testfamily and res_ldap.conf like this: [testfamily] additionalFilter=(objectClass=person) Have fun ! Manuel Guesdon