res_ldap.conf 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
  1. ;
  2. ; Configuration file for res_config_ldap
  3. ;
  4. ; Realtime configuration
  5. ; ----------------------
  6. ; In order to use this module, you start
  7. ; in extconfig.conf with a configuration like this:
  8. ;
  9. ; sippeers = ldap,"dc=myDomain,dc=myDomainExt",sip
  10. ; extensions = ldap,"dc=myDomain,dc=myDomainExt",extensions
  11. ; sip.conf = ldap,"dc=myDomain,dc=myDomainExt",config
  12. ;
  13. ; In the case of LDAP the last keyword in each line above specifies
  14. ; a section in this file.
  15. ;
  16. ; LDAP schema and ldif files can be located in contrib/scripts.
  17. ; TLS support
  18. ; -----------
  19. ; Note that you can configure an ldaps: url here to get TLS support.
  20. ; Detailed configuration of certificates and supported CAs is done in your
  21. ; ldap.conf file for OpenLDAP clients on your system.
  22. ; This requires that you have OpenLDAP libraries compiled with TLS support
  23. ; *********************************************************************************
  24. ; NOTE: res_ldap.conf should be chmod 600 because it contains the plain-text LDAP
  25. ; password to an account with WRITE access to the asterisk configuration.
  26. ; *********************************************************************************
  27. [_general]
  28. ;
  29. ; Specify one of either host and port OR url. URL is preferred, as you can
  30. ; use more options.
  31. ;host=192.168.1.1 ; LDAP host
  32. ;port=389
  33. ;url=ldap://ldap3.mydomain.com:3890
  34. ;protocol=3 ; Version of the LDAP protocol to use; default is 3.
  35. ;basedn=dc=example,dc=tld ; Base DN
  36. ;user=cn=asterisk,dc=example,dc=tld ; Bind DN
  37. ;pass=MyPassword ; Bind password
  38. ; Configuration Table
  39. [config]
  40. ;
  41. ; additionalFilter - This specifies an additional set of criteria to be used
  42. ; when querying the LDAP server.
  43. ;
  44. additionalFilter=(objectClass=AstConfig)
  45. ;
  46. ; Attributes mapping (asterisk variable name = ldap attribute name)
  47. ; When Asterisk requests the variable by the name of the value on the left,
  48. ; this module will look up the attribute listed on the right.
  49. ;
  50. filename = AstConfigFilename
  51. category = AstConfigCategory
  52. variable_name = AstConfigVariableName
  53. variable_value = AstConfigVariableValue
  54. cat_metric = AstConfigCategoryMetric
  55. commented = AstConfigCommented
  56. ;
  57. ; Extensions Table
  58. ;
  59. [extensions]
  60. context = AstExtensionContext
  61. exten = AstExtensionExten
  62. priority = AstExtensionPriority
  63. app = AstExtensionApplication
  64. appdata = AstExtensionApplicationData
  65. additionalFilter=(objectClass=AstExtension)
  66. ;
  67. ; Sip Users Table
  68. ;
  69. [sip]
  70. name = cn ; We use the "cn" as the default value for name on the line above
  71. ; because objectClass=AsteriskSIPUser does not include a uid as an allowed field
  72. ; If your entry combines other objectClasses and uid is available, you may
  73. ; prefer to change the line to be name = uid, especially if your LDAP entries
  74. ; contain spaces in the cn field.
  75. ; You may also find it appropriate to use something completely different.
  76. ; This is possible by changing the line above to name = AstAccountName (or whatever you
  77. ; prefer).
  78. ;
  79. amaflags = AstAccountAMAFlags
  80. callgroup = AstAccountCallGroup
  81. callerid = AstAccountCallerID
  82. directmedia = AstAccountDirectMedia
  83. context = AstAccountContext
  84. dtmfmode = AstAccountDTMFMode
  85. fromuser = AstAccountFromUser
  86. fromdomain = AstAccountFromDomain
  87. fullcontact = AstAccountFullContact
  88. fullcontact = gecos
  89. host = AstAccountHost
  90. insecure = AstAccountInsecure
  91. mailbox = AstAccountMailbox
  92. md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with
  93. ; {md5} but it is not required.
  94. ; Generate the password via the md5sum command, e.g.
  95. ; echo "my_password" | md5sum
  96. nat = AstAccountNAT
  97. deny = AstAccountDeny
  98. permit = AstAccountPermit
  99. pickupgroup = AstAccountPickupGroup
  100. port = AstAccountPort
  101. qualify = AstAccountQualify
  102. restrictcid = AstAccountRestrictCID
  103. rtptimeout = AstAccountRTPTimeout
  104. rtpholdtimeout = AstAccountRTPHoldTimeout
  105. type = AstAccountType
  106. disallow = AstAccountDisallowedCodec
  107. allow = AstAccountAllowedCodec
  108. MusicOnHold = AstAccountMusicOnHold
  109. regseconds = AstAccountExpirationTimestamp
  110. regcontext = AstAccountRegistrationContext
  111. regexten = AstAccountRegistrationExten
  112. CanCallForward = AstAccountCanCallForward
  113. ipaddr = AstAccountIPAddress
  114. defaultuser = AstAccountDefaultUser
  115. regserver = AstAccountRegistrationServer
  116. lastms = AstAccountLastQualifyMilliseconds
  117. supportpath = AstAccountPathSupport
  118. additionalFilter=(objectClass=AsteriskSIPUser)
  119. ;
  120. ; IAX Users Table
  121. ;
  122. [iax]
  123. amaflags = AstAccountAMAFlags
  124. callerid = AstAccountCallerID
  125. context = AstAccountContext
  126. fullcontact = AstAccountFullContact
  127. fullcontact = gecos
  128. host = AstAccountHost
  129. mailbox = AstAccountMailbox
  130. md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with
  131. ; {md5} but it is not required.
  132. ; Generate the password via the md5sum command, e.g.
  133. ; echo "my_password" | md5sum
  134. deny = AstAccountDeny
  135. permit = AstAccountPermit
  136. port = AstAccountPort
  137. qualify = AstAccountQualify
  138. type = AstAccountType
  139. disallow = AstAccountDisallowedCodec
  140. allow = AstAccountAllowedCodec
  141. regseconds = AstAccountExpirationTimestamp
  142. regcontext = AstAccountRegistrationContext
  143. regexten = AstAccountRegistrationExten
  144. notransfer = AstAccountNoTransfer
  145. lastms = AstAccountLastQualifyMilliseconds
  146. additionalFilter=(objectClass=AstAccountIAX)
  147. ;
  148. ; A Test Family
  149. ;
  150. [testfamily]
  151. MyUSERID = uid
  152. additionalFilter=(objectClass=*)
  153. [accounts]
  154. amaflags = AstAccountAMAFlags
  155. callgroup = AstAccountCallGroup
  156. callerid = AstAccountCallerID
  157. directmedia = AstAccountDirectMedia
  158. context = AstAccountContext
  159. dtmfmode = AstAccountDTMFMode
  160. fromuser = AstAccountFromUser
  161. fromdomain = AstAccountFromDomain
  162. fullcontact = AstAccountFullContact
  163. fullcontact = gecos
  164. host = AstAccountHost
  165. insecure = AstAccountInsecure
  166. mailbox = AstAccountMailbox
  167. md5secret = AstAccountRealmedPassword ; Must be an MD5 hash. Field value can start with
  168. ; {md5} but it is not required.
  169. ; Generate the password via the md5sum command, e.g.
  170. ; echo "my_password" | md5sum
  171. nat = AstAccountNAT
  172. deny = AstAccountDeny
  173. permit = AstAccountPermit
  174. pickupgroup = AstAccountPickupGroup
  175. port = AstAccountPort
  176. qualify = AstAccountQualify
  177. restrictcid = AstAccountRestrictCID
  178. rtptimeout = AstAccountRTPTimeout
  179. rtpholdtimeout = AstAccountRTPHoldTimeout
  180. type = AstAccountType
  181. disallow = AstAccountDisallowedCodec
  182. allow = AstAccountAllowedCodec
  183. MusicOnHold = AstAccountMusicOnHold
  184. regseconds = AstAccountExpirationTimestamp
  185. regcontext = AstAccountRegistrationContext
  186. regexten = AstAccountRegistrationExten
  187. CanCallForward = AstAccountCanCallForward
  188. additionalFilter=(objectClass=AstAccount)