Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


With this driver Asterisk can retrieve information from , using the Realtime Database Configuration, can access and update information in an LDAP directory service, including . Asterisk can configure SIP/IAX2 users, extensions, queues, queue members, and entire configuration files. This guide assumes you have a working knowledge of LDAP and have an LDAP server with authentication already setup. Asterisk requires read and write permissions to update the directory.

See configs/res_ldap.conf.sample for a configuration file sample.
See contrib/scripts for the LDAP schema and ldif files needed for the LDAP server.


To use static realtime with certain core configuration files the realtime backend you wish to use must be preloaded in modules.conf.

From within your Asterisk source directory:

Code Block

cd contrib/scripts
sudo cp asterisk.ldap-schema /etc/ldap/schema/
sudo service slapd restart
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ./asterisk.ldif

Let's edit the extconfig.conf file to specify LDAP as our realtime storage engine and where Asterisk will look for data.

Code Block

sippeers = ldap,"ou=sip,dc=example,dc=domain",sip
sipusers = ldap,"ou=sip,dc=example,dc=domain",sip
extensions = ldap,"ou=extensions,dc=example,dc=domain",extensions


Basic sip users record layout which will need to be saved to a file (we'll use 'createduser.ldif' here as an example). This example record is for sip user '1000'. This example record is for sip user '1000'.

Code Block

dn: cn=1000,ou=sip,dc=digium,dc=internal
objectClass: AsteriskAccount
objectClass: AsteriskExtension
objectClass: AsteriskSIPUser
objectClass: top
AstAccountName: sip user
cn: 1000
AstAccountDefaultUser: 0
AstAccountExpirationTimestamp: 0
AstAccountFullContact: 0
AstAccountHost: dynamic
AstAccountIPAddress: 0
AstAccountLastQualifyMilliseconds: 0
AstAccountPort: 0
AstAccountRegistrationServer: 0
AstAccountType: 0
AstAccountUserAgent: 0
AstExtension: 1000

Let's add the record to the LDAP server:

Code Block

sudo ldapadd -D "cn=admin,dc=example,dc=domain" -x -W -f createduser.ldif


For AstAccountRealmedPassword authentication use this.

Code Block
printf echo "<secret composed of username, realm, and password goes here>" | md5sum

For AstMD5secret authentication use this.

Code Block
printf echo "password" | md5sum