[Samba] Samba4 LDAP Integration with Asterisk
Rowland Penny
rowlandpenny at googlemail.com
Mon Sep 9 07:40:36 MDT 2013
On 09/09/13 14:06, Victor Adsuar Abaldea wrote:
> Hi Rowland!!
>
> 1) First I want to excuse me. I was confused I'm sorry! At this moment
> and in a future I will referrer to you through your first name ;-)
> 2) Now when I use de schema file i get only 4 new errors, so I think
> i'm in correct way... I attach the asterisk ldap schema file and paste
> the oLschema2ldif output. Also I tried split the file, but always I
> get this 4 errors in object file.
>
> Thank you so much!! I think I'm the first person trying integrate
> Asterisk with Samba4! Because I don't find anything about this topic.
>
> /usr/local/samba/bin/oLschema2ldif -b "DC=XXX,DC=LOCAL" -I
> ./asterisk.ldap-schema -O ./asterisk-ldb.ldif
> No valid msg from entry
> [objectIdentifier AsteriskRoot 1.3.6.1.4.1.22736objectIdentifier
> AsteriskLDAP
> AsteriskRoot:5##############################################################################
> Attribute group OIDs. e.g.: objectIdentifier AstAttrType
> AsteriskLDAP:4#############################################################################objectIdentifier
> AstAttrType
> AsteriskLDAP:4##############################################################################
> Attribute OIDs e.g.: objectIdentifier AstContext
> AstAttrType:1#############################################################################objectIdentifier
> AstContext AstAttrType:1objectIdentifier AstExtension
> AstAttrType:2objectIdentifier AstPriority
> AstAttrType:3objectIdentifier AstApplication
> AstAttrType:4objectIdentifier AstApplicationData
> AstAttrType:5objectIdentifier AstAccountAMAFlags
> AstAttrType:6objectIdentifier AstAccountCallerID
> AstAttrType:7objectIdentifier AstAccountContext
> AstAttrType:8objectIdentifier AstAccountMailbox
> AstAttrType:9objectIdentifier AstMD5secret
> AstAttrType:10objectIdentifier AstAccountDeny
> AstAttrType:11objectIdentifier AstAccountPermit
> AstAttrType:12objectIdentifier AstAccountQualify
> AstAttrType:13objectIdentifier AstAccountType
> AstAttrType:14objectIdentifier AstAccountDisallowedCodec
> AstAttrType:15objectIdentifier AstAccountExpirationTimestamp
> AstAttrType:16objectIdentifier AstAccountRegistrationContext
> AstAttrType:17objectIdentifier AstAccountRegistrationExten
> AstAttrType:18objectIdentifier AstAccountNoTransfer
> AstAttrType:19objectIdentifier AstAccountCallGroup
> AstAttrType:20objectIdentifier AstAccountCanReinvite
> AstAttrType:21objectIdentifier AstAccountDTMFMode
> AstAttrType:22objectIdentifier AstAccountFromUser
> AstAttrType:23objectIdentifier AstAccountFromDomain
> AstAttrType:24objectIdentifier AstAccountFullContact
> AstAttrType:25objectIdentifier AstAccountHost
> AstAttrType:26objectIdentifier AstAccountInsecure
> AstAttrType:27objectIdentifier AstAccountNAT
> AstAttrType:28objectIdentifier AstAccountPickupGroup
> AstAttrType:29objectIdentifier AstAccountPort
> AstAttrType:30objectIdentifier AstAccountRestrictCID
> AstAttrType:31objectIdentifier AstAccountRTPTimeout
> AstAttrType:32objectIdentifier AstAccountRTPHoldTimeout
> AstAttrType:33objectIdentifier AstAccountRealmedPassword
> AstAttrType:34objectIdentifier AstAccountAllowedCodec
> AstAttrType:35objectIdentifier AstAccountMusicOnHold
> AstAttrType:36objectIdentifier AstAccountCanCallForward
> AstAttrType:37objectIdentifier AstAccountSecret
> AstAttrType:38objectIdentifier AstAccountName
> AstAttrType:39objectIdentifier AstConfigFilename
> AstAttrType:40objectIdentifier AstConfigCategory
> AstAttrType:41objectIdentifier AstConfigCategoryMetric
> AstAttrType:42objectIdentifier AstConfigVariableName
> AstAttrType:43objectIdentifier AstConfigVariableValue
> AstAttrType:44objectIdentifier AstConfigCommented
> AstAttrType:45objectIdentifier AstAccountIPAddress
> AstAttrType:46objectIdentifier AstAccountDefaultUser
> AstAttrType:47objectIdentifier AstAccountRegistrationServer
> AstAttrType:48objectIdentifier AstAccountLastQualifyMilliseconds
> AstAttrType:49objectIdentifier AstAccountCallLimit
> AstAttrType:50objectIdentifier AstVoicemailMailbox
> AstAttrType:51objectIdentifier AstVoicemailPassword
> AstAttrType:52objectIdentifier AstVoicemailFullname
> AstAttrType:53objectIdentifier AstVoicemailEmail
> AstAttrType:54objectIdentifier AstVoicemailPager
> AstAttrType:55objectIdentifier AstVoicemailOptions
> AstAttrType:56objectIdentifier AstVoicemailTimestamp
> AstAttrType:57objectIdentifier AstVoicemailContext
> AstAttrType:58objectIdentifier AstAccountSubscribeContext
> AstAttrType:59objectIdentifier AstAccountUserAgent
> AstAttrType:61objectIdentifier AstAccountLanguage
> AstAttrType:62objectIdentifier AstAccountTransport
> AstAttrType:63objectIdentifier AstAccountPromiscRedir
> AstAttrType:64objectIdentifier AstAccountAccountCode
> AstAttrType:65objectIdentifier AstAccountSetVar
> AstAttrType:66objectIdentifier AstAccountAllowOverlap
> AstAttrType:67objectIdentifier AstAccountVideoSupport
> AstAttrType:68objectIdentifier AstAccountIgnoreSDPVersion
> AstAttrType:69##############################################################################
> Object Class
> OIDs#############################################################################objectIdentifier
> AstObjectClass AsteriskLDAP:2objectIdentifier AsteriskExtension
> AstObjectClass:1objectIdentifier AsteriskIAXUser
> AstObjectClass:2objectIdentifier AsteriskSIPUser
> AstObjectClass:3objectIdentifier AsteriskConfig
> AstObjectClass:4objectIdentifier AsteriskVoiceMail
> AstObjectClass:5objectIdentifier AsteriskDialplan
> AstObjectClass:6objectIdentifier AsteriskAccount
> AstObjectClass:7objectIdentifier AsteriskMailbox
> AstObjectClass:8attributetype ( AstContext NAME 'AstContext'
> DESC 'Asterisk Context' EQUALITY caseIgnoreMatch SUBSTR
> caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )]
> at line 140
> No valid msg from entry
> [objectClass (AsteriskDialplanNAME 'AsteriskDialplan'DESC 'Asterisk
> Dialplan Information'SUP top STRUCTURALMUST ( AstExtension ) )]
> at line 785
> No valid msg from entry
> [objectClass (AsteriskAccountNAME 'AsteriskAccount'DESC 'Asterisk
> Account Information'SUP top STRUCTURALMUST ( AstAccountName ) )]
> at line 792
> No valid msg from entry
> [objectClass (AsteriskMailboxNAME 'AsteriskMailbox'DESC 'Asterisk
> Mailbox Information'SUP top STRUCTURALMUST ( AstVoicemailMailbox ) )]
> at line 799
> Converted 76 records with 4 failures
>
>
>
> On 9 September 2013 13:28, Rowland Penny <rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>> wrote:
>
> On 09/09/13 12:23, Victor Adsuar Abaldea wrote:
>> Hi Penny,
>>
>> Oh!!! I didn't notice the ldif format can be translate to ldb.
>> Even when I try to convert with oLschema2ldif I got errors.
>>
>> I attach two files one with the errors and ldif file.
>>
>> Thank you to much for your support!
>>
>>
>> On 9 September 2013 12:03, Rowland Penny
>> <rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>
>> On 09/09/13 10:12, Victor Adsuar Abaldea wrote:
>>> Hi Penny,
>>>
>>> Thank you for response, but I'm not able to import Alterisk
>>> ldif into SAMBA 4. I split the files in asterisk_attr.ldif
>>> and asterisk_obj.ldif but still get the same error. I've
>>> been searching answer to this topic and sincerely and ldap
>>> syntax have been changed to Microsoft world. I think the new
>>> Samba4 is a close project, Samba have jumped to Active
>>> Directory and now the integration with other services are a
>>> utopia, it's a pity because the new version it's a great
>>> step to go back.
>>>
>>> I post opinions about this topic.
>>> http://lifecs.likai.org/2013_06_01_archive.html
>>>
>>> In Asterisk forum none answer me, and I don't find anyone
>>> with a response to How modify the schema. In this post
>>> https://lists.samba.org/archive/samba/2013-January/170901.html you
>>> can see a example and you will see the changes. oMSyntax is
>>> a Microsoft variable!
>>> http://technet.microsoft.com/en-us/library/cc961740.aspx
>>>
>>> Samba 4 it's not compatible with OpenLdap ldif files. Maybe
>>> I'm wrong and someone can open my mind...
>>>
>>> Thanks!
>>>
>>>
>>>
>>>
>>> On 6 September 2013 14:24, Rowland Penny
>>> <rowlandpenny at googlemail.com
>>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>>
>>> On 06/09/13 11:04, Victor Adsuar Abaldea wrote:
>>>
>>> Hi,
>>>
>>> I am turning crazy. I try to integrate Asterisk
>>> 11.5.1 into Samba4 LDAP,
>>> but when I import the ldif file from contrib
>>> directory I get this error.
>>>
>>> ldbmodify -H /usr/local/samba/private/sam.ldb
>>> asterisk.ldif
>>> --option="dsdb:schema update allowed"=true
>>> ERR: (No such object) "objectclass: Cannot add
>>> cn=asterisk,cn=schema,cn=config, parent does not
>>> exist!" on DN
>>> cn=asterisk,cn=schema,cn=config at block before line 835
>>> Modify failed after processing 0 records
>>>
>>> LDAP and Asterisk are in diferents boxes. Please can
>>> someone help me?
>>>
>>> Thank you in advance!
>>>
>>> *Victor Adsuar*
>>> *Departamento de Sistemas*
>>> *Teralco Tecnologías Informáticas*
>>> vadsuar at teralco.com
>>> <mailto:vadsuar at teralco.com><https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=micorreo@teralco.com>
>>> www.teralco.com <http://www.teralco.com>
>>>
>>> *AVISO LEGAL:
>>>
>>> Este mensaje se dirige exclusivamente a su
>>> destinatario y puede contener
>>> información reservada y/o CONFIDENCIAL. Si Vd. no es
>>> el destinatario
>>> original no está autorizado a copiar o distribuir
>>> esta comunicación a
>>> ninguna otra persona. Si ha recibido este mensaje
>>> por error, le rogamos nos
>>> lo comunique inmediatamente por esta misma vía y
>>> proceda a su borrado. **
>>> Gracias**.*
>>>
>>>
>>> *DISCLAIMER:
>>>
>>> This message is intended exclusively for its
>>> addressee and may contain
>>> information that is CONFIDENTIAL and protected by
>>> professional privilege.
>>> If you are not the intended recipient you are hereby
>>> notified that any
>>> dissemination, copy or disclosure of this
>>> communication is strictly
>>> prohibited by law. If this message has been received
>>> in error, please
>>> immediately notify us via e-mail and delete it.
>>> **Thank** you.*
>>>
>>> *
>>> *
>>>
>>> *
>>> *
>>>
>>> *Antes de imprimir este email piense bien si es
>>> necesario hacerlo.*
>>>
>>> *Cosider your environmental responsibility before
>>> printing this enail*
>>>
>>> Hi, split the ldif in two, one containing the
>>> attributes, the other the objectclasses, add the
>>> attributes one first, then the objectclasses.
>>>
>>> Rowland
>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Victor Adsuar*
>>> *Departamento de Sistemas*
>>> *Teralco Tecnologías Informáticas*
>>> vadsuar at teralco.com <mailto:vadsuar at teralco.com>
>>> · Tel. +34 965 68 87 02 <tel:%2B34%20965%2068%2087%2002> ·
>>> Móv. +34 627 26 87 54 <tel:%2B34%20627%2026%2087%2054>
>>> Avda. de Cartagena 1 Entlo, · 03195 El Altet - Elche
>>> (Alicante) · SPAIN ·
>>> www.teralco.com <http://www.teralco.com>
>>>
>>> /AVISO LEGAL:
>>> Este mensaje se dirige exclusivamente a su destinatario y
>>> puede contener información reservada y/o CONFIDENCIAL. Si
>>> Vd. no es el destinatario original no está autorizado a
>>> copiar o distribuir esta comunicación a ninguna otra
>>> persona. Si ha recibido este mensaje por error, le rogamos
>>> nos lo comunique inmediatamente por esta misma vía y proceda
>>> a su borrado. //Gracias//./
>>>
>>>
>>> /DISCLAIMER:
>>> This message is intended exclusively for its addressee and
>>> may contain information that is CONFIDENTIAL and protected
>>> by professional privilege. If you are not the intended
>>> recipient you are hereby notified that any dissemination,
>>> copy or disclosure of this communication is strictly
>>> prohibited by law. If this message has been received in
>>> error, please immediately notify us via e-mail and delete
>>> it. //Thank//you./
>>>
>>> /
>>> /
>>>
>>> /
>>> /
>>>
>>> /Antes de imprimir este email piense bien si es necesario
>>> hacerlo./
>>>
>>> /Cosider your environmental responsibility before printing
>>> this enail/
>>>
>> OOPS, I missed that you are trying to use an LDAP ldif, this
>> will not work, you need the Asterix schema and then run it
>> through oLschema2ldif which you will find in
>> /usr/local/samba/bin if you have compiled samba4 yourself.
>> The syntax for oLschema2ldif is:
>>
>> /usr/local/samba/bin/oLschema2ldif -b <your samba4 base DN>
>> -I </path/to/asterix.schema> -O </path/to/asterixad.ldif>
>>
>> Where:
>> <your samba4 base DN> is the base of your AD i.e.
>> DC=example,Dc=com
>> </path/to/asterix.schema> is the full path (including name)
>> to where you have the asterix schema
>> </path/to/asterixad.ldif> is the full path to where you want
>> the new ldif to be created plus what you want the ldif to be
>> called.
>>
>> Once you have run oLschema2ldif, you will find your new AD
>> ldif wherever you told the script to put it. Split this file
>> into attributes & objectclasses and install these.
>>
>> Rowland
>>
>>
>>
>>
>> --
>>
>> *Victor Adsuar*
>> *Departamento de Sistemas*
>> *Teralco Tecnologías Informáticas*
>> vadsuar at teralco.com <mailto:vadsuar at teralco.com>
>> · Tel. +34 965 68 87 02 <tel:%2B34%20965%2068%2087%2002> · Móv.
>> +34 627 26 87 54 <tel:%2B34%20627%2026%2087%2054>
>> Avda. de Cartagena 1 Entlo, · 03195 El Altet - Elche (Alicante) ·
>> SPAIN ·
>> www.teralco.com <http://www.teralco.com>
>>
>> /AVISO LEGAL:
>> Este mensaje se dirige exclusivamente a su destinatario y puede
>> contener información reservada y/o CONFIDENCIAL. Si Vd. no es el
>> destinatario original no está autorizado a copiar o distribuir
>> esta comunicación a ninguna otra persona. Si ha recibido este
>> mensaje por error, le rogamos nos lo comunique inmediatamente por
>> esta misma vía y proceda a su borrado. //Gracias//./
>>
>>
>> /DISCLAIMER:
>> This message is intended exclusively for its addressee and may
>> contain information that is CONFIDENTIAL and protected by
>> professional privilege. If you are not the intended recipient you
>> are hereby notified that any dissemination, copy or disclosure of
>> this communication is strictly prohibited by law. If this message
>> has been received in error, please immediately notify us via
>> e-mail and delete it. //Thank//you./
>>
>> /
>> /
>>
>> /
>> /
>>
>> /Antes de imprimir este email piense bien si es necesario hacerlo./
>>
>> /Cosider your environmental responsibility before printing this
>> enail/
>>
> 1) Why do you keep referring to me by my surname?
>
> 2) You need the asterix SCHEMA not the LDIF, the hint is in the
> scriptname 'oLschema2ldif'
>
> ROWLAND
>
>
>
>
> --
>
> *Victor Adsuar*
> *Departamento de Sistemas*
> *Teralco Tecnologías Informáticas*
> vadsuar at teralco.com <mailto:vadsuar at teralco.com>
> · Tel. +34 965 68 87 02 · Móv. +34 627 26 87 54
> Avda. de Cartagena 1 Entlo, · 03195 El Altet - Elche (Alicante) · SPAIN ·
> www.teralco.com <http://www.teralco.com>
>
> /AVISO LEGAL:
> Este mensaje se dirige exclusivamente a su destinatario y puede
> contener información reservada y/o CONFIDENCIAL. Si Vd. no es el
> destinatario original no está autorizado a copiar o distribuir esta
> comunicación a ninguna otra persona. Si ha recibido este mensaje por
> error, le rogamos nos lo comunique inmediatamente por esta misma vía y
> proceda a su borrado. //Gracias//./
>
>
> /DISCLAIMER:
> This message is intended exclusively for its addressee and may contain
> information that is CONFIDENTIAL and protected by professional
> privilege. If you are not the intended recipient you are hereby
> notified that any dissemination, copy or disclosure of this
> communication is strictly prohibited by law. If this message has been
> received in error, please immediately notify us via e-mail and delete
> it. //Thank//you./
>
> /
> /
>
> /
> /
>
> /Antes de imprimir este email piense bien si es necesario hacerlo./
>
> /Cosider your environmental responsibility before printing this enail/
>
WOW, that is the strangest schema I have ever seen, I think that
oLschema2ldif does not understand it!
I also think that if you want to use the schema that you are going to
have to re-write it
Here is a sample attribute from the iRedmail.schema
attributetype ( 1.3.6.1.4.1.32349.1.2.1.8 NAME 'domainRecipientBccAddress'
DESC 'Recipient BCC address for whole domain'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{320}
SINGLE-VALUE )
Compare it with an attribute from the asterix.schema
attributetype ( AstContext
NAME 'AstContext'
DESC 'Asterisk Context'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
There is no OID, but there is a name ' AstContext' instead, you need to
add the OID instead of the name, the info is there:
# Digium root OID (http://www.iana.org/assignments/enterprise-numbers)
#
# 1.3.6.1.4.1.22736
# 1.3.6.1.4.1.22736.5 LDAP elements
# 1.3.6.1.4.1.22736.5.4 Attribute Types
# 1.3.6.1.4.1.22736.5.5 Object Classes
objectIdentifier AstContext AstAttrType:1
So, the OID for ' AstContext' would be 1.3.6.1.4.1.22736.5.4 plus .1 to
give:
attributetype ( 1.3.6.1.4.1.22736.5.4.1 NAME 'AstContext'
DESC 'Asterisk Context'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
Once you have done this, remove all the top lines and run it through
oLschema2ldif and see what you get.
I have no idea if this will work, but I cannot see any reason why it
wouldn't.
Rowland
More information about the samba
mailing list