Res_ldap can not write to Active Directory

Hi everyone!
I configure * realtime with Microsoft AD.
My configs:
sourcery:

[res_pjsip]
endpoint=realtime,ps_endpoints
auth=realtime,ps_auths
aor=realtime,ps_aors
contact=realtime,ps_contacts

extconfig:

ps_endpoints => ldap,"CN=sip,DC=dom,DC=youradmin,DC=guru",ps_endpoints
ps_auths => ldap,"CN=sip,DC=dom,DC=youradmin,DC=guru",ps_auths
ps_aors=> ldap,"CN=sip,DC=dom,DC=youradmin,DC=guru",ps_aors
ps_contacts=> ldap,"CN=sip,DC=dom,DC=youradmin,DC=guru",ps_contacts

res_ldap:

[_general]
host=10.200.20.10
port=389
url=ldap://my.domain:389
protocol=3
basedn=dc=my,dc=domain
user=cn=Administrator,cn=Users,dc=my,dc=domain
pass=admin_pass
additionalFilter=(objectClass=pjsip) ; I create this class

[ps_endpoints]
id=AstEndpointId
aors=AstEndpointAors
auth=AstEndpointAuth
context=AstEndpointContext
disallow=AstEndpointDisallow
allow=AstEndpointAllow
direct_media=AstEndpointDirectMedia
contact_acl=AstEndpointContactAcl

[ps_auths]
id=astAuthId
username=astAuthUsername
password=astAuthPassword

[ps_aors]
id=AstAorId
max_contacts=AstAorMaxContacts

[ps_contacts]
id=astContactId
uri=astContactUri
expiration_time=astContactExpirationTime
endpoint=astContactEndpoint

I use res_pjsip.
SIPphone can register

CLI> realtime show ldap status
Connected to 'ldap://my.domain:389', baseDN dc=my,dc=domain with username cn=Administrator,cn=Users,dc=my,dc=domain for 39 minutes, 19 seconds

CLI> pjsip show auths

  I/OAuth:  <AuthId/UserName.............................................................>
==========================================================================================

     Auth:  101/101

Objects found: 1

CLI> pjsip show auths

  I/OAuth:  <AuthId/UserName.............................................................>
==========================================================================================

     Auth:  101/101

Objects found: 1

beta*CLI> pjsip show aors

      Aor:  <Aor..............................................>  <MaxContact>
    Contact:  <Aor/ContactUri............................> <Hash....> <Status> <RTT(ms)..>
==========================================================================================

      Aor:  101                                                  1


Objects found: 1


CLI> pjsip show endpoints

 Endpoint:  <Endpoint/CID.....................................>  <State.....>  <Channels.>
    I/OAuth:  <AuthId/UserName...........................................................>
        Aor:  <Aor............................................>  <MaxContact>
      Contact:  <Aor/ContactUri..........................> <Hash....> <Status> <RTT(ms)..>
  Transport:  <TransportId........>  <Type>  <cos>  <tos>  <BindAddress..................>
   Identify:  <Identify/Endpoint.........................................................>
        Match:  <criteria.........................>
    Channel:  <ChannelId......................................>  <State.....>  <Time.....>
        Exten: <DialedExten...........>  CLCID: <ConnectedLineCID.......>
==========================================================================================

 Endpoint:  101                                                  Unavailable   0 of inf
     InAuth:  101/101
        Aor:  101                                                1


Objects found: 1

but i see:

ERROR[28694]: res_pjsip_registrar.c:771 register_aor_core: Unable to bind contact 'sip:101@ip.address.of.client:51707;transport=UDP;rinstance=cb0ea0216b3e894f' to AOR '101'

And this string not in AD.
And i see:

WARNING[28515]: res_config_ldap.c:880 realtime_ldap_base_ap: Failed to query directory. Error: Bad search filter.
WARNING[28515]: res_config_ldap.c:881 realtime_ldap_base_ap: Query: (&(objectClass=pjsip)(expiration_time <==1590338965))

Please help :slight_smile:
Asterisk GIT-17-a1d94e1

Are you sure you want/need to write anything into AD ?

You can split up realtime into read-only and write-only backends.

So for example, you might store the phone registrations in local AstDB, instead of LDAP; and only use LDAP backend for reading the user/pass/etc. configs.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.