1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
#
# This is a configuration file for the LDAP module in SER. The configuration
# file maps database table names used in SER to LDAP directory sub-trees to
# be searched. In addition to that the configuration file also allows to
# configure the LDAP search filter and maps database field names to
# LDAP attribute names and vice versa.
#
# Supported Attribute Type Names:
# * GeneralizedTime
# * Integer
# * BitString
# * Boolean
# * String
# * Binary
# * Float
#
[connection:ldap_server1]
host=127.0.0.1
port=389
username=ser
password=heslo
# LDAP or LDAP SASL authentication mechanism.
# Allowed values: none (default), simple, digest-md5, external
authtype=simple
# tls encryption
tls=off
# Specifies the file that contains certificates for all of the Certificate
# Authorities the ldap module will recognize.
ca_list=/home/kg/work/openssl/demoCA/cacert.pem
# Specifies what checks to perform on server certificates in a TLS session
# allowed values are never/allow/try/demand
# see the TLS_REQCERT tls option part of ldap.conf(8) man page for more details
require_certificate=demand
#
# Table credentials contains SIP digest authentication credentials.
#
[table:credentials]
# In our LDAP directory we store SIP digest credentials under
# "Digest Credentials" organization unit so this is where searches for digest
# credentials should start.
base = "ou=Digest Credentials,dc=iptel,dc=org"
# We search the whole subtree.
scope = subtree
# For digest credentials we are only interested in objects with objectClass
# 'digestAuthCredentials', objects of all other types are ignored.
filter = "(objectClass=digestAuthCredentials)"
# Mapping of field names to LDAP attribute names and vice versa. Names are
# delimited using ':', the first name is database field name as used in SER
# modules, the second name (after :) is corresponding LDAP attribute name,
# optionally preceeded with LDAP attribute syntax name in parentheses.
field_map = password : (Binary) digestPassword
field_map = realm : digestRealm
field_map = auth_username : digestUsername
field_map = uid : serUID
field_map = flags : (BitString) serFlags
# retrieve at most sizelimit entries for a search
#sizelimit = 2147483647
# wait at most timelimit seconds for a search to complete
#timelimit = 120
# chase references automatically by OpenLDAP. Default is "never"
# chase_references = never | searching | finding | always
# chase referrals automatically by OpenLDAP. Default is "no"
# chase_referrals = yes | no
#
# Domain table stores information about virtual domains
#
[table:domain]
# Objects mapping domain IDs to domain names and vice versa are stored
# in the subtree with the following root:
base = "ou=Domains,dc=iptel,dc=org"
scope = subtree
# We are only interested in serDomain objects when looking up information
# about virtual domains.
filter = "(objectClass=serDomain)"
field_map = did : (String) serDID
field_map = domain : (String) serDomain
field_map = flags : (BitString) serFlags
#
# Table domain_attrs contains domain attributes, domain attributes store
# extra information about virtual domains.
#
[table:domain_attrs]
base = "ou=Domains, dc=iptel,dc=org"
scope = subtree
filter = "(objectClass=serDomainAttr)"
field_map = did : serDID
field_map = name : serAttrName
field_map = type : (Integer) serAttrType
field_map = value : serAttrValue
field_map = flags : (BitString) serFlags
|
