[Home]

Summary:ASTERISK-13088: ldap searchs fails on openldap when you use an additional filter
Reporter:snaker (snaker)Labels:
Date Opened:2008-11-18 15:00:49.000-0600Date Closed:2011-06-07 14:02:36
Priority:MajorRegression?No
Status:Closed/CompleteComponents:Resources/res_config_ldap
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:( 0) res_ldap.conf
Description:When you use an additional filter by object class in ldap the request is malformded and you cant obtain a result

If you try register without filter it is successfully

****** ADDITIONAL INFORMATION ******

files for example:

res_ldap.conf
[sip]
name = uid
amaflags = AstAccountAMAFlags
callgroup = AstAccountCallGroup
callerid = AstAccountCallerID
canreinvite = AstAccountCanReinvite
context = AstAccountContext
dtmfmode = AstAccountDTMFMode
fromuser = AstAccountFromUser
fromdomain = AstAccountFromDomain
fullcontact = AstAccountFullContact
fullcontact = gecos
host = AstAccountHost
insecure = AstAccountInsecure
mailbox = AstAccountMailbox
md5secret = AstAccountRealmedPassword
nat = AstAccountNAT
deny = AstAccountDeny
permit = AstAccountPermit
pickupgroup = AstAccountPickupGroup
port = AstAccountPort
qualify = AstAccountQualify
restrictcid = AstAccountRestrictCID
rtptimeout = AstAccountRTPTimeout
rtpholdtimeout = AstAccountRTPHoldTimeout
type = AstAccountType
disallow = AstAccountDisallowedCodec
allow = AstAccountAllowedCodec
MusicOnHold = AstAccountMusicOnHold
regseconds = AstAccountExpirationTimestamp
regcontext = AstAccountRegistrationContext
regexten = AstAccountRegistrationExten
CanCallForward = AstAccountCanCallForward
additionalFilter=(objectClass=AstSIPUser)

extconfig.conf

[settings]

sipusers => ldap,"dc=example,dc=net",sip
sippeers => ldap,"dc=example,dc=net",sip


slapd.log when you try register

Nov 18 21:57:42 xxx slapd[18586]: conn=10 op=1 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(&(?objectClass=AstSIPUser)(uid=user)(AstAccountHost=dynamic))"
Nov 18 21:57:42 xxx slapd[18586]: conn=10 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax
Nov 18 21:57:42 xxx slapd[18586]: conn=10 op=2 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(&(?objectClass=AstSIPUser)(uid=user))"
Nov 18 21:57:42 xxx slapd[18586]: conn=10 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax
Nov 18 21:57:42 xxx slapd[18586]: conn=10 op=3 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(&(?objectClass=AstSIPUser)(uid=user)(AstAccountHost=dynamic))"
Nov 18 21:57:42 xxx slapd[18586]: conn=10 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax
Nov 18 21:57:42 xxx slapd[18586]: conn=10 op=4 SRCH base="dc=example,dc=net" scope=2 deref=0 filter="(&(?objectClass=AstSIPUser)(uid=user))"
Nov 18 21:57:42 xxx slapd[18586]: conn=10 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=value does not conform to assertion syntax

Comments:By: Sean Bright (seanbright) 2008-11-18 19:47:11.000-0600

... (?objectClass ...

Where is the ? coming from?  Can you attach your entire res_ldap.conf with only passwords masked?
By: snaker (snaker) 2008-11-19 03:48:11.000-0600

I attached my res_ldap.conf
By: Leif Madsen (lmadsen) 2009-02-09 13:17:32.000-0600

I have changed the status back to Acknowledged as the reporter provided information asked for. I have also changed the severity to Major from Block as this isn't blocking a release. Thanks!
By: Leif Madsen (lmadsen) 2009-05-20 07:52:41

Just pinging this issue as it hasn't been updated in a while.
By: Gavin Henry (suretec) 2009-05-20 09:46:40

The ? means OpenLDAP doesn't under the filter, i.e. you haven't loaded the Asterisk schema in slapd.

Sorry, should have noticed this before.

Did you load asterisk.schema
By: Gavin Henry (suretec) 2009-05-20 18:23:40

This isn't a bug as we don't have a AstSIPUser objectclass in our asterisk.schema.

Closing this issue. Please use the schema file included with Asterisk.
By: Leif Madsen (lmadsen) 2009-05-21 09:55:53

Closed per suretec.