sipXcom LDAP integration with Nethserver

Hi Everyone,
Thank you so much for allowing me to be a part of something so cool. I have been using Nethserver for a little over a year now as my own personal email server (and any friends and family members who want to join my domain (or domains) for free). Since my last post I have rebuilt the server with version NethServer release 7.7.1908, and love how smooth it all is working. I have not had a chance to integrate things to it such as a windows 10 Pro clients, or any other OS clients yet. I do run my native iOS mail client with it though and everything works flawlessly, so thank you for writing great software and putting this project together.

The reason for my posting though is because I have to admit, I am not really good with LDAP and using an LDAP client to query a server for user authentication or synchronization, and I really just want to create users in one place for everything to authenticate from. I know some things about about LDAP, and I thought it could be a great place to start since sipXcom can query a database to populate users and extensions attributes. I also know that NethServer has an LDAP server that can be queried which I thought would be the perfect candidate for my project. My project now is to integrate an Open Source Unified Communications System called sipXcom with NethServer as sipXcom should be able query an LDAP server to populate users and extensions in it’s database. Once the system has users and phones (Polycom phones will automajically register) in the database, an administrator can associate phones to users where the phones are auto-provisioned and managed by sipXcom. I did this at my old job where I managed over 3,000 endpoints on a sipXcom server cluster and all users and extensions were imported from an MS AD.

More information can be found here about the subject: http://wiki.sipxcom.org/display/sipXcom/LDAP+Integration

So my question is can someone help me set this up? I would like to write a How to for this in both the sipXcom Wiki and here in the Nethserver Community Howto. Any help would be greatly appreciated and hopefully anyone wanting to get into a really awesome stable Open Source Unified Communications platform for business could benefit.

Thanks so much again for your great work and support.

Sincerely,
–Steve

3 Likes

Did you already take a read on documentation?
https://docs.nethserver.org/projects/nethserver-devel/en/v7/nethserver-directory.html

1 Like

I did somewhat, and still am reading, but I guess I need to put some of what I am reading into practice. I’ll try it out and see where I get stuck. Thanks.

–Steve

Making Progress. Did a Google search and found that TLS was required by default using the default Bind User. (LDAP Result Code 8 "Strong Auth Required": BindSimple: Transport encryption required)

Turned off the strong encryption requirement as stated in the post using the entry in the [global] section of the smb.conf file “ldap server require strong auth = no”. sipXcom can now connect to the LDAP directory, so all I need to do now is map the objects listed from Nethserver’s directory.

This is turning out to be easier than I thought… Thanks so much.

–Steve

Consider to write the howto anyway.
Also, TLS could be a nice idea for complying a better security or lan/firewall crossing…

I am definitely going to try that. Can you provide a tip for possibly getting this to work or test with another client?

–Steve

What do you mean for “another client”? Another LDAP Software?
There’s LAM for manage LDAP


Also, consider to take a read for every ldap suppor related topic, maybe could help you a bit for troubleshoot the connection betwen sipXcom and OpenLDAP implementation on nethserver.
Don’t forgett that LDAPs use a self-signed certificate, unless than you configure Let’sEncrypt to fetch a certificate for your houst. Or unless you load a valid certificate for your server in another way…

I guess I meant to say that LAM looked pretty complicated to get working. That may just be lack of knowledge of Nethserver or a combination of LDAP, and SAMBA 4. Anyway, my apologies for not being clear on “another client”. I should have better worded the question to something like "Is there anything easier to use like LAM that is more “plug and play”? - I guess I was just looking for a more simplified LDAP client manager of sorts that would not require all of the tweaking that has to be done to get it to connect and work with OpenLDAP on Netserver. My apologies.

I will try out LAM and take your advice on reading every LDAP support topic. I know eventually I will get there. Thanks so much for your help and input.

–Steve

It’s quite a long… tale…
Nethserver can use OpenLDAP or Samba (container) for store data about users, info, passwords, groups and more-over.
Both options can be used for give to all of NethServer-Packages the context about users and groups, which are fully LDAP oriented, not app oriented.
So both of path can have some crucial differences and issues. Into NethServer quite everything is install-and-play, but for integrate it into different environments (external LDAP server for users and groups o use NethServer as LDAP server) you need to know how NethServer Works and… how LDAP integration of “your” software works.
Which are the needs, the field mapping, the compatibility issues.

So… Plug and play most of times works only:

  • for integrated products, like Windows Server and Exchange (sometimes is plug-and-pray only)
  • hardware
  • well know integration path

Take your time, take some notes, links some documentation, I’ve never heard about sipXcom but i’m not scare of that (there are plenty of software and solutions that i don’t kno) so…
Consider documentation and source as a re-source for know what to do. If you’ll be kind, you’re experience can become the base (or a part) of a future howto.

Thanks so much Michael. I will definitely contribute everything I can here. It is definitely a “work in progress” for me. Below is some info about sipXcom. It’s a highly scaleable enterprise Unified Communications server that uses MongoDB. Some of the companies using sipXcom include very large universities here in the US, Amazon.com, IBM, and RedHat.

I was Senior Engineer at a very large mortgage company which used a very old version of sipX before it forked into sipXcom (some history). sipX code was sponsored by Nortel before they went out of business. I highly recommend sipXcom over Asterisk only because of how scaleable, and flexible it is, where Asterisk is tied to the Linux kernel and the only way you can scale it is by containerizing it. My own project I am working on is scaling a network for multiple location businesses that need services, but use multiple stacks for delivering applications and services. I would like to use Nethserver to run at an independent location but be joined and managed through JumpCloud (JumpCloud.com). JumpCloud.com provides DevOps support and a UI that is pretty intuitive and they have working integration where you can Integrate Windows Active Directory domains with Linux and MacOS. Cantralizing scripts in the cloud to manage multiple servers makes for easier management (at least in my experience).

Anyway, didn’t mean to rant there… back on the LDAP thing, I am going to dig a little more on the subject and post my findings. Right now I can get sipXcom to connect to the LDAP server on Nethserver, but I need to add custom attributes in order to populate specific data in sipXcom like pre-assigning an extension number from a custom attribute in OpenLDAP. So that was why I was looking at some management application that could build custom attributes which sipXcom could import. Again, I appreciate your patience and input. Thank you.

Sincerely,
–Steve

Update: I wanted to provide a last update here one last time before moving on to the next topic. When I tried to install LAM I was getting a blank screen when trying to access. I looked at the logs and tried to troubleshoot what the problem was, but it seemed that I was missing something. In the link it showed how to install LAM - LAM - LDAP Account Manager

But my problem was the same problem mrmarkuz was having about mid-way down after the How To explained how to install. In his instructions he mentioned to install nethserver-rh-php71-php-fpm and rh-php71-php-ldap, and change the directive at line 9 (and above) of the file /etc/httpd/conf.d/lam.apache.conf, and to restart the services (systemctl restart httpd rh-php71-php-fpm). Well, for some reason that stood out as the resolution to the issue I had and VOILA, it worked and I was able to log in to the LAM and see the LDAP database after configuring LAM via the web interface. I am now following up with how to make custom attributes as I found near the beginning of this issue. Thanks again for all your help and I look forward to ding the How to for sipXcom LDAP integration. I hope is will benefit someone looking for help with integration. It’s definitely a great solution which is Enterprise worthy. Happy New Year!

–Steve

1 Like

Not followed the full thread but you can install nethserver-phpldapadmin from my repo, check the wiki

Think to enable the kamikazee mode if you want a write access to ldap

1 Like

Thanks Stephane. I will have to try that on another server. So far I am running this instance as my own personal instance (to practice on).

–Steve

1 Like

relative to ldap, normally you have all the informations in the user/group panel of cokpit (at the top ), else you could use the command line

account-provider-test dump

then it is just a matter to use the administrator user/password or any user able to login in the AD/LDAP

If you want to script it, you have other clues at