We link Active Directory, Asterisk and OpenFire

We're friends of Active Directory, Asterisk IP telephony server and OpenFire Jabber server.

I will not touch on the installation of everything separately - everything is well described and works individually very well. I will write how I combined it all together, what I came across and what I did.

Disposition:

')
There is a domain controller dc.steepler.local ( 10.10.8.200 ). Domain, respectively - steepler.local. Users are on the server, beaten into departments, etc. What is important is that each user has his number on the Asterisk server in the “phone” column.

There is an installed Asterisk VoIP server ( 10.10.8.98 ). All users are connected via SIP, respectively, the device, in the understanding of Asterisk, they have the type SIP / XXX (where XXX is an extension number). At the time of writing, the server was installed long ago and has already been subjected to serious settings. That is why the work was not brought to a logical end - the logical end would be the automatic generation of the SIP configuration of the end devices and the dial plan. Unfortunately, I was afraid that we would have to seriously rewrite the existing configuration, and in any case, the automatic generation of the recruitment plan that exists in our organization now and has many interactive menus and other customizations will not be interesting to the reader who has the task, first of all, to connect the server. Where to go next - it will be clear. Written scripts are not complicated and have a good foundation for further work.

So, there is Asterisk with the FreePBX frontend installed, which greatly complicated the task. For FreePBX is in use and the need to rewrite all configuration files on top after making any changes to the web interface. That is, we can change configs from the command line, but as soon as we change something later through the web-face, the configs will be overwritten by FreePBX, as a decent front end. Of course, the creators of the shell did not rely on their genius and left the opportunity for fine-tuning. This feature is realized through the loading of additional contexts with the suffix “-custom” (which, in the end, turned out to be enough), or with the help of “override” configs, which rigidly fix the changes you need. But, you have to understand that what is written in the custom or override config will work according to you, regardless of the FreePBX web interface. Or checkered or go. That is, no matter what you twist in the frontend there, whatever they set up - if it touches the customized settings - the settings from the files, not the frontend, will work. That is why a lot of time was spent tracing the set plan generated by FreePBX - I wanted to find an entry point in such a procedure, which would have not been tied to further work.

There are, or rather, at the time of this writing - there was no Jabber server. The choice, for inexplicable reasons, fell on OpenFire. In fact, the reasons are simple - OpenFire allows you to organize end-to-end (Kerberos / GSSAPI / SASL) user authentication. I mean - the user does not need to enter a login or password. If he passed the domain authorization at the entrance to the windows - he is our client. When the client starts, it will itself substitute the user, send a request to the jabber server, and the latter, using Kerberos, will confirm or deny the authenticity of the client's request. I will not go into details, it is important for us that the authorization is transparent for the client, even if there is a policy of periodically changing the password in the domain. It is not necessary to generate stories about "stupid users" who write complaints to the authorities that something stopped working because they forgot to change the password. You just need to do so that they have nowhere to blunt.
On OpenFire, you can install a regular Asterisk-IM plugin to communicate with Asterisk. It allows you to dynamically track the status of users, make calls to IP phones, send notifications. Unfortunately, out of the box, automation leaves much to be desired - despite the fact that pass-through authentication and authorization of users through AD is possible and that information about the user's work phone was originally provided in AD, we have to manually match AD / Asterisk users.
So. Jabber server to be OpenFire, called jbrgseveren01.steepler.local and work at 10.10.8.226 .
Then I proceed from the fact that I have Linux in the form of CentOS5, Asterisk 1.8.2, and the Win2008 domain controller. Although it doesn’t matter at all, it will work in other ways. Only Asterisk version is critical - jabber support appeared only from the 1.6 branch, and a compiled PBX should be with its support.

Tasks:

You need to install a Jabber server, configure it so that it takes the necessary users from the domain group IM. It is necessary in one way or another to automate the comparison of information about domain users, jabber users, Asterisk subscribers.
How does everything work out of the box? (Or pitfalls)
OpenFire contacts the domain controller using the ldap protocol and receives information from it about the users who are allowed to use jabber.
Next, we need to install the Asterisk-IM plugin (two mouse clicks on the OpenFire web face). In the plugin we need to register the server Asterisk. And, oh-shit, with hands, re-register all users in the plan - login - phone number - its subscriber device in the understanding of Asterisk. After that, the functionality of the plugin will work - with the help of a native OpenFire client called Spark, users can call each other using existing phones simply by clicking on the list of contacts. That is, I find a contact, right-click “call”, my phone starts ringing on my desk, I pick up the phone, and immediately the phone starts ringing at the contact. Moreover, when someone speaks by phone, his status in the contact list changes to the corresponding one. Conveniently. But, the job of prescribing users should be automated.
We go further - there is a desire to send notifications of missed calls to jabber. It’s one thing when the lamp blinks on the phone and you have to go on the menu, watch who called and it’s quite another when you are waiting for a message with the exact time and coordinates of the callers. Out of the box is not implemented in any way. That is, Asterisk, of course, easily clings to the OpenFire server in the client or component mode, but the whole further task of processing and sending messages falls on your shoulders. Of course, it’s not the work of sending itself, but the explanatory work with Asterisk ;-) The most stupid decision here is the processing of each number separately. But, if the numbers are more than five, then it does not suit us. Plus, there is a possibility of users migrating between phones, adding new ones, deleting old ones. In addition, do not forget about FreePBX. If we strictly define the rules of recruitment, then we will not be able to use the wonderful web interface. In general, refuse rudely. Not okay. We need to find the entry point in the dial plan, write our own procedure, which will search for the corresponding domain user by the addressee’s number and, in the event of a “nedozvon”, send a message to that jabber - they say, you called such and such a number to such and such .

Getting started

The first thing we need is users. We create two users in the domain. We will need one for ldap authentication, another for Kerberos. I called the first openfire, the second xmpp-openfire. Next, we immediately create a group for jabber users (I have it called IM) and add the necessary users to it. We check that all users who have an internal phone and are included in the IM group in the "telephone number" field should have an internal subscriber number.
The second is to write our future jabber server in DNS. We need both forward and reverse zone. On the jabber server itself, we configure the host name - we set it in / etc / hosts :

127.0.0.1 localhost.localdomain localhost 10.10.8.226 jbrgseveren01.steepler.local jbrgseveren01 

We check nslookup from all sides - everything should be resolved correctly. Yes, the host name is in small case. It is important.
Third, we install OpenFire according to the instructions - http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ldap-guide.html
Everything is simple, there are no pitfalls. Maximum complexity - the formation of literate filters in the ldap request. Connect through the first user. At the exit, get a functioning server with pass-through authorization through AD. You can connect customers and work. But, our task is SSO: Single Sign On. We need the user to not have to think about their username and password for the client.
We are starting to configure Kerberos. Here we use the second user created by us. Everything is described here - http://community.igniterealtime.org/docs/DOC-1060
Everything is a little more complicated, there are pitfalls. The main thing is to remember PRO PROGRAMS - everything matters. Write as in the manual - where the upper case, where the upper, where lower case, there lower case. Do not forget to enter the server in the domain and check the fact of the introduction. It is important!!!
Yes, I created the keytab on a domain controller - everything worked for me. I did not use java tools.
Put Spark - a native OpenFire client, check if SSO works - well. If not, you need to understand - look, write, see.
We go to the Asterisk server (do not forget - I have FreePbx, so I give the names of the files relative to its scheme; in the case of a bare Asterisk, everything will be a little easier) and write to the manager_custom.conf user OpenFire:

 [openfire] secret = XXXX deny=0.0.0.0/0.0.0.0 permit=10.10.8.226/255.255.255.0 read = all write = all 

Now we install the Asterisk-IM plugin. It is in the OpenFire web interface, in a tab with available plugins. We register our VoIP server on the Asterisk-IM tab that appears:

 Server Name: AsteriskGSeveren01 ServerAddress: 10.10.8.98 Port: 5038 Username: openfire Password: XXXX 

It was the turn to prescribe users with hands ... We must go to the Phone Mappings tab and write, write, write. We confine ourselves to a couple of users, check the work. In the contact list Spark, when you right-click on the user name, the call option should appear. We choose - our device should ring, when the tube is lifted - the subscriber's device.
If everything works, well. If not, you need to understand - look, write, see.
Now begins what was spent most of the time.
It is necessary to explain Asterisk-IM that there are domain users and that all the necessary information is in Active Directory.
Directly - no way. The plugin is old, its support has been discontinued - devour it, that is. And we have a MySQL database in which the plugin stores its information. The easiest way would be to remove information from the database on OpenFire users and slip Asterisk-IM into it. But, since we have pass-through authentication, OpenFire does not store anything in its database - it drags directly from the domain controller.
Good. We write a script that will cling to AD via the ldap protocol (we already have a user), drag information on domain users that belong to the IM group, and remove fields containing the full name, login, and phone number. Then we form a SQL injection and push it into Asterisk-IM directly. Dumb crutch, but it works.
There were two scripts - one I found ready here . It is written in perl - it pulls info out of the domain and, by the way, is able to output ready sip.conf after a minimal edit. The second, on the bash, calls the first, prepares its output (yes, I know that I am a pervert, but once the problem has been solved by someone, there is no need to fence), it forms SQL injections and shoves everything into the database.
The worn changed users-from-AD.pl

 #!/usr/bin/perl # users.pl v1.1 # # Script to generate asterisk 'users.conf' file from Active Directory (LADP) on users which contains 'phone' attribute # # Using: # 1. Print users to STDOUT: # users.pl # # 2. Print users to file: # users.pl users_custom.conf use strict; use warnings; use Net::LDAP; use Lingua::Translit; ###################### ### BEGIN SETTINGS ### ###################### my $debug = 0; my $warning = 0; # name of Domain my $AD="steepler.local"; # Domain name in format AD # for example mydomain.ru my $ADDC="DC=steepler,DC=local"; # user in Active directory # example: "CN=asterisk,CN=Users,$ADDC" my $ADUserBind="cn=openfire, cn=users, dc=steepler, dc=local"; my $ADpass="XXXXXXX"; # base search tree # example "OU=Users,$ADDC" my $ADUsersSearchBase="$ADDC"; # Field in active directory where telephone number, display name, phone stored # "telephonenumber", "displayname", "mail" my $ADfieldTelephone="telephonenumber"; my $ADfieldFullName="displayname"; my $ADfieldMail="mail"; my $ADfieldUser="samaccountname"; my $ADfieldGroup="memberOf"; my $ADSearchGroup="CN=IM,CN=Users,DC=steepler,DC=local"; # You need to create a dialplan in your asterisk server; my $dialplan="office"; # default settings my $user_static = "context = $dialplan call-limit = 100 type = friend registersip = no host = dynamic callgroup = 1 threewaycalling = no hasdirectory = no callwaiting = no hasmanager = no hasagent = no hassip = yes hasiax = yes nat=yes qualify=yes dtmfmode = rfc2833 insecure = no pickupgroup = 1 autoprov = no label = macaddress = linenumber = 1 LINEKEYS = 1 callcounter = yes disallow = all allow = ulaw,alaw,iLBC,h263,h263p "; ####################### ### END OF SETTINGS ### ####################### my $ldap; # get array DNS names of AD controllers my $dig = "dig -t srv _ldap._tcp.$AD" . '| grep -v "^;\|^$" | grep SRV | awk "{print \$8}"'; my @adControllers = `$dig`; # try connect to AD controllers foreach my $controller (@adControllers){ $controller =~ s/\n//; #INITIALIZING $ldap = Net::LDAP->new ( $controller ) or next; print STDERR "Connected to AD controller: $controller\n" if $debug > 0; last; } die "$@" unless $ldap; my $mesg = $ldap->bind ( dn=>$ADUserBind, password =>$ADpass); #PROCESSING - Displaying SEARCH Results # Accessing the data as if in a structure # ie Using the "as_struct" method my $ldapUsers = LDAPsearch ( $ADUsersSearchBase, "$ADfieldGroup=$ADSearchGroup", [ $ADfieldFullName, $ADfieldTelephone, $ADfieldMail, $ADfieldUser ] )->as_struct; # translit RUS module. # GOST 7.79 RUS, reversible, GOST 7.79:2000 (table B), Cyrillic to Latin, Russian my $tr = new Lingua::Translit("GOST 7.79 RUS"); my %hashPhones = (); my $phones = \%hashPhones; my @out; while ( my ($distinguishedName, $attrs) = each(%$ldapUsers) ) { # if not exist phone or name - skipping my $attrPhone = $attrs->{ "$ADfieldTelephone" } || next; my $attrUser = $attrs->{ "$ADfieldUser" } || next; my $attrName = $attrs->{ "$ADfieldFullName" } || next; my $encName = $tr->translit("@$attrName"); my $attrMail = $attrs->{ "$ADfieldMail" } || [""]; # check for duplicates phone number if ( $phones -> {"@$attrPhone"} ){ my $currUser = "@$attrName"; my $existUser = $phones -> {"@$attrPhone"}; print STDERR "@$attrPhone alredy exist! Exist:'$existUser' Current:'$currUser'... skipping - '[@$attrPhone] $currUser'\n" if $warning; next; } else { $phones -> {"@$attrPhone"} = "@$attrName"; } # password for SID = (telephonenumber without first digit) + 1 # example: phone=6232 pass=233 #$phsecret =sprintf("%03d",( substr("@$attrVal",1,100)+1)); my $phsecret = "@$attrPhone"; my $lcuser = "@$attrUser"; $lcuser = lc($lcuser); push (@out, "@$attrPhone " . "$lcuser " . "$encName\n" ); } # End of that DN # print to file if (@ARGV){ open FILE, "> $ARGV[0]" or die "Error create file '$ARGV[0]': $!"; print STDOUT "Printing to file '$ARGV[0]'"; print FILE @out; close FILE; print STDOUT " ...done!\n"; } # print to STDOUT else{ print @out; } exit 0; #OPERATION - Generating a SEARCH #$base, $searchString, $attrsArray sub LDAPsearch { my ($base, $searchString, $attrs) = @_; my $ret = $ldap->search ( base => $base, scope => "sub", filter => $searchString, attrs => $attrs ); LDAPerror("LDAPsearch", $ret) && die if( $ret->code ); return $ret; } sub LDAPerror { my ($from, $mesg) = @_; my $err = "[$from] - error" ."\nCode: " . $mesg->code ."\nError: " . $mesg->error . " (" . $mesg->error_name . ")" ."\nDescripton: " . $mesg->error_desc . ". " . $mesg->error_text; print STDERR $err if $warning; } 

But the second on the bash:
phone-bindings-update-from-AD.sh :

 #!/bin/bash TIMESTAMP=`/bin/date +%d%m%y%k%M%S` BACKUPDIR=/opt/openfire/bin/phone-mappings/backup BINDIR=/opt/openfire/bin WORKDIR=$BINDIR/phone-mappings SCRIPTNAMEDEVICE=$WORKDIR/phone-bindings-from-AD-device.sql SCRIPTNAMEUSER=$WORKDIR/phone-bindings-from-AD-user.sql SCRIPT=$WORKDIR/$SCRIPTNAME PERLSCRIPT=$BINDIR/users-from-AD.pl DEVICETPLHEAD=$WORKDIR/phoneDevice.tplhead DEVICEINJ=$WORKDIR/phoneDevice.inj DEVICETPLFOOT=$WORKDIR/phoneDevice.tplfoot USERTPLHEAD=$WORKDIR/phoneUser.tplhead USERINJ=$WORKDIR/phoneUser.inj USERTPLFOOT=$WORKDIR/phoneUser.tplfoot #backuping tables mysqldump -uXXXXXXX -pXXXXXXX openfire phoneDevice > $BACKUPDIR/phoneDevice-$TIMESTAMP.sql mysqldump -uXXXXXXX -XXXXXXX openfire phoneUser > $BACKUPDIR/phoneUser-$TIMESTAMP.sql # Clearing injections cat /dev/null > $DEVICEINJ cat /dev/null > $USERINJ # finding current Asterisk server ID in openfire DB serverID=`mysql -Bse "SELECT serverID FROM openfire.phoneServer;" -uXXXX -pXXXX` # resetting counters counter=0 counter2=0 #executing perl script to retrieve current phone numbers from AD for i in `$PERLSCRIPT`; do counter=`expr $counter + 1` binder[$counter]=$i done maxcount=$counter counter=1 while [ "$counter" -lt "$maxcount" ] do # deviding array into two with extensions and jids counter2=`expr $counter2 + 1` extension=${binder[$counter]} counter=`expr $counter + 1` username=${binder[$counter]} counter=`expr $counter + 1` callerID=${binder[$counter]} counter=`expr $counter + 1` callerID=$callerID\ ${binder[$counter]} counter=`expr $counter + 1` deviceID=$counter2 userID=$counter2 # Creating phoneDevice injection echo INSERT INTO \`phoneDevice\` VALUES\($deviceID,\'SIP/$extension\',\'$extension\',\'$callerID\',1,$userID,$serverID\)\; >> $DEVICEINJ # Creating phoneUser injection echo INSERT INTO \`phoneUser\` VALUES\($userID,\'$username\'\)\; >> $USERINJ done # Compile complete injections cat $DEVICETPLHEAD > $SCRIPTNAMEDEVICE cat $DEVICEINJ >> $SCRIPTNAMEDEVICE cat $DEVICETPLFOOT >> $SCRIPTNAMEDEVICE # Compile complete injections cat $USERTPLHEAD > $SCRIPTNAMEUSER cat $USERINJ >> $SCRIPTNAMEUSER cat $USERTPLFOOT >> $SCRIPTNAMEUSER # Injecting into tables cat $SCRIPTNAMEDEVICE | mysql -uXXXXXXX -pXXXXXXX cat $SCRIPTNAMEUSER | mysql -uXXXXXXX –pXXXXXXX 

As you can see, the second script uses templates for the header and footer injection. Templates are obtained by running mysqldump on existing tables and then trimming the result. Actually, here are the templates:

phoneUser.tplhead:

 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; USE openfire; DROP TABLE IF EXISTS `phoneUser`; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; CREATE TABLE phoneUser ( userID bigint not null, username varchar(255) not null unique, primary key (userID) ); SET character_set_client = @saved_cs_client; LOCK TABLES `phoneUser` WRITE; /*!40000 ALTER TABLE `phoneUser` DISABLE KEYS */; 

phoneUser.tplfoot:

 /*!40000 ALTER TABLE `phoneUser` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; 

phoneDevice.tplhead:

 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; USE openfire; DROP TABLE IF EXISTS `phoneDevice`; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; CREATE TABLE `phoneDevice` ( `deviceID` bigint(20) NOT NULL, `device` varchar(255) NOT NULL, `extension` varchar(255) NOT NULL, `callerId` varchar(255) default NULL, `isPrimary` int(11) NOT NULL, `userID` bigint(20) default NULL, `serverID` bigint(20) NOT NULL, PRIMARY KEY (`deviceID`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; SET character_set_client = @saved_cs_client; LOCK TABLES `phoneDevice` WRITE; /*!40000 ALTER TABLE `phoneDevice` DISABLE KEYS */; 

phoneDevice.tplfoot:

 /*!40000 ALTER TABLE `phoneDevice` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; /*!40101 SET SQL_MODE=@OLD_SQL_MODE */; /*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; 

The script is pushed into crones, we execute and we find the appeared binding of users to phones in the Phone Bindings tab of the Asterisk-IM plug-in. Half done.

The next task is to send missed call messages. If you have a TrixBox or FreePBX - do as I do - everything will probably work. If naked Asterisk is all in your hands, improvise, much is available to you. I even kind of envy)))

First you need to perform authorization via ssh on the keys - we will use scp and remote execution of the procedure. ssh-keygen will help you, there are enough manuals on the network, I will not repeat. The script on the jabber server will crawl into the database, which we ruled by the previous script (yes, they can be combined into one, but I solved the problems not at the same time, but in general - unix way says that the tasks are correctly divided into components), take out the user's login , phone number. Generate jID. Next, we prepare an executable script that will enter information into the built-in Asterisk database, transfer it to the Asterisk server and launch it.

Here's what happened:
phone-mapping-request.sh :

 #!/bin/bash WORKDIR=/opt/openfire/bin/phone-mappings SCRIPTNAME=phone-mappings-script.sh SCRIPT=$WORKDIR/$SCRIPTNAME SERVER=jbrgseveren01.steepler.local #asterisk USER@HOST:/PathToFile ASTERISK=root@10.10.8.98 #asterisk /PathToFile RPATH=/etc/asterisk/scripts counter=0 counter2=0 #clearing script file cat /dev/null > $SCRIPT #perform MYSQL request for mappings for i in `mysql -Bse "SELECT extension,username FROM openfire.phoneDevice JOIN openfire.phoneUser ON openfire.phoneUser.UserID=openfire.phoneDevice.UserID;" -uXXXX -pXXXX`; do counter=`expr $counter + 1` mapper[$counter]=$i done maxcount=$counter counter=1 while [ "$counter" -lt "$maxcount" ] do # deviding array into two with extensions and jids counter2=`expr $counter2 + 1` extension[$counter2]=${mapper[$counter]} counter=`expr $counter + 1` jid[$counter2]=${mapper[$counter]} counter=`expr $counter + 1` # forming asterisk script outstringdel="asterisk -rvx \"database del AMPUSER "${extension[$counter2]}"/jid\"" outstringadd="asterisk -rvx \"database put AMPUSER "${extension[$counter2]}"/jid "${jid[$counter2]}"@"$SERVER"\"" echo $outstringdel >> $SCRIPT echo $outstringadd >> $SCRIPT done # moving scrip to asterisk host chmod 755 $SCRIPT scp $SCRIPT $ASTERISK:$RPATH # run script ssh $ASTERISK $RPATH/$SCRIPTNAME 

Things are easy - to explain Asterisk what to do about it. There was spent a huge amount of time finding the entry point. If it works like mine, fine. If not, I give a tip. An asterisk, in the case of including different instructions on the same condition (that is, one action on the condition is written in the dialplan, another in the inclusion of the loadable context, the other) takes the instruction that was received first. Subsequent stupidly ignored. I mean, if you have written some function, inserted it, and the result is zero, do dialplan show and see where this condition in this context branch meets all include before yours.
In my case, it was enough to add to extensions_custom.conf :

 [from-internal-noxfer-custom] ; Missed calls Jabber notification exten => h,1,Macro(XMPPSend,) exten => h,n,Macro(hangupcall) [macro-XMPPSend] ; Missed calls Jabber notification exten => s,1,GotoIf($["foo${DB(AMPUSER/${THISDIAL:4}/jid)}" = "foo"]?5:2) exten => s,n,Set(JID=${DB(AMPUSER/${THISDIAL:4}/jid)}) exten => s,n,Jabbersend(asterisk-jabber,${JID},${STRFTIME(${EPOCH},,%d/%m/%Y-%H:%M:%S)} -     ${THISDIAL:4}  ${CALLERID(name)},  ${CALLERID(num)}) exten => s,n,MacroExit() exten => s,n,Noop(No Jabber ID provided for target extension - ${THISDIAL:4}) exten => s,n,MacroExit() 

And, register Asterisk as a component of OpenFire:
On the Asterisk side:
Jabber.conf:

 [general] debug=no ;;Turn on debugging by default. ;autoprune=yes ;;Auto remove users from buddy list. ;autoregister=yes ;;Auto register users from buddy list. [asterisk-jabber] ;;label type=component ;;Client or Component connection serverhost=jbrgseveren01.steepler.local ;;Route to server username=asterisk ;;Username with optional roster. secret=XXXX ;;Password port=5275 ;;Port to use defaults to 5222 

On the OpenFire side, go to Server -> Server Settings -> External Components Settings
Enable Service Enabled. Optionally add asterisk to whitelist.

We check the work of the service ...

I hope something helped. If you have questions - write.