42.2. LDAP tables

42.2.1. User table

This table allows the LDAP administrator to handle the LDAP accounts and the user's data auto-publication.

Use the d user command to display the parameters of the users; the d user: ? command shows the meaning of all parameters.

[21:29:02] ABILIS_CPX:d user

USER:            PWD: ACT: CTIP: CLUS:    PPP: FTP: HTTP: MAIL: IAX: SIP: LDAP:
--------------------------------+--------------+-------------------------------
admin            ***  NO   #     #        YES  YES  YES   NO    NO   NO   NO
guest                 NO   #     #        NO   NO   NO    NO    NO   NO   NO

To allow an user to access LDAP, the LDAP parameter must be set to YES.

[21:29:04] ABILIS_CPX:s user:admin act:yes ldap:yes

COMMAND EXECUTED

[21:31:07] ABILIS_CPX:s user:guest act:yes ldap:yes

COMMAND EXECUTED

[21:32:02] ABILIS_CPX:d user

USER:            PWD: ACT: CTIP: CLUS:    PPP: FTP: HTTP: MAIL: IAX: SIP: LDAP:
--------------------------------+--------------+-------------------------------
admin            ***  YES  #     #        YES  YES  YES   NO    NO   NO   YES
guest                 YES  #     #        NO   NO   NO    NO    NO   NO   YES

In the example the LDAP account for the user admin and the user guest (anonymous) was activated.

Type the following command to create a new user with LDAP account.

[21:31:12] ABILIS_CPX:a user:test act:yes pwd:test ldap:yes

COMMAND EXECUTED

[21:34:18] ABILIS:d user

- Not Saved (SAVE CONF) -------------------------------------------------------
USER:            PWD: ACT: CTIP: CLUS:    PPP: FTP: HTTP: MAIL: IAX: SIP: LDAP:
--------------------------------+--------------+-------------------------------
admin            ***  YES  #     #        YES  YES  YES   NO    NO   NO   YES
guest                 YES  #     #        NO   NO   NO    NO    NO   NO   YES
test             ***  YES  #     #        NO   NO   NO    NO    NO   NO   YES

Type the following command to view user test's details:

[21:34:20] ABILIS_CPX:d user:test

Parameter:        | Value:
------------------+------------------------------------------------------------
USER:               test
ALIAS:              test
ID:                 3             <Read Only>
PWD:                ***
ACT:                YES
GROUP:
CTIP:               #
CLUS:               #
ADDRBOOK-SYNC:        SYS
ADDRBOOK-NUMBER:      AUTO
ADDRBOOK-OUTDIAL:     NONE
LDAP:                 YES
LDAP-OWN-ADDRBOOK:    NO
-------------------------------------------------------------------------------
[Note]Note

This command displays only the parameters related to enabled drivers; if you want to see all the user parameters type the d usere:<ldap_user> command.

Meaning of the most important parameters:

LDAP

Enables/disables the LDAP account for the user [NO, YES], the default is NO.

LDAP-OWN-ADDRBOOK

Enable/disable user's personal address book [NO, YES], the default is NO. This parameter acts only if LDAP parameter is enabled.

ADDRBOOK-SYNC

ADDRBOOK-SYNC: Select in which Address Book(s) the user must be entered and kept synchronised [SYS, NO, LDAP, ABILIS, ALL] If 'SYS', the Address Book(s) the user must be entered and kept synchronised is inherited from the ADDRBOOK-SYNC parameter in CtiSys resource.

ADDRBOOK-NUMBER

Determine which is the Address Book user phone number [NONE, AUTO, CTIP, CLUS, CTISIP, CTIIAX] If 'AUTO' the first valid number is used between the ones assigned to CTIP, CTICLUS, CTISIP and CTIIAX interfaces.

  • CTIP, the phone number is provided by the LDAP-NUM parameter of the CTI port specified in CTIP user parameter.

  • CLUS, the phone number is provided by the LDAP-NUM parameter of the Cluster specified in CLUS user parameter.

  • CTISIP, the phone number is provided by the SIP-LDAP-NUM user parameter (if the SIP account is active).

  • CTIIAX, the phone number is provided by the IAX-LDAP-NUM user parameter (if the IAX account is active).

ADDRBOOK-OUTDIAL

Determine which is the main user phone number [NONE, CTIP, CLUS CTISIP, CTIIAX]. The number that is actually used is filtered by macros that depends on the interface:

42.2.2. Rights table

The LDAP tree is composed of a root (that is configurable via the parameter root) and its branches. One branch is reserved to the address books.

There are two kinds of addres books:

  • Main

    The address book is accessible from any allowed user via a ldap right table.

  • Personal

    The address book contains the contacts that are accessible only by the related account. A LDAP account may enable the personal address book via the user parameter LDAP-OWN-ADDRBOOK.

There are three main address books that are automatically created:

  • SYSTEM

    It will contain all (and only) the synchronised contacts which information is gathered by the user table and the CTI and CLUSTER resources. Currently the synchronised attributes are the common name and the telephone number.

  • CONTACTS

    It is intented to contain the contacts for internal usage in a company.

  • PUBLISHED

    It is intended to contain the contacts for external use, i.e. provided to third part companies.

Figure 42.1. An example of LDAP tree

An example of LDAP tree

To display the rights of the addess books use the following command.

[21:41:10] ABILIS_CPX:d ldap rights

-------------------------------------------------------------------------------
ID: ADDRESSBOOK:
       USER:                            GRANTS:
-------------------------------------------------------------------------------
  1 contacts
       admin                            rwcd
       anonymous                        ----
-------------------------------------------------------------------------------
  2 published
       admin                            rwcd
       anonymous                        r---
-------------------------------------------------------------------------------
  3 system
       admin                            rw--
       anonymous                        ----
-------------------------------------------------------------------------------

Where the rwcd chars mean:

  • r - right to access the address book and read contacts

  • w - right to modify the contacts in the address book

  • c - right to create new contacts in the address book

  • d - right to delete contacts in the address book

In the system address book the creation and the deletion of contacts is never allowed because it is internally auto-synchronized.

The rights of Admin and Anonymous on default address books are explicit (note that by default the anonymous has access only to published), other users have implicit rights.

New users with LDAP parameter enabled have the "r" right in all the main address books (also the new ones) and the its personal addressBook (LDAP-OWN-ADDRBOOK enabled).

If a different behavior is needed for a user, an explicit entry is added. In example to remove the visibility of system address book to the user "test" use the following command:

[21:41:00] ABILIS_CPX:a ldap rights id:3 user:test grants:

COMMAND EXECUTED

[21:41:10] ABILIS:d ldap rights

-------------------------------------------------------------------------------
ID: ADDRESSBOOK:
       USER:                            GRANTS:
-------------------------------------------------------------------------------
  1 contacts
       admin                            rwcd
       anonymous                        ----
-------------------------------------------------------------------------------
  2 published
       admin                            rwcd
       anonymous                        r---
-------------------------------------------------------------------------------
  3 system
       admin                            rw--
       anonymous                        ----
       test                             ----
-------------------------------------------------------------------------------

42.2.3. Account table

The account table is used when LDAP acts as a client of remote servers. The list of account on such servers is available in such table. The value in the account may be used by LDAP-REM-ACCOUNT parameter in CTISYS table.

Use the d ldap account user command to display the account table parameters; the d ldap account ? command shows the meaning of all parameters.

In this example a new account is created. Its name is cpx-test and such string is used in LDAP-REM-ACCOUNT in ctisys resource to identify such account.

[17:29:06] ABILIS_CPX:a ldap account:cpx-test

COMMAND EXECUTED

[17:31:43] ABILIS_CPX:s ldap account:cpx-test host:80.80.80.80

COMMAND EXECUTED

[17:31:59] ABILIS_CPX:s ldap account:cpx-test user:jack pwd:mypassword


[17:32:58] ABILIS_CPX:d ldap account

--------+------------------+----------------------------------+----------------
ID:     |[DESCR:]
ENABLED:|ACCOUNT:
        |HOST:
        |PORT:             |USER:                             |PWD:
--------+------------------+----------------------------------+----------------
0        cpx-test
YES      80.80.80.80
         DFT (389)          jack                               ***
--------+------------------+----------------------------------+----------------


[17:34:48] ABILIS_CPX:s p res:ctisys ADDRBOOK-SOURCE:ldap-remote LDAP-REM-ACCOUNT:cpx-test

COMMAND EXECUTED

[17:34:48] ABILIS_CPX:s p res:ctisys LDAP-SEARCH-BASE-DN:dc=foo,dc=bar

COMMAND EXECUTED

[17:35:18] ABILIS_CPX:d p res:ctisys

RES:CtiSys --------------------------------------------------------------------
Run    DESCR:CTI_System_general_properties
       ...
       - Address Book ---------------------------------------------------------
       ADDRBOOK-SOURCE:LDAP-REMOTE         ADDRBOOK-SYNC:NO
       LDAP-SEARCH-BASE-DN:dc=foo,dc=bar
       LDAP-REM-ACCOUNT:cpx-test
       LDAP-REM-OUTDIAL:0

Meaning of the most parameters:

ENABLED

Enable/disable this entry [NO, YES]

DESCR

Entry description. From 0 up to 70 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g. "str1 str2").

ACCOUNT

LDAP Account name. From 1 up to 16 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g. "str1 str2").

HOST

IP address of the remote LDAP host [1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] or FQDN host name of max. 64 characters in the range ['0'..'9', 'a'..'z', '-', '.' ]. FQDN name case is not preserved.

PORT

TCP port of the remote LDAP host [1..65535, DFT], where 'DFT' value corresponds to 'ldap(389)' protocol port.

USER

Username of the account on the remote server. From 1 up to 16 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g. "str1 str2").

PWD

Password of the account on the remote server. From 0 up to 32 ASCII printable characters. Spaces are not allowed. Case is preserved.

42.2.4. Referral table

The account table is used when LDAP acts as a server and as a client. The list of referral on such servers is available in such table. When a remote ldap client asks for a base-dn specified in such table then Abilis relay the request to another LDAP server providing itself the answer if CHAIN parameter is set to true.

Use the d ldap referral user command to display the referral table parameters; the d ldap referral ? command shows the meaning of all parameters.

In this example a new referral entry is created.

[17:29:06] ABILIS_CPX:a ldap referral id:0 base-dn:dc=test,dc=it account:cpx-test

COMMAND EXECUTED

[17:48:59] ABILIS_CPX:d ldap referral

- Not Saved (SAVE CONF), Not Refreshed (INIT) ---------------------------------
--------+-------------------------------------+--------------------------------
ID:     |[DESCR:]
ENABLED:|BASE-DN:
        |ACCOUNT:                             |CHAIN
--------+-------------------------------------+--------------------------------
0        dc=test,dc=it
NO       cpx-test (Not Present)                NO
--------+-------------------------------------+--------------------------------

Meaning of the most parameters:

ENABLED

ENABLED: Enable/disable this entry [NO, YES]

DESCR

Entry description. From 0 up to 70 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g. "str1 str2"). BASE-DN:

BASE-DN

LDAP Base Dn. From 0 up to 64 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g.: "addressBook=my contacts,dc=addressBooks").

ACCOUNT

LDAP Account name. From 0 up to 16 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g. "str1 str2").

CHAIN

Enable/Disable the chaining [NO, YES]. Chaining uses a client session to resolve the request to an external server.