53.1. LDAP resource

53.1. LDAP resource
	Chapter 53. LDAP - Lightweight Directory Access Protocol

The LDAP resource allows Abilis to provide the features of a LDAP server and the capability to connect as LDAP client to another LDAP server.

LDAP is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network, it's defined in terms of ASN.1, the latest version is Version 3 and published as RFC 4510.

The LDAP server provides organized set of records with a hierarchical structure and may be used as a corporate electronic mail directory or a telephone directory that is a list of contacts including a name and a phone number.

The server may be accessed via LDAP clients like:

LDAP administration tools:
- LDAPAdmin
- JXplorer
Advanced VoIP phones:
- Snom3XX series
- Advanced PBX
Mail clients:
- Thunderbird
- MS Outlook

53.1.1. Activating the LDAP resource

Add the resource to the Abilis system using the following command:

[15:50:39] ABILIS_CPX:a res:ldap

RES:LDAP ALREADY EXISTS

The LDAP resource may already exist in the system, but isn't active, set it active using the command:

[15:50:43] ABILIS_CPX:s act res:ldap

COMMAND EXECUTED

	Caution
	After adding or setting the LDAP active, you must restart the Abilis to make the resource running (use the command warm start to reboot the Abilis).

To enable LDAP server type:

[09:31:37] ABILIS_CPX:s p ldap srv-act:yes

COMMAND EXECUTED

To enable LDAP client type:

[09:31:37] ABILIS_CPX:s p ldap cli-act:yes

COMMAND EXECUTED

	Caution
	To activate the changes made on the parameters, execute the initialization command init res:ldap

53.1.2. LDAP resource parameters

Use the d p ldap command to display the parameters of the resource; the d p ldap ? command shows the meaning of parameters.

[15:55:01] ABILIS_CPX:d p ldap

RES:Ldap ----------------------------------------------------------------------
Run    DESCR:Lightweight_Directory_Access_protocol
       LOG:NO           mxps:2048    TOS:0-N
       - LDAP Server ----------------------------------------------------------
       SRV-ACT:YES                   srv-sesnum:10       tcp-locport:389
       IPSRC:*                       IPSRCLIST:#
       SRV-SIZE-LIMIT:NO             SRV-TIME-LIMIT:NO   SRV-DT:60
       max-entries:1000              DN-FIRST-ATTR:cn
       root:dc=abilis,dc=net
       wdir:C:\APP\LDAP\
       - LDAP Client ----------------------------------------------------------
       CLI-ACT:YES                   cli-sesnum:5        MAX-REFERRALS:10
       CLI-SIZE-LIMIT:NO             CLI-TIME-LIMIT:NO   CLI-DT:60
       CLI-REM-ACCOUNT-PERMANENT:YES CLI-MAX-TOUT:60
       CLI-PERMANENT-RETRY-DELAY:60

Meaning of the most important parameters:

LOG

Logging functionalities activation/deactivation.

mxps

Maximum size of LDAP message [2048..4096].

TOS

Used to establish the frame priority. First field [default: 0] Second field specify the type of the frame [N=None, D=Min. Delay, T=Max. Throughput, R=Max. Reliability, C=Min. Monetary Cost].

SRV-ACT

Server activation [NO, YES].

srv-sesnum

Total number of LDAP server sessions [1..255].

tcp-locport

LDAP server local TCP port [389].

IPSRC

Incoming requests: accepted source IP address [*, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x].

if net: 0.0.0.0 All IPs are allowed.

In the case that one needs to restrict the access, he has to set in IPSRC the IP address of a client which must always have access, e.g. The IP address of the administrator console, and add further IPs using IPSRCLIST.

IPSRCLIST

Incoming requests: list of further accepted source IP addresses [#, IP/IR/RU/MR listname].

If IPSRCLIST:0 List isn't used.

If IPSRCLIST: <list_id> The parameter contains list identifier.

SRV-SIZE-LIMIT

Maximum number of entries to be returned as a result of the search operation on the local LDAP server [NO, 1..65535].

SRV-TIME-LIMIT

Maximal time allowed for a search operation on the local LDAP server. If set, the result can fail or can be partial [NO, 1..65535 sec].

SRV-DT

Inactivity timeout for server [30..3600 sec].

max-entries

Maximum number of entries (Address books and contacts), in the LDAP data base [100..10000].

DN-FIRST-ATTR

Determines the first attribute to be used in the distinguished name (DN) of contacts [cn, uid]

root

Specifies distinguished name (DN) for the root entry. Max 128 ASCII characters. Spaces require double quotes (E.g. "dc=my book,dc=my root").

wdir

Working directory where the LDAP files are stored. Full path with drive letter ['C'..'Z'] terminated by '\'. Max 128 chars. Spaces require double quotes (E.g. "C:\My dir\").

CLI-ACT

Client activation [NO, YES].

cli-sesnum

Total number of LDAP client sessions [1..255].

MAX-REFERRALS

Maximum number of allowed acceptable referral messages [0..255].

CLI-SIZE-LIMIT

Maximum number of entries to be returned as a result of the search operation on remote LDAP servers [NO, 1..65535].

CLI-TIME-LIMIT

Maximal time allowed for a search operation on the remote LDAP servers. If set, the result can fail or can be partial [NO, 1..65535 sec].

CLI-DT

Inactivity timeout for client [30..3600 sec].

CLI-MAX-TOUT

Maximal time permitted for completion of a request. Actual value may be shorter depending on requester driver [1..3600 sec].

CLI-REM-ACCOUNT-PERMANENT

Keeps ONE permanent TCP connection with CTISYS 'LDAP-REM-ACCOUNT' and uses only it for all request to 'LDAP-REM-ACCOUNT' [NO, YES].

CLI-PERMANENT-RETRY-DELAY

Retry delay if permanent session setting up fails [30..3600 sec].

The command that allows the configuration of the resource to be modified has the following syntax:

s p ldap par:val...

	Caution
	To activate the changes made on the upper case parameters, execute the initialization command init res:ldap; while to activate the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. With warm start command).

There are a few parameters in ctisys resource that are very related to LDAP so we discuss here their meaning:

ADDRBOOK-SOURCE: Select which Address Book service to use [ABILIS-ADDRBOOK, LDAP-LOCAL, LDAP-REMOTE]
ADDRBOOK-SYNC:: Select in which Address Book Abilis users must be entered and kept synchronised [NO, LDAP, ABILIS, ALL]
LDAP-SEARCH-BASE-DN: Ldap Base-DN. From 0 up to 64 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g.: "str1 str2") <Only for ADDRBOOK-SOURCE equal to LDAP-REMOTE>
LDAP-REM-ACCOUNT: Ldap Account. From 0 up to 16 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g.: "str1 str2") <Only for ADDRBOOK-SOURCE equal to LDAP-REMOTE>
LDAP-REM-OUTDIAL: Out dial prefix. Up to 8 digits (E.g. "0"). <Only for ADDRBOOK-SOURCE equal to LDAP-REMOTE>


Chapter 53. LDAP - Lightweight Directory Access Protocol		53.2. LDAP tables