| 52.2. LDAP tables | ||
|---|---|---|
 | Chapter 52. LDAP - Lightweight Directory Access Protocol |  |
| 52.2. LDAP tables | ||
|---|---|---|
| | Chapter 52. LDAP - Lightweight Directory Access Protocol | |
This table allows the LDAP administrator to handle the LDAP accounts and the user's data auto-publication.
Use the d user command to display the parameters of the users; the d user: ? command shows the meaning of all parameters.
[21:29:02] ABILIS_CPX:d user
------------------------+-------------+----------------------------------------
USER PWD ACT|CTIP CLUS |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO
------------------------+-------------+----------------------------------------
admin *** YES # # YES YES YES YES YES NO NO NO NO
guest NO # # NO NO NO NO NO NO NO NO NO
To allow an user to access LDAP, the LDAP
parameter must be set to YES.
[21:29:04] ABILIS_CPX:s user:admin act:yes ldap:yesCOMMAND EXECUTED [21:31:07] ABILIS_CPX:s user:guest act:yes ldap:yesCOMMAND EXECUTED [21:32:02] ABILIS_CPX:d user------------------------+-------------+---------------------------------------- USER PWD ACT|CTIP CLUS |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO ------------------------+-------------+---------------------------------------- admin *** YES # # YES YES YES YES YES NO NO NO NO guest YES # # NO YES NO NO NO NO NO NO NO
In the example the LDAP account for the user admin and the user guest (anonymous) was activated.
Type the following command to create a new user with LDAP account.
[21:31:12] ABILIS_CPX:a user:test act:yes pwd:test ldap:yesCOMMAND EXECUTED [21:34:18] ABILIS:d user------------------------+-------------+---------------------------------------- USER PWD ACT|CTIP CLUS |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO ------------------------+-------------+---------------------------------------- admin *** YES # # YES YES YES YES YES NO NO NO NO guest YES # # NO YES NO NO NO NO NO NO NO test *** YES # # NO YES NO NO NO NO NO NO NO
Type the following command to view user test's details:
[21:34:20] ABILIS_CPX:d user:test
Parameter: | Value:
--------------------+----------------------------------------------------------
USER: test
REAL-NAME: test
ID: 5 <Read Only>
PWD: ***
ACT: YES
GROUP:
CTIP: #
CLUS: #
ADDRBOOK-SYNC: SYS
ADDRBOOK-NUMBER: AUTO
ADDRBOOK-OUTDIAL: NONE
ADDRBOOK-PUB-ENABLED: SYS
OPC-ROLE: USER
OPC-VIEW: *
OPC-HIDE-NUMBERS: NO
OPC-MONITOR: NONE
OPC-PRIVACY: NO
CHAT: NO
CHAT-USER: SYS
CHAT-PWD: SYS
LDAP: YES
LDAP-OWN-ADDRBOOK: NO
-------------------------------------------------------------------------------![[Note]](../images/note.png) | Note |
|---|---|
This command displays only the parameters related to enabled drivers; if you want to see all the user parameters type the d usere:<ldap_user> command. |
Meaning of the most important parameters:
LDAPEnables/disables the LDAP account for the user [NO, YES], the default is NO.
LDAP-OWN-ADDRBOOKEnable/disable user's personal address book [NO, YES], the default is NO. This parameter acts only if LDAP parameter is enabled.
ADDRBOOK-SYNCADDRBOOK-SYNC: Select in which Address Book(s) the user must be entered and kept synchronised [SYS, NO, LDAP, ABILIS, ALL] If 'SYS', the Address Book(s) the user must be entered and kept synchronised is inherited from the ADDRBOOK-SYNC parameter in CtiSys resource.
ADDRBOOK-NUMBERDetermine which is the Address Book user phone number [NONE, AUTO, CTIP, CLUS, CTISIP, CTIIAX] If 'AUTO' the first valid number is used between the ones assigned to CTIP, CTICLUS, CTISIP and CTIIAX interfaces.
CTIP, the phone number is provided by the LDAP-NUM parameter of the CTI port specified in CTIP user parameter.
CLUS, the phone number is provided by the LDAP-NUM parameter of the Cluster specified in CLUS user parameter.
CTISIP, the phone number is provided by the SIP-LDAP-NUM user parameter (if the SIP account is active).
CTIIAX, the phone number is provided by the IAX-LDAP-NUM user parameter (if the IAX account is active).
ADDRBOOK-OUTDIALOut-dial prefix number. NONE or SYS or max 8 digits [0..9]. If SYS, the out-dial prefix value is inherited from the OUTDIAL-DIGIT parameter in CtiSys resource.
ADDRBOOK-PUB-ENABLEDEnable the user to add/delete/update 'public' contacts of Abilis Address Book [SYS, NO, YES] If 'SYS', the user's rights on 'public' contacts are inherited from the ADDRBOOK-PUB-PROTECTED parameter in CtiSys resource. If 'YES' or 'NO', the user is allowed or not to add/delete/update 'public' contacts, regardless of the value of ADDRBOOK-PUB-PROTECTED parameter in CtiSys resource.
The LDAP tree is composed of a root (that is configurable via the parameter root) and its branches. One branch is reserved to the address books.
There are two kinds of address books:
Main
The address book is accessible from any allowed user via a LDAP right table.
Personal
The address book contains the contacts that are accessible only by the related account. A LDAP account may enable the personal address book via the user parameter LDAP-OWN-ADDRBOOK.
There are three main address books that are automatically created:
It will contain all (and only) the synchronized contacts which information is gathered by the user table and the CTI and CLUSTER resources. Currently the synchronized attributes are the common name and the telephone number.
It's intended to contain the contacts for internal usage in a company.
It's intended to contain the contacts for external use, i.e. provided to the third part companies.
To display the rights of the address books use the following command.
[21:41:10] ABILIS_CPX:d ldap rights
-------------------------------------------------------------------------------
ID: ADDRESSBOOK:
USER: GRANTS:
-------------------------------------------------------------------------------
1 contacts
admin rwcd
anonymous ----
-------------------------------------------------------------------------------
2 published
admin rwcd
anonymous r---
-------------------------------------------------------------------------------
3 system
admin rw--
anonymous ----
-------------------------------------------------------------------------------Where the "rwcd" chars mean:
r - right to access the address book and read contacts
w - right to modify the contacts in the address book
c - right to create new contacts in the address book
d - right to delete contacts in the address book
In the system address book the creation and the deletion of contacts is never allowed because it's internally auto-synchronized.
The rights of Admin and Anonymous on default address books are explicit (note that by default the anonymous has access only to published), other users have implicit rights.
New users with LDAP parameter enabled have the "r" right in all the main address books (also the new ones) and the its personal AddressBook (LDAP-OWN-ADDRBOOK enabled).
If a different behaviour is needed for a user, an explicit entry is added. In example to remove the visibility of system address book to the user "test" use the following command:
[21:41:00] ABILIS_CPX:a ldap rights id:3 user:test grants:
COMMAND EXECUTED
[21:41:10] ABILIS:d ldap rights
-------------------------------------------------------------------------------
ID: ADDRESSBOOK:
USER: GRANTS:
-------------------------------------------------------------------------------
1 contacts
admin rwcd
anonymous ----
-------------------------------------------------------------------------------
2 published
admin rwcd
anonymous r---
-------------------------------------------------------------------------------
3 system
admin rw--
anonymous ----
test ----
-------------------------------------------------------------------------------The account table is used when LDAP acts as a client of remote servers. The list of account on such servers is available in such table. The value in the account may be used by LDAP-REM-ACCOUNT parameter in CTISYS table.
Use the d ldap account user command to display the account table parameters; the d ldap account ? command shows the meaning of all parameters.
In this example a new account is created. Its name is cpx-test and such string is used in LDAP-REM-ACCOUNT in ctisys resource to identify such account.
[17:29:06] ABILIS_CPX:a ldap account:cpx-testCOMMAND EXECUTED [17:31:43] ABILIS_CPX:s ldap account:cpx-test host:80.80.80.80COMMAND EXECUTED [17:31:59] ABILIS_CPX:s ldap account:cpx-test user:jack pwd:mypassword[17:32:58] ABILIS_CPX:d ldap account--------+------------------+----------------------------------+---------------- ID: |[DESCR:] ENABLED:|ACCOUNT: |HOST: |PORT: |USER: |PWD: --------+------------------+----------------------------------+---------------- 0 cpx-test YES 80.80.80.80 DFT (389) jack *** --------+------------------+----------------------------------+---------------- [17:34:48] ABILIS_CPX:s p ctisys ADDRBOOK-SOURCE:ldap-remote LDAP-REM-ACCOUNT:cpx-testCOMMAND EXECUTED [17:34:48] ABILIS_CPX:s p ctisys LDAP-SEARCH-BASE-DN:dc=foo,dc=barCOMMAND EXECUTED [17:35:18] ABILIS_CPX:d p ctisysRES:CtiSys -------------------------------------------------------------------- Run DESCR:CTI_System_general_properties ... - Address Book --------------------------------------------------------- ADDRBOOK-SOURCE:LDAP-REMOTE ADDRBOOK-SYNC:NO LDAP-SEARCH-BASE-DN:dc=foo,dc=bar LDAP-REM-ACCOUNT:cpx-test LDAP-REM-OUTDIAL:0
Meaning of the most parameters:
ENABLEDEnable/disable this entry [NO, YES]
DESCREntry description. Max 70 chars. Spaces require double quotes (E.g. "str1 str2").
ACCOUNTLDAP Account name. Max 16 ASCII chars. Spaces require double quotes (E.g. "My Account").
HOSTIP address of the remote LDAP host [1-126.x.x.x, 127.0.0.1, 128-223.x.x.x] or FQDN host name of max 64 characters in the range ['0'..'9', 'a'..'z', '-', '.' ]. FQDN name is forced to lower case.
PORTTCP port of the remote LDAP host [1..65535, DFT], where 'DFT' value corresponds to 'ldap(389)' protocol port.
USERUsername of the account on the remote server. Max 32 ASCII chars. Spaces require double quotes (E.g. "My user").
PWDPassword of the account on the remote server. Max 32 ASCII chars. Space not allowed.
The account table is used when LDAP acts as a server and as a client. The list of referral on such servers is available in such table. When a remote LDAP client asks for a base-dn specified in such table, then Abilis relay the request to another LDAP server providing itself the answer if CHAIN parameter is set to true.
Use the d ldap referral user command to display the referral table parameters; the d ldap referral ? command shows the meaning of all parameters.
In this example a new referral entry is created.
[17:29:06] ABILIS_CPX:a ldap referral id:0 base-dn:dc=test,dc=it account:cpx-testCOMMAND EXECUTED [17:48:59] ABILIS_CPX:d ldap referral- Not Saved (SAVE CONF), Not Refreshed (INIT) --------------------------------- --------+-------------------------------------+-------------------------------- ID: |[DESCR:] ENABLED:|BASE-DN: |ACCOUNT: |CHAIN --------+-------------------------------------+-------------------------------- 0 dc=test,dc=it NO cpx-test (Not Present) NO --------+-------------------------------------+--------------------------------
Meaning of the most parameters:
ENABLEDEnable/disable this entry [NO, YES].
DESCREntry description. Max 70 chars. Spaces require double quotes (E.g. "str1 str2").
BASE-DNLDAP Base-DN. Max 64 alphanumeric, '=' and ',' characters. Spaces require double quotes (E.g. "dc=addr book,dc=net").
ACCOUNTLDAP Account name. Max 16 ASCII characters. Spaces require double quotes (E.g. "My Account").
CHAINEnable/Disable the chaining [NO, YES]. Chaining uses a client session to resolve the request to an external server.
| |  | |
| 52.1. LDAP resource |  | 52.3. LDAP use cases |