To access the LDAP web interface via a browser an Abilis User must be active, must have HTTP and LDAP parameters set to yes and must have HTTP and LDAP rights.

Using the admin account you need just to use the following command:

[21:29:04] ABILIS_CPX:s user:admin act:yes ldap:yes http:yes

COMMAND EXECUTED

If you use another account, remember to allow the HTTP rights too.

[21:49:08] ABILIS_CPX:s user:test act:yes ldap:yes http:yes

COMMAND EXECUTED

[21:49:35] ABILIS_CPX:a http rights id:2 user:test file:r dir:l

COMMAND EXECUTED

Non-administrator users by default have only the "read" right. The administrator has the full control.

If you want a LDAP account be also able to modify/create/remove contacts allowing it to have full rights then issue following commands:

[21:49:08] ABILIS_CPX:a ldap rights id:1 user:test grants:rwcd

COMMAND EXECUTED

[21:49:28] ABILIS_CPX:a ldap rights id:2 user:test grants:rwcd

COMMAND EXECUTED

[21:49:38] ABILIS_CPX:a ldap rights id:3 user:test grants:rw

COMMAND EXECUTED

Let's use admin account in this example, anyway you know how to use another account.

Log into the web interface as admin and click the "LDAP Address books" link.

Figure 52.7. Abilis main web page

Look at the LDAP administration page.

Figure 52.8. LDAP adminstration page

The administrator has full access to all the address books. The interface includes also the name of the Base DN for each address book. The interface also allows to import/export a single address book.

	Note
	To import/export the whole LDAP DB or to handle personal address books, visit the "Advanced LDAP administration" page. Although LDAP server includes disaster recovery features, a periodical backup (via exporting) of address books or the whole DB is suggested.

Click on contacts address book.

Figure 52.9. LDAP Contacts address book

Then you may add a new contact via the button.

Figure 52.10. Contact details

	Note
	In the system address book, synchronised attributes "commonName" and "telephoneNumber" cannot be edited, although having the "w" right.

To access LDAP server via a LDAP client install LDAPAdmin or JXplorer on a PC.

You also need an Abilis user that must have the LDAP parameter set to yes.

Using the admin account you need just to use the following command:

[21:29:04] ABILIS_CPX:s user:admin act:yes ldap:yes

COMMAND EXECUTED

If you use another account, remember to allow LDAP rights too.

[21:49:08] ABILIS_CPX:s user:test act:yes ldap:yes

COMMAND EXECUTED

Non-administrator users by default have only the "read" right. The administrator has full control.

If you want a LDAP account be able also to modify/create/remove contacts allowing it to have full rights issue following commands.

[21:49:08] ABILIS_CPX:a ldap rights id:1 user:test grants:rwcd

COMMAND EXECUTED

[21:49:28] ABILIS_CPX:a ldap rights id:2 user:test grants:rwcd

COMMAND EXECUTED

[21:49:38] ABILIS_CPX:a ldap rights id:3 user:test grants:rw

COMMAND EXECUTED

Open LDAPAdmin and create a new connection.

Let's access as user "test".

Figure 52.11. LDAP admin connection page

Edit following parameters.

	Caution
	LDAP uses plain authentication on a non encrypted connection so use the account only in controlled networks or at least use an ad hoc LDAP account (a user that can just access LDAP) to avoid to share a password with other Abilis services for that user.

Figure 52.12. The address book viewed by LDAP admin tool

Add a new entry.

Figure 52.13. Adding a new entry

Add the obectClass organizationalPerson via the Objectclass combobox.

Figure 52.14. Add the objectClass

Edit attributes and set the Rdn as "cn=<common name>".

Figure 52.15. Edit attributes

	Note
	Use the Save button to save the entry, if you receive a message explaining that the operation cannot be completed, you may not have the permission to do such operation.