44.4. Handling contacts

There are two ways to access the Abilis LDAP server, the Abilis web interface or a LDAP client.

44.4.1. Web Interface

To access the LDAP web interface via a browser an Abilis User must be active, must have HTTP and LDAP parameters set to yes and must have HTTP and LDAP rights.

Using the admin account you need just to use the following command:

[21:29:04] ABILIS_CPX:s user:admin act:yes ldap:yes http:yes

COMMAND EXECUTED

If you use another account, remember to allow the HTTP rights too.

[21:49:08] ABILIS_CPX:s user:test act:yes ldap:yes http:yes

COMMAND EXECUTED

[21:49:35] ABILIS_CPX:a http rights id:2 user:test file:r dir:l

COMMAND EXECUTED

Non-administrator users by default have only the "read" right. The administrator has the full control.

If you want a LDAP account be also able to modify/create/remove contacts allowing it to have full rights then issue following commands:

[21:49:08] ABILIS_CPX:a ldap rights id:1 user:test grants:rwcd

COMMAND EXECUTED

[21:49:28] ABILIS_CPX:a ldap rights id:2 user:test grants:rwcd

COMMAND EXECUTED

[21:49:38] ABILIS_CPX:a ldap rights id:3 user:test grants:rw

COMMAND EXECUTED

Let's use admin account in this example, anyway you know how to use another account.

Log into the web interface as admin and click the "LDAP Address books" link.

Figure 44.7. Abilis main web page

Abilis main web page

Look at the LDAP administration page.

Figure 44.8. LDAP adminstration page

LDAP adminstration page

The administrator has full access to all the address books. The interface includes also the name of the Base DN for each address book. The interface also allows to import/export a single address book.

[Note]Note

To import/export the whole LDAP DB or to handle personal address books, visit the "Advanced LDAP administration" page. Although LDAP server includes disaster recovery features, a periodical backup (via exporting) of address books or the whole DB is suggested.

Click on contacts address book.

Figure 44.9. LDAP Contacts address book

LDAP Contacts address book

Then you may add a new contact via the button.

Figure 44.10. Contact details

Contact details

[Note]Note

In the system address book, synchronised attributes "commonName" and "telephoneNumber" cannot be edited, although having the "w" right.

44.4.2. LDAP software client accessing Abilis LDAP server

To access LDAP server via a LDAP client install LDAPAdmin or JXplorer on a PC.

You also need an Abilis user that must have the LDAP parameter set to yes.

Using the admin account you need just to use the following command:

[21:29:04] ABILIS_CPX:s user:admin act:yes ldap:yes

COMMAND EXECUTED

If you use another account, remember to allow LDAP rights too.

[21:49:08] ABILIS_CPX:s user:test act:yes ldap:yes

COMMAND EXECUTED

Non-administrator users by default have only the "read" right. The administrator has full control.

If you want a LDAP account be able also to modify/create/remove contacts allowing it to have full rights issue following commands.

[21:49:08] ABILIS_CPX:a ldap rights id:1 user:test grants:rwcd

COMMAND EXECUTED

[21:49:28] ABILIS_CPX:a ldap rights id:2 user:test grants:rwcd

COMMAND EXECUTED

[21:49:38] ABILIS_CPX:a ldap rights id:3 user:test grants:rw

COMMAND EXECUTED

Open LDAPAdmin and create a new connection.

Let's access as user "test".

Figure 44.11. LDAP admin connection page

LDAP admin connection page

Edit following parameters.

ParameterValue
Host<IP address of Abilis>
TCP port389
Base DNdc=abilis,dc=net
Username<The name of an Abilis user allowed to LDAP (LDAP:YES)>
Password<The password of an Abilis user allowed to LDAP (LDAP:YES)>
[Caution]Caution

LDAP uses plain authentication on a non encrypted connection so use the account only in controlled networks or at least use an ad hoc LDAP account (a user that can just access LDAP) to avoid to share a password with other Abilis services for that user.

Figure 44.12. The address book viewed by LDAP admin tool

The address book viewed by LDAP admin tool

Add a new entry.

Figure 44.13. Adding a new entry

Adding a new entry

Add the obectClass organizationalPerson via the Objectclass combobox.

Figure 44.14. Add the objectClass

Add the objectClass

Edit attributes and set the Rdn as "cn=<common name>".

Figure 44.15. Edit attributes

Edit attributes

[Note]Note

Use the Save button to save the entry, if you receive a message explaining that the operation cannot be completed, you may not have the permission to do such operation.