45.1. LDAP resource

The LDAP resource allows Abilis to provide the features of a LDAP server and the capability to connect as LDAP client to another LDAP server.

LDAP is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network, it's defined in terms of ASN.1, the latest version is Version 3 and published as RFC 4510.

The LDAP server provides organized set of records with a hierarchical structure and may be used as a corporate electronic mail directory or a telephone directory that is a list of contacts including a name and a phone number.

The server may be accessed via LDAP clients like:

45.1.1. Activating the LDAP resource

Add the resource to the Abilis system using the following command:

[15:50:39] ABILIS_CPX:a res:ldap

RES:LDAP ALREADY EXISTS

The LDAP resource may already exist in the system, but isn't active, set it active using the command:

[15:50:43] ABILIS_CPX:s act res:ldap

COMMAND EXECUTED
[Caution]Caution

After adding or setting the LDAP active, you must restart the Abilis to make the resource running (use the command warm start to reboot the Abilis).

To enable LDAP server type:

[09:31:37] ABILIS_CPX:s p ldap srv-act:yes

COMMAND EXECUTED

To enable LDAP client type:

[09:31:37] ABILIS_CPX:s p ldap cli-act:yes

COMMAND EXECUTED
[Caution]Caution

To activate the changes made on the parameters, execute the initialization command init res:ldap

45.1.2. LDAP resource parameters

Use the d p ldap command to display the parameters of the resource; the d p ldap ? command shows the meaning of parameters.

[15:55:01] ABILIS_CPX:d p ldap

RES:Ldap ----------------------------------------------------------------------
Run    DESCR:Lightweight_Directory_Access_protocol
       LOG:NO           mxps:2048    TOS:0-N
       - LDAP Server ----------------------------------------------------------
       SRV-ACT:YES                   srv-sesnum:10       tcp-locport:389
       IPSRC:*                       IPSRCLIST:#
       SRV-SIZE-LIMIT:NO             SRV-TIME-LIMIT:NO   SRV-DT:60
       max-entries:1000              DN-FIRST-ATTR:cn
       root:dc=abilis,dc=net
       wdir:C:\APP\LDAP\
       - LDAP Client ----------------------------------------------------------
       CLI-ACT:YES                   cli-sesnum:5        MAX-REFERRALS:10
       CLI-SIZE-LIMIT:NO             CLI-TIME-LIMIT:NO   CLI-DT:60
       CLI-REM-ACCOUNT-PERMANENT:YES CLI-MAX-TOUT:60
       CLI-PERMANENT-RETRY-DELAY:60

Meaning of the most important parameters:

LOG

Logging functionalities activation/deactivation.

mxps

maximum size of LDAP message [2048..4096].

TOS

Used to enstablish the frame priority. First field [default: 0] Second field specify the type of the frame [N=None, D=Min. Delay, T=Max. Throughput, R=Max. Reliability, C=Min. Monetary Cost].

SRV-ACT

Runtime LDAP Server activation/deactivation.

srv-sesnum

Total number of LDAP server sessions [1..255].

tcp-locport

Local TCP port on which LDAP service is listening [1..65535].

IPSRC

Incoming requests: accepted source IP address [*, 1-126.x.x.x, 127.0.0.1, 128-223.x.x.x].

if net: 0.0.0.0 All IPs are allowed

In the case that one needs to restrict the access, he has to set in IPSRC the ip address of a client which must always have access, e.g. the IP address of the administrator console, and add further IPs using IPSRCLIST.

IPSRCLIST

Incoming requests: name of the IP/IR/RU/MR list for source IP address acceptance [#, 0..9, a..z, A..Z, _].

If IPSRCLIST:0 List isn't used

If IPSRCLIST: <list_id> The parameter contains list identifier

SRV-SIZE-LIMIT

Maximum number of entries that LDAP server will return for a search operation [NO, 1..65535]

SRV-TIME-LIMIT

Maximum time allowed for the search operation on the local LDAP server. If set, the result can fail of can be partial [NO, 1..65535 sec]

SRV-DT

Inactivity disconnection time-out [30..3600 sec].

max-entries

Maximum number of entries (Address books and contacts), in the LDAP data base [100..10000]

DN-FIRST-ATTR

Determines the first attribute to be used in the distinguished name (DN) of contacts [cn, uid]

root

Specifies the distinguished name (DN) for the root entry. From 1 up to 128 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g.: \"dc=my book,dc=my root\").

wdir

Working directory where the LDAP files are stored. It cannot be empty. Physical full path in DOS notation, i.e. starting with a drive letter in the range ['A'..'Z'] and ending with the '\' character. Max. 128 characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g.: "C:\My dir\").

CLI-ACT

Runtime LDAP Server activation/deactivation.

cli-sesnum

Total number of LDAP client sessions [1..255].

MAX-REFERRALS

The maximum number if allowed acceptable referral messages in a client session [0..255].

CLI-SIZE-LIMIT

Maximum number of entries that LDAP client will return for a search operation [NO, 1..65535]

CLI-TIME-LIMIT

Maximum time allowed for the search operation on the remote LDAP server. If set, the result can fail of can be partial [NO, 1..65535 sec]

CLI-DT

Inactivity disconnection time-out [30..3600 sec].

CLI-MAX-TOUT

Maximal time permitted for completion of a request. Actual value may be shorter depending on requester driver [1..3600 sec]

CLI-REM-ACCOUNT-PERMANENT

Keeps ONE permanent TCP connection with CTISYS 'LDAP-REM-ACCOUNT' and uses only it for all request to 'LDAP-REM-ACCOUNT' [NO, YES]

CLI-PERMANENT-RETRY-DELAY

Retry delay if permanent session setting up fails [30..3600 sec]

The command that allows the configuration of the resource to be modified has the following syntax:

s p ldap par:val...

[Caution]Caution

To activate the changes made on the upper case parameters, execute the initialization command init res:ldap; while to activate the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. With warm start command).

There are a few parameters in ctisys resource that are very related to LDAP so we discuss here their meaning:

ADDRBOOK-SOURCE

Select which Address Book service to use [ABILIS-ADDRBOOK, LDAP-LOCAL, LDAP-REMOTE]

ADDRBOOK-SYNC:

Select in which Address Book Abilis users must be entered and kept synchronised [NO, LDAP, ABILIS, ALL]

LDAP-SEARCH-BASE-DN

Ldap Base-DN. From 0 up to 64 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g.: "str1 str2") <Only for ADDRBOOK-SOURCE equal to LDAP-REMOTE>

LDAP-REM-ACCOUNT

Ldap Account. From 0 up to 16 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g.: "str1 str2") <Only for ADDRBOOK-SOURCE equal to LDAP-REMOTE>

LDAP-REM-OUTDIAL

Out dial prefix. Up to 8 digits (E.g. "0"). <Only for ADDRBOOK-SOURCE equal to LDAP-REMOTE>