45.3. LDAP use cases

45.3.1. Publishing local VoIP users

This section instructs you to access the system address book of the Abilis LDAP server and keep synchronized the VoIP users.

Add and active the LDAP resource as explained in the chapter: "activating the LDAP resource".

Create a LDAP account.

[21:44:12] ABILIS_CPX:a user:test act:yes pwd:test ldap:yes

COMMAND EXECUTED

If anonymous authentication is required, the guest user must be active and its LDAP parameter enabled.

[21:44:12] ABILIS_CPX:s user:guest act:yes ldap:yes

COMMAND EXECUTED
[Note]Note

By default the anonymous user has access just to the "published" address book, so use the command s ldap rights id:3 user:anonymous grants:r to allow anonymous to access the system address book. You may also want to limit the access of LDAP client to the LAN then use the command s p res:ldap ip-src:192.168.0.0/16 and execute the initialization command init res:ldap.

Check the users to be kept synchronized, in this example let's created a few users.

[00:18:51] ABILIS_CPX:a user:frank iax:yes iax-number:2222

COMMAND EXECUTED

[00:18:56] ABILIS_CPX:a user:anne sip:yes sip-number:3333

COMMAND EXECUTED

[00:19:29] ABILIS_CPX:a user:george ctip:101

COMMAND EXECUTED

[00:23:56] ABILIS_CPX:a cticl clus:myclus

COMMAND EXECUTED

[00:24:05] ABILIS_CPX:s cticl clus:myclus num:7777

COMMAND EXECUTED

[00:24:08] ABILIS_CPX:a user:jack clus:myclus

COMMAND EXECUTED

Enable LDAP-USER-SYNC in each user you want to keep synchronized in the system address book and specify the phone interface via the LDAP-NUMBER user parameter.

[00:18:51] ABILIS_CPX:s user:frank addrbook-sync:ldap addrbook-number:ctiiax

COMMAND EXECUTED

[00:18:56] ABILIS_CPX:s user:anne addrbook-sync:yes addrbook-number:ctisip

COMMAND EXECUTED

[00:19:29] ABILIS_CPX:s user:george addrbook-sync:yes addrbook-number:ctip

COMMAND EXECUTED

[00:24:08] ABILIS_CPX:s user:jack addrbook-sync:yes addrbook-number:clus

COMMAND EXECUTED

You may set USER-SYNC:YES in LDAP resource port but you should not use this way in most cases. You may erroneously synchronize users you want to keep hidden. Moreover, if this parameter is switched from YES to NO you risk to lose part of saved data (non synchronized attributes of synchronized contacts).

You may also modify, via macros, the number provided to LDAP via LDAP-NUM parameter in CTIIAX/CTISIP/CTIP/CLUSTER interfaces.

[21:47:12] ABILIS_CPX:s user:frank iax-addrbook-num:02'IAX-NUMBER'

COMMAND EXECUTED

[21:47:33] ABILIS_CPX:s user:anne sip-addrbook-num:'SIP-NUMBER.s2'

COMMAND EXECUTED

[21:48:44] ABILIS_CPX:s ctip:101 addrbook-num:02'NUM'

COMMAND EXECUTED

[21:48:55] ABILIS_CPX:s cticl clus:myclus addrbook-num:'NUM'123

COMMAND EXECUTED

[21:49:00] ABILIS_CPX:init ctisys

INIT CTI SYSTEM IN PROGRESS, THIS MAY TAKE FEW MINUTES...

COMMAND EXECUTE
[Note]Note

Any modification to CTI ports or Clusters needs the CTI system initialization via the command init ctisys.

Hide the address books you aren't interested in via the LDAP rights table. The following commands allow just the system address book will be visible to the user named "test".

[21:49:08] ABILIS_CPX:a ldap rights id:1 user:test grants:-r

COMMAND EXECUTED

[21:49:28] ABILIS_CPX:a ldap rights id:2 user:test grants:-r

COMMAND EXECUTED

The user may now access LDAP server via LDAP client or via Abilis web interface. To access web pages provide the LDAP account with additional HTTP rights.

[21:49:08] ABILIS_CPX:s user:test http:yes

COMMAND EXECUTED

[21:49:35] ABILIS_CPX:a http rights id:2 user:test file:r dir:l

COMMAND EXECUTED

To know how to read/modify/create/remove contacts via the web interface or via a LDAP client check the chapter "handling contacts".

45.3.2. Identifying the caller in a VoIP phone

Advanced VoIP phones include a LDAP client able to translate the number of an incoming call to the corresponding contact name. The task of this section is to configure the Abilis LDAP server to provide its contacts to VoIP phones.

Add and active the LDAP resource as explained in the chapter: "activating the LDAP resource".

You may also want to limit the access of LDAP client to the LAN (i.e. 192.168.X.X) via the ipsrc and ipsrclist parameters.

[20:09:28] ABILIS_CPX: s p ldap ipsrc:192.168.0.0

COMMAND EXECUTED

[20:11:12] ABILIS_CPX:list create ldap_allow ir

COMMAND EXECUTED

[20:11:20] ABILIS_CPX:a list:ldap_allow 192.168.0.0:192.168.0.254

COMMAND EXECUTED

[20:14:26] ABILIS_CPX:s p res:ldap ipsrclist:ldap_allow

COMMAND EXECUTED

[20:15:01] ABILIS_CPX:d p res:ldap

RES:Ldap ----------------------------------------------------------------------
Run    DESCR:Lightweight_Directory_Access_protocol
       LOG:NO           mxps:2048    TOS:0-N
       - LDAP Server ----------------------------------------------------------
       SRV-ACT:YES                   srv-sesnum:10       tcp-locport:389
       IPSRC:192.168.000.000         IPSRCLIST:ldap_allow
       SRV-SIZE-LIMIT:NO             SRV-TIME-LIMIT:NO   SRV-DT:60
       max-entries:1000              DN-FIRST-ATTR:cn
       root:dc=abilis,dc=net
       wdir:C:\APP\LDAP\
       - LDAP Client ----------------------------------------------------------
       CLI-ACT:YES                   cli-sesnum:5        MAX-REFERRALS:10
       CLI-SIZE-LIMIT:NO             CLI-TIME-LIMIT:NO   CLI-DT:60
       CLI-REM-ACCOUNT-PERMANENT:YES CLI-MAX-TOUT:60
       CLI-PERMANENT-RETRY-DELAY:60
[Caution]Caution

To activate the changes made on the upper case parameters, execute the initialization command init res:ldap; while to activate the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. With warm start command).

Create a LDAP account.

[21:44:12] ABILIS_CPX:a user:test act:yes pwd:test ldap:yes

COMMAND EXECUTED

The user automatically gains the reading right over all the main address books.

If the anonymous authentication is required, the guest user must be active and its LDAP parameter enabled.

[21:44:12] ABILIS_CPX:s user:guest act:yes ldap:yes

COMMAND EXECUTED

The guest by default has not the right to access the system address book and the contacts address book so let's grant it.

[13:15:27] ABILIS_CPX:s ldap rights id:1 user:guest grants:r

COMMAND EXECUTED

[13:15:27] ABILIS_CPX:s ldap rights id:3 user:guest grants:r

COMMAND EXECUTED

Let's configure a Snom 300 VoIP phone to display the LDAP attribute "common name" instead of displaying just the calling number.

Via the web interface of the SNOM opens the Advanced section page and set the following parameters:

ParameterValue
LDAP name filter(&(telephoneNumber=*)(sn=%))
LDAP number filter(&(telephoneNumber=%)(sn=*))
Server Address<IP address or FQDN of Abilis>
Port389
Basedc=addressBooks,dc=abilis,dc=net
Username<The name of an Abilis user allowed to LDAP (LDAP:YES)>
Password<The password of an Abilis user allowed to LDAP (LDAP:YES)>
LDAP name attributescn sn displayName
LDAP number attributesmobile telephoneNumber ipPhone
LDAP display name%cn
[Note]Note

Changing the "Base" parameter you may change the scope of contacts, i.e. to access only the contacts address book set "Base" as addressBook=contacts, dc=addressBooks, dc=abilis, dc=net.

The SNOM web interface should look in this way:

Figure 45.2. SNOM 300 Advanced web page

SNOM 300 Advanced web page

Now the phone will display the Common Name provided by the Abilis LDAP server instead of any known calling number.

Figure 45.3. SNOM 300 LCD when the calling number is known to the LDAP server

SNOM 300 LCD when the calling number is known to the LDAP server

To know how to read/modify/create/remove contacts via the web interface or via a LDAP client check the chapter "handling contacts".

45.3.3. Mail composing and LDAP

The goal of this section is to configure a mail client (Thunderbird) to enable autocompletion when editing the recipient of a message.

Add and active the LDAP resource as explained in the chapter: "activating the LDAP resource".

You may also want to limit the access of LDAP clients to the LAN (i.e. 192.168.X.X) via the ipsrc and ipsrclist parameters.

[20:09:28] ABILIS_CPX: s p ldap ipsrc:192.168.0.0

COMMAND EXECUTED

[20:11:12] ABILIS_CPX:list create ldap_allow ir

COMMAND EXECUTED

[20:11:20] ABILIS_CPX:a list:ldap_allow 192.168.0.0:192.168.0.254

COMMAND EXECUTED

[20:14:26] ABILIS_CPX:s p res:ldap ipsrclist:ldap_allow

COMMAND EXECUTED

[20:15:01] ABILIS_CPX:d p res:ldap

RES:Ldap ----------------------------------------------------------------------
Run    DESCR:Lightweight_Directory_Access_protocol
       LOG:NO           mxps:2048    TOS:0-N
       - LDAP Server ----------------------------------------------------------
       SRV-ACT:YES                   srv-sesnum:10       tcp-locport:389
       IPSRC:192.168.000.000         IPSRCLIST:ldap_allow
       SRV-SIZE-LIMIT:NO             SRV-TIME-LIMIT:NO   SRV-DT:60
       max-entries:1000              DN-FIRST-ATTR:cn
       root:dc=abilis,dc=net
       wdir:C:\APP\LDAP\
       - LDAP Client ----------------------------------------------------------
       CLI-ACT:YES                   cli-sesnum:5        MAX-REFERRALS:10
       CLI-SIZE-LIMIT:NO             CLI-TIME-LIMIT:NO   CLI-DT:60
       CLI-REM-ACCOUNT-PERMANENT:YES CLI-MAX-TOUT:60
       CLI-PERMANENT-RETRY-DELAY:60
[Caution]Caution

To activate the changes made on the upper case parameters, execute the initialization command init res:ldap; while to activate the changes made on the lowercase parameters a save conf and an Abilis restart are required (i.e. With warm start command).

Thunderbird doesn't support LDAP user authentication so let's enable the anonymous user in Abilis (guest) and set its LDAP right to allow him to access the contacts address book.

[17:50:23] ABILIS:s user:guest act:yes ldap:yes

COMMAND EXECUTED

[17:51:16] ABILIS_CPX:d user

------------------------+-------------+----------------------------------------
USER             PWD ACT|CTIP CLUS    |CHAT LDAP PPP FTP HTTP MAIL IAX SIP VO
------------------------+-------------+----------------------------------------
admin            *** YES #    #        YES  YES  YES YES YES  NO   NO  NO  NO
guest                YES #    #        NO   YES  NO  NO  NO   NO   NO  NO  NO

[17:51:24] ABILIS:s ldap rights id:1 user:anonymous grants:r

COMMAND EXECUTED

[17:52:07] ABILIS:d ldap rights

- Not Saved (SAVE CONF) -------------------------------------------------------
-------------------------------------------------------------------------------
ID: ADDRESSBOOK:
       USER:                            GRANTS:
-------------------------------------------------------------------------------
  1 contacts
       admin                            rwcd
       anonymous                        r---
-------------------------------------------------------------------------------
  2 published
       admin                            rwcd
       anonymous                        r---
-------------------------------------------------------------------------------
  3 system
       admin                            rw--
       anonymous                        ----
-------------------------------------------------------------------------------

In Thunderbird open the Account Settings dialog (select Tools ->Account Settings) then select your account and click the Composition & Addressing tab, finally add a new LDAP directory.

Figure 45.4. Account Settings Dialog / Composition & Addressing Tab

Account Settings Dialog / Composition & Addressing Tab

Click the Add button and use the following parameters.

ParameterValue
Name<doesn't matter>
Hostname<IP address or FQDN of Abilis>
Base DNaddressBook=Contacts,dc=addressBooks,dc=abilis,dc=net
Port number389
[Note]Note

Changing the "Base DN" parameter you may change the scope of contacts, i.e. to access all main address books set base as dc=addressBooks, dc=abilis, dc=net and execute the command s ldap rights id:3 user:anonymous grants:r

The dialog should appear in this way:

Figure 45.5. LDAP properties

LDAP properties

Set the Abilis LDAP server as the current LDAP for this account.

Then you may try to write a mail using the "common name" of a person and Thunderbird will autocomplete the mail address for you. In the example the "Contacts" address book includes the contact of "Clark Kent", the tooltip will appear as soon as you write a few chars.

Figure 45.6. Autocompletion

Autocompletion

To know how to read/modify/create/remove contacts via the web interface or via a LDAP client check the chapter "handling contacts".