dataset/seed/openldap/README.md

139 lines
16 KiB
Markdown
Raw Permalink Normal View History

2022-12-24 13:01:51 +01:00
---
gitea: none
include_toc: true
---
2022-03-08 19:42:28 +01:00
2023-08-11 09:38:05 +02:00
[Return to the list of application services.](../README.md)
2022-12-24 13:01:51 +01:00
# openldap
2022-03-08 19:42:28 +01:00
2023-08-02 09:26:54 +02:00
## Synopsis
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
[OpenLDAP, the LDAP server.](https://www.openldap.org/)
2022-12-24 13:01:51 +01:00
2023-08-02 09:26:54 +02:00
This service provides a LDAP server.
2023-08-01 15:13:17 +02:00
2023-08-02 09:26:54 +02:00
It is possible to request the creation of users. Those users can be mixed or
classified into families.
2023-08-01 15:13:17 +02:00
2023-08-02 09:26:54 +02:00
Those users will be created and updated. They will never be deleted. The
initial password will be generated but never updated. You can modify them.
2023-08-01 15:13:17 +02:00
2023-08-02 09:26:54 +02:00
Other services may also require automatic user creation.
2023-08-01 15:13:17 +02:00
2023-08-11 09:38:05 +02:00
## Example
Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.
```
openldap:
applicationservice: openldap
provider_zone: ldap
zones_name:
- localdns
```
2023-08-01 15:13:17 +02:00
2023-08-02 09:26:54 +02:00
## Variables
2022-12-24 13:01:51 +01:00
2023-08-02 09:26:54 +02:00
### Accounts
2022-12-24 13:01:51 +01:00
2023-08-10 10:15:12 +02:00
#### Users management
2023-08-02 09:26:54 +02:00
2023-08-10 10:15:12 +02:00
Management of manually created local users. Those users are not classified. This family is a leadership.
2022-12-24 13:01:51 +01:00
2023-08-10 10:15:12 +02:00
| Parameter | Comments |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|
| **[accounts.users.ldap_user_mail](extras/accounts/00_account.xml)**<br/>multiple<br/>**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Email address.<br/>An user is identify by his email address.<br/>**Example:** johndoe@example.net |
| **[accounts.users.ldap_user_aliases](extras/accounts/00_account.xml)**<br/>multiple<br/>**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Emails aliases.<br/>**Example:** jdoe@example.net |
| **[accounts.users.ldap_user_uid](extras/accounts/00_account.xml)**<br/>mandatory<br/>**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Account name.<br/>**Example:** jdoe |
| **[accounts.users.ldap_user_gn](extras/accounts/00_account.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Given name.<br/>**Example:** John |
| **[accounts.users.ldap_user_sn](extras/accounts/00_account.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Surname.<br/>**Example:** Doe |
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
| Parameter | Comment |
2023-08-10 10:15:12 +02:00
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------|
| **[accounts.families](extras/accounts/00_account.xml)**<br/>multiple<br/>**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Families to create.<br/>Users can be classified into families. This variable contains all the names of the families to be created. |
2022-12-24 13:01:51 +01:00
2023-08-10 10:15:12 +02:00
#### Management of family *suffix value*
2022-12-24 13:01:51 +01:00
2023-08-02 09:26:54 +02:00
This a dynamic family generated from the variable "accounts.families".
2022-12-24 13:01:51 +01:00
2023-08-10 10:15:12 +02:00
##### Users management for the family *suffix value*
2022-12-24 13:01:51 +01:00
2023-08-10 10:15:12 +02:00
Management of manually created users. Those users are classified in a family. This family is a leadership.
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
| Parameter | Comments |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
| **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_mail_*suffix value*](extras/accounts/00_account.xml)**<br/>multiple<br/>**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Email address for the family *suffix value*.<br/>An user is identify by his email address.<br/>**Example:** johndoe@family.net |
| **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_aliases_*suffix value*](extras/accounts/00_account.xml)**<br/>multiple<br/>**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Emails aliases for the family *suffix value*.<br/>**Example:** jdoe@family.net |
| **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_uid_*suffix value*](extras/accounts/00_account.xml)**<br/>mandatory<br/>**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Account name for the family *suffix value*.<br/>**Example:** jdoe |
| **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_gn_*suffix value*](extras/accounts/00_account.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Given name for the family *suffix value*.<br/>**Example:** John |
| **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_sn_*suffix value*](extras/accounts/00_account.xml)**<br/>mandatory<br/>**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Surname for the family *suffix value*.<br/>**Example:** Doe |
2022-12-24 13:01:51 +01:00
2023-08-02 09:26:54 +02:00
## Variables for expert
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
### General
2022-12-24 13:01:51 +01:00
2023-08-10 10:15:12 +02:00
#### LDAP
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
| Parameter | Comment |
2023-08-10 10:15:12 +02:00
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **[general.ldap.ldap_schemas](dictionaries/21_openldap-server.xml)**<br/>mandatory, multiple<br/>**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Additional LDAP schemas.<br/>**Default:** <ul><li>/etc/openldap/schema/cosine.ldif</li><li>/etc/openldap/schema/inetorgperson.ldif</li><li>/etc/openldap/schema/nis.ldif</li><li>/etc/openldap/schema/misc.ldif</li></ul> |
2022-12-24 13:01:51 +01:00
2023-08-10 10:15:12 +02:00
##### Limits
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
| Parameter | Comment |
2023-08-02 09:26:54 +02:00
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|
2023-08-10 10:15:12 +02:00
| **[general.ldap.limits.ldap_loglevel](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Log level.<br/>**Default:** 0 |
2023-08-02 09:26:54 +02:00
| **[general.ldap.limits.ldap_sizelimit](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre maximum d'entrées à retourner lors d'une requête.<br/>**Default:** 5000 |
| **[general.ldap.limits.ldap_timelimit](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Temps de réponse maximum à une requête (en secondes).<br/>**Default:** 3600 |
2022-12-24 13:01:51 +01:00
2023-08-02 09:26:54 +02:00
##### DB environment
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
| Parameter | Comment |
2023-08-02 09:26:54 +02:00
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
| **[general.ldap.db_environment.db_cache_size_g](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité de Giga-octets à utiliser pour le cache HDB.<br/>**Default:** 0 |
| **[general.ldap.db_environment.db_cache_size_o](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'octets à utiliser pour le cache HDB.<br/>**Default:** 268435456 |
| **[general.ldap.db_environment.db_cache_chunks](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de fichiers ou écrire le cache HDB.<br/>**Default:** 1 |
| **[general.ldap.db_environment.db_log_region_max](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité de fichier de cache mis en cache mémoire.<br/>**Default:** 262144 |
| **[general.ldap.db_environment.db_log_max](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'informations de journalisation conservé jusqu'à rotation.<br/>**Default:** 10485760 |
| **[general.ldap.db_environment.db_log_bsize](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'informations de journalisation du cache reporté sur le disque.<br/>**Default:** 2097152 |
| **[general.ldap.db_environment.db_log_directory](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Répertoire de conservation des informations de journalisation.<br/>**Default:** /srv/openldap/log |
| **[general.ldap.db_environment.db_lk_max_objects](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre d'objet qui peuvent être verrouillés simultanément .<br/>**Default:** 5000 |
| **[general.ldap.db_environment.db_lk_max](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de verrous maximal.<br/>**Default:** 5000 |
| **[general.ldap.db_environment.db_lk_max_lockers](dictionaries/21_openldap-server.xml)**<br/>mandatory<br/>**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de verroulleur maximal.<br/>**Default:** 5000 |
2022-12-24 13:01:51 +01:00
2023-08-02 09:26:54 +02:00
## Requirements services
2023-08-11 09:38:05 +02:00
### Mandatories
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
- [LocalDNS](../README.LocalDNS.md): DNS forwarder for local domain name.
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
### Optionals
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
- [Journald](../README.Journald.md): Concentrate journal messages on one host.
2022-12-24 13:01:51 +01:00
2023-08-02 09:26:54 +02:00
## Dependances
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
- [base-fedora-37](../base-fedora-37/README.md): Base information of a Fedora 37.
- [base-fedora](../base-fedora/README.md): Base information of a Fedora.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Useful for services
- [dovecot](../dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [lemonldap](../lemonldap/README.md): LemonLDAP, a Web Single Sign On and Access Management.
- [nextcloud](../nextcloud/README.md): Nextcloud, Online collaboration platform.
- [odoo](../odoo/README.md): Odoo, an ERP and CRM.
- [piwigo](../piwigo/README.md): Piwigo, a photo management software.
- [roundcube](../roundcube/README.md): Roundcube, a webmail.