2022-12-24 13:01:51 +01:00
---
gitea: none
include_toc: true
---
2023-08-11 09:38:05 +02:00
[Return to the list of application services. ](../README.md )
2022-12-24 13:01:51 +01:00
# lemonldap
2023-08-02 09:26:54 +02:00
## Synopsis
2022-12-24 13:01:51 +01:00
2023-08-11 09:38:05 +02:00
[LemonLDAP, a Web Single Sign On and Access Management. ](https://lemonldap-ng.org/ )
## Example
Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.
```
lemonldap:
applicationservice: lemonldap
provider_zone: oauth2
zones_name:
- ldap
- localdns
- reverseproxy
- smtp
values:
general.revprox.revprox_client.revprox_client_external_domainnames:
- service.example.net
general.lemonldap.lemon_mail_admin: admin@example.net
```
2022-12-24 13:01:51 +01:00
2023-08-02 09:26:54 +02:00
## Basic variables
2023-08-01 15:13:17 +02:00
2023-08-11 09:38:05 +02:00
### General
2023-08-01 15:13:17 +02:00
2023-08-02 09:26:54 +02:00
#### Reverse proxy
2023-08-01 15:13:17 +02:00
2023-08-11 09:38:05 +02:00
##### Clients configuration
2023-08-02 09:26:54 +02:00
2023-08-10 21:55:46 +02:00
This family is a leadership.
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
| Parameter | Comment |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|
| ** [general.revprox.revprox_client.revprox_client_external_domainnames ](dictionaries/21_revprox_client.xml )**< br /> mandatory, multiple< br /> **Type:** [`domainname` ](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable ) | Service external domain name.< br /> **Example:** service.example.net |
| ** [general.revprox.revprox_client.revprox_client_location ](dictionaries/21_revprox_client.xml )**< br /> mandatory< br /> **Type:** [`filename` ](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable ) | URI to route request to the correct service.< br /> **Default:** / |
2023-08-02 09:26:54 +02:00
#### LemonLDAP
Configuration de la solution d'authentification unique LemonLDAP::NG.
| Parameter | Comments |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------|
| ** [general.lemonldap.lemon_mail_admin ](dictionaries/70_lemonldap_ng.xml )**< br /> mandatory< br /> **Type:** [`mail` ](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable ) | Courriel de l'administrateur.< br /> **Example:** admin@example.net |
2023-08-11 09:38:05 +02:00
## Variables
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
### General
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
#### OpenLDAP directory
2023-08-02 09:26:54 +02:00
##### Client
2023-08-11 09:38:05 +02:00
| Parameter | Comment |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
| ** [general.ldap.client.ldapclient_family ](dictionaries/70_lemonldap_ng.xml )**< br /> mandatory< br /> **Type:** [`unix_user` ](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable ) | Restrict service configuration for a LDAP family.< br /> "all" for all families.< br /> **Default:** all |
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
#### Reverse proxy
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
##### Clients configuration
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
This family is a leadership.
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------|
| ** [general.revprox.revprox_client.revprox_client_max_body_size ](dictionaries/21_revprox_client.xml )**< br /> **Type:** [`string` ](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable ) | The maximum allowed size of the client request body. |
2023-08-02 09:26:54 +02:00
2023-08-01 15:13:17 +02:00
2023-08-11 09:38:05 +02:00
## Variables for expert
### General
#### NGINX
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| ** [general.nginx.nginx_hash_bucket_size ](dictionaries/21_nginx.xml )**< br /> mandatory< br /> **Type:** [`choice` ](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable ) | The bucket size for the server names hash tables.< br /> **Choices:**< br /> - `128` ← default< br /> - `64` < br /> - `32` |
| ** [general.nginx.nginx_post_max_size ](dictionaries/21_nginx.xml )**< br /> mandatory< br /> **Type:** [`number` ](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable ) | The maximum allowed size of the client request body.< br /> This value is in Mb.< br /> **Default:** 32 |
2023-08-02 09:26:54 +02:00
#### LemonLDAP
Configuration de la solution d'authentification unique LemonLDAP::NG.
| Parameter | Comments |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
| ** [general.lemonldap.lemon_proc ](dictionaries/70_lemonldap_ng.xml )**< br /> mandatory< br /> **Type:** [`number` ](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable ) | Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs).< br /> **Default:** 1 |
## Requirements services
2023-08-11 09:38:05 +02:00
### Mandatories
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
- [LocalDNS ](../README.LocalDNS.md ): DNS forwarder for local domain name.
- [SMTP ](../README.SMTP.md ): Create a SMTP relay account and authorize sending email.
- [LDAP ](../README.LDAP.md ): Create account and connexion to a LDAP server.
- [ReverseProxy ](../README.ReverseProxy.md ): Register to service to a reverse proxy server.
2023-08-02 09:26:54 +02:00
2023-08-11 09:38:05 +02:00
### Optionals
2023-08-01 15:13:17 +02:00
2023-08-11 09:38:05 +02:00
- [Journald ](../README.Journald.md ): Concentrate journal messages on one host.
2023-08-01 15:13:17 +02:00
2022-12-24 13:01:51 +01:00
## Dependances
2023-08-11 09:38:05 +02:00
- [ldap-client ](../ldap-client/README.md ): Application service needs interact with a LDAP server.
- [relay-mail-client ](../relay-mail-client/README.md ): Client SMTP.
- [nginx-https ](../nginx-https/README.md ): Nginx as HTTPS web site.
- [nginx-common ](../nginx-common/README.md ): Nginx common configuration.
- [reverse-proxy-client ](../reverse-proxy-client/README.md ): Application service needs interact with a a reverse proxy server.
- [base-debian-bullseye ](../base-debian-bullseye/README.md ): Base information of a Debian Bulleye server.
- [base-debian ](../base-debian/README.md ): Base information of a Debian server.
- [systemd ](../systemd/README.md ): Systemd, a system and service manager.
- [base-machine ](../base-machine/README.md ): Base information for a machine.
- [base ](../base/README.md ): Base of all application services.
- [dns-local ](../dns-local/README.md ): DNS client with access to local zones.
- [pki-tls ](../pki-tls/README.md ): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald ](../journald/README.md ): Journald.
- [resolved ](../resolved/README.md ): Resolved.
## Useful for services
- [dovecot ](../dovecot/README.md ): Postfix and Dovecot as mail servers (IMAP and submission).
- [forgejo ](../forgejo/README.md ): Forgejo, a community managed lightweight code hosting solution.
- [gitea ](../gitea/README.md ): Transitional package for Gitea to Forgejo.
- [grafana ](../grafana/README.md ): Grafana is an analytics and interactive visualization web application.
- [mailman ](../mailman/README.md ): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [nextcloud ](../nextcloud/README.md ): Nextcloud, Online collaboration platform.
- [odoo ](../odoo/README.md ): Odoo, an ERP and CRM.
- [peertube ](../peertube/README.md ): Peertube, a federated (ActivityPub) video streaming platform.
- [piwigo ](../piwigo/README.md ): Piwigo, a photo management software.
- [roundcube ](../roundcube/README.md ): Roundcube, a webmail.