---
gitea: none
include_toc: true
---
# lemonldap
## Synopsis
LemonLDAP, a Web Single Sign On and Access Management.
[Software's website.](https://lemonldap-ng.org/)
## Basic variables
### Général
#### Reverse proxy
##### Point d'entrée des clients
This family is a leadership.
| Parameter | Comments |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|
| **[general.revprox.revprox_client.revprox_client_external_domainnames](dictionaries/21_revprox_client.xml)**
mandatory, multiple
**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nom de domaine exterieur du serveur.
**Example:** service.example.net |
| **[general.revprox.revprox_client.revprox_client_location](dictionaries/21_revprox_client.xml)**
mandatory
**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nom de l'arborescence racine du site. |
#### LemonLDAP
Configuration de la solution d'authentification unique LemonLDAP::NG.
| Parameter | Comments |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------|
| **[general.lemonldap.lemon_mail_admin](dictionaries/70_lemonldap_ng.xml)**
mandatory
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Courriel de l'administrateur.
**Example:** admin@example.net |
## Variables for expert
### Général
#### Annuaire OpenLDAP
##### Client
| Parameter | Comments |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|
| **[general.ldap.client.ldapclient_family](dictionaries/70_lemonldap_ng.xml)**
mandatory
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nom de la famille LDAP.
**Default:** all |
| **[general.ldap.client.ldapclient_base_dn](dictionaries/21_ldap-client.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Base DN de l'annuaire.
**Default:** *calculated* |
| **[general.ldap.client.ldapclient_search_dn](dictionaries/21_ldap-client.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Base DN de l'annuaire des utilisateurs.
**Default:** *calculated* |
| **[general.ldap.client.ldapclient_group_dn](dictionaries/21_ldap-client.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Base DN de l'annuaire des groupes.
**Default:** *calculated* |
| **[general.ldap.client.ldapclient_user_dn](dictionaries/21_ldap-client.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Base DN de l'annuaire des utilisateurs n'appartenant à une famille.
**Default:** *calculated* |
#### NGINX
Paramétrage global de NGINX.
| Parameter | Comments |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------|
| **[general.nginx.nginx_hash_bucket_size](dictionaries/21_nginx.xml)**
mandatory
**Type:** [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Longueur maximum pour un nom de domaine.
**Choices:**
- `128` ← default
- `64`
- `32` |
| **[general.nginx.nginx_post_max_size](dictionaries/21_nginx.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Taille maximale des données reçues par la méthode POST (en Mo).
**Default:** 32 |
#### Reverse proxy
##### Point d'entrée des clients
This family is a leadership.
| Parameter | Comments |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------|
| **[general.revprox.revprox_client.revprox_client_max_body_size](dictionaries/21_revprox_client.xml)**
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Taille maximum du corps. |
#### LemonLDAP
Configuration de la solution d'authentification unique LemonLDAP::NG.
| Parameter | Comments |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
| **[general.lemonldap.lemon_proc](dictionaries/70_lemonldap_ng.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs).
**Default:** 1 |
## Requirements services
- **LocalDNS**
- Journald
- **SMTP**
- **LDAP**
- **ReverseProxy**
**bold**: provider is mandatory
## Example
Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.
```
lemonldap:
applicationservice: lemonldap
provider_zone: oauth2
zones_name:
- ldap
- localdns
- reverseproxy
- smtp
values:
general.revprox.revprox_client.revprox_client_external_domainnames:
- service.example.net
general.lemonldap.lemon_mail_admin: admin@example.net
```
## Dependances
- [ldap-client](../ldap-client/README.md)
- [relay-mail-client](../relay-mail-client/README.md)
- [nginx-https](../nginx-https/README.md)
- [nginx-common](../nginx-common/README.md)
- [reverse-proxy-client](../reverse-proxy-client/README.md)
- [base-debian-bullseye](../base-debian-bullseye/README.md)
- [base-debian](../base-debian/README.md)
- [systemd](../systemd/README.md)
- [base-machine](../base-machine/README.md)
- [base](../base/README.md)
- [dns-local](../dns-local/README.md)
- [pki-tls](../pki-tls/README.md)
- [journald](../journald/README.md)
- [resolved](../resolved/README.md)
## Supplier
[oauth2-client](../oauth2-client/README.md)
[All applications services for this dataset.](../README.md)