forked from stove/dataset
| .. | ||
| dictionaries | ||
| extras/oauth2 | ||
| funcs | ||
| manual/image/preinstall | ||
| templates | ||
| tests | ||
| applicationservice.yml | ||
| DEBUG.md | ||
| doc.md | ||
| README.md | ||
Table of Contents
Return to the list of application services.
lemonldap
Synopsis
LemonLDAP, a Web Single Sign On and Access Management.
Example
Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.
lemonldap:
applicationservice: lemonldap
provider_zone: oauth2
zones_name:
- ldap
- localdns
- reverseproxy
- smtp
values:
general.revprox.revprox_client.revprox_client_external_domainnames:
- service.example.net
general.lemonldap.lemon_mail_admin: admin@example.net
Basic variables
General
Reverse proxy
Clients configuration
This family is a leadership.
| Parameter | Comment |
|---|---|
| general.revprox.revprox_client.revprox_client_external_domainnames mandatory, multiple Type: domainname |
Service external domain name. Example: service.example.net |
| general.revprox.revprox_client.revprox_client_location mandatory Type: filename |
URI to route request to the correct service. Default: / |
LemonLDAP
Configuration de la solution d'authentification unique LemonLDAP::NG.
| Parameter | Comments |
|---|---|
| general.lemonldap.lemon_mail_admin mandatory Type: mail |
Courriel de l'administrateur. Example: admin@example.net |
Variables
General
OpenLDAP directory
Client
| Parameter | Comment |
|---|---|
| general.ldap.client.ldapclient_family mandatory Type: unix_user |
Restrict service configuration for a LDAP family. "all" for all families. Default: all |
Reverse proxy
Clients configuration
This family is a leadership.
| Parameter | Comment |
|---|---|
| general.revprox.revprox_client.revprox_client_max_body_size Type: string |
The maximum allowed size of the client request body. |
Variables for expert
General
NGINX
| Parameter | Comment |
|---|---|
| general.nginx.nginx_hash_bucket_size mandatory Type: choice |
The bucket size for the server names hash tables. Choices: - 128 ← default- 64- 32 |
| general.nginx.nginx_post_max_size mandatory Type: number |
The maximum allowed size of the client request body. This value is in Mb. Default: 32 |
LemonLDAP
Configuration de la solution d'authentification unique LemonLDAP::NG.
| Parameter | Comments |
|---|---|
| general.lemonldap.lemon_proc mandatory Type: number |
Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs). Default: 1 |
Requirements services
Mandatories
- LocalDNS: DNS forwarder for local domain name.
- SMTP: Create a SMTP relay account and authorize sending email.
- LDAP: Create account and connexion to a LDAP server.
- ReverseProxy: Register to service to a reverse proxy server.
Optionals
- Journald: Concentrate journal messages on one host.
Dependances
- ldap-client: Application service needs interact with a LDAP server.
- relay-mail-client: Client SMTP.
- nginx-https: Nginx as HTTPS web site.
- nginx-common: Nginx common configuration.
- reverse-proxy-client: Application service needs interact with a a reverse proxy server.
- base-debian-bullseye: Base information of a Debian Bulleye server.
- base-debian: Base information of a Debian server.
Useful for services
- dovecot: Postfix and Dovecot as mail servers (IMAP and submission).
- forgejo: Forgejo, a community managed lightweight code hosting solution.
- gitea: Transitional package for Gitea to Forgejo.
- grafana: Grafana is an analytics and interactive visualization web application.
- mailman: GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- nextcloud: Nextcloud, Online collaboration platform.
- odoo: Odoo, an ERP and CRM.
- peertube: Peertube, a federated (ActivityPub) video streaming platform.
- piwigo: Piwigo, a photo management software.
- roundcube: Roundcube, a webmail.