dataset/seed/openldap
2023-08-29 10:37:29 +02:00
..
a_voir/sauvegarde remove application version 2022-07-01 22:10:33 +02:00
dictionaries update openldap documentations 2023-08-10 21:54:24 +02:00
extras update doc 2023-08-29 10:37:29 +02:00
funcs ansible template 2023-06-23 08:12:05 +02:00
manual/image improvements 2022-12-25 17:08:52 +01:00
templates update 2023-07-31 15:30:32 +02:00
tests update documentations 2023-01-17 21:43:32 +01:00
applicationservice.yml update doc 2023-08-10 09:34:41 +02:00
DEBUG.md add gitea tests 2022-07-17 09:46:30 +02:00
doc.md remove application version 2022-07-01 22:10:33 +02:00
infos.md docs for application services 2022-12-25 12:17:15 +01:00
ldap.service remove application version 2022-07-01 22:10:33 +02:00
README.md update doc 2023-08-29 10:37:29 +02:00

Table of Contents

Return to the list of application services.

openldap

Synopsis

OpenLDAP, the LDAP server.

This service provides a LDAP server.

It is possible to request the creation of users. Those users can be mixed or classified into families.

Those users will be created and updated. They will never be deleted. The initial password will be generated but never updated. You can modify them.

Other services may also require automatic user creation.

Example

Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.

openldap:
  applicationservice: openldap
  provider_zone: ldap
  zones_name:
    - localdns

Variables

Accounts

Users management

Management of manually created local users. Those users are not classified. This family is a leadership.

Parameter Comments
accounts.users.ldap_user_mail
multiple
Type: mail
Email address.
An user is identify by his email address.
Example: johndoe@example.net
accounts.users.ldap_user_aliases
multiple
Type: mail
Emails aliases.
Example: jdoe@example.net
accounts.users.ldap_user_uid
mandatory
Type: unix_user
Account name.
Example: jdoe
accounts.users.ldap_user_gn
mandatory
Type: string
Given name.
Example: John
accounts.users.ldap_user_sn
mandatory
Type: string
Surname.
Example: Doe
Parameter Comment
accounts.families
multiple
Type: unix_user
Families to create.
Users can be classified into families. This variable contains all the names of the families to be created.

Management of family suffix value

This a dynamic family generated from the variable "accounts.families".

Users management for the family suffix value

Management of manually created users. Those users are classified in a family. This family is a leadership.

Parameter Comments
accounts.family_suffix value.users_suffix value.ldap_user_mail_suffix value
multiple
Type: mail
Email address for the family suffix value.
An user is identify by his email address.
Example: johndoe@family.net
accounts.family_suffix value.users_suffix value.ldap_user_aliases_suffix value
multiple
Type: mail
Emails aliases for the family suffix value.
Example: jdoe@family.net
accounts.family_suffix value.users_suffix value.ldap_user_uid_suffix value
mandatory
Type: unix_user
Account name for the family suffix value.
Example: jdoe
accounts.family_suffix value.users_suffix value.ldap_user_gn_suffix value
mandatory
Type: string
Given name for the family suffix value.
Example: John
accounts.family_suffix value.users_suffix value.ldap_user_sn_suffix value
mandatory
Type: string
Surname for the family suffix value.
Example: Doe

Variables for expert

General

LDAP

Parameter Comment
general.ldap.ldap_schemas
mandatory, multiple
Type: filename
Additional LDAP schemas.
Default:
  • /etc/openldap/schema/cosine.ldif
  • /etc/openldap/schema/inetorgperson.ldif
  • /etc/openldap/schema/nis.ldif
  • /etc/openldap/schema/misc.ldif
Limits
Parameter Comment
general.ldap.limits.ldap_loglevel
mandatory
Type: number
Log level.
Default: 0
general.ldap.limits.ldap_sizelimit
mandatory
Type: number
Nombre maximum d'entrées à retourner lors d'une requête.
Default: 5000
general.ldap.limits.ldap_timelimit
mandatory
Type: number
Temps de réponse maximum à une requête (en secondes).
Default: 3600
DB environment
Parameter Comment
general.ldap.db_environment.db_cache_size_g
mandatory
Type: number
Quantité de Giga-octets à utiliser pour le cache HDB.
Default: 0
general.ldap.db_environment.db_cache_size_o
mandatory
Type: number
Quantité d'octets à utiliser pour le cache HDB.
Default: 268435456
general.ldap.db_environment.db_cache_chunks
mandatory
Type: number
Nombre de fichiers ou écrire le cache HDB.
Default: 1
general.ldap.db_environment.db_log_region_max
mandatory
Type: number
Quantité de fichier de cache mis en cache mémoire.
Default: 262144
general.ldap.db_environment.db_log_max
mandatory
Type: number
Quantité d'informations de journalisation conservé jusqu'à rotation.
Default: 10485760
general.ldap.db_environment.db_log_bsize
mandatory
Type: number
Quantité d'informations de journalisation du cache reporté sur le disque.
Default: 2097152
general.ldap.db_environment.db_log_directory
mandatory
Type: filename
Répertoire de conservation des informations de journalisation.
Default: /srv/openldap/log
general.ldap.db_environment.db_lk_max_objects
mandatory
Type: number
Nombre d'objet qui peuvent être verrouillés simultanément .
Default: 5000
general.ldap.db_environment.db_lk_max
mandatory
Type: number
Nombre de verrous maximal.
Default: 5000
general.ldap.db_environment.db_lk_max_lockers
mandatory
Type: number
Nombre de verroulleur maximal.
Default: 5000

Requirements services

Mandatories

  • LocalDNS: DNS forwarder for local domain name.

Optionals

  • Journald: Concentrate journal messages on one host.

Dependances

Useful for services

  • dovecot: Postfix and Dovecot as mail servers (IMAP and submission).
  • lemonldap: LemonLDAP, a Web Single Sign On and Access Management.
  • nextcloud: Nextcloud, Online collaboration platform.
  • odoo: Odoo, an ERP and CRM.
  • piwigo: Piwigo, a photo management software.
  • roundcube: Roundcube, a webmail.