---
gitea: none
include_toc: true
---
[Return to the list of application services.](../README.md)
# lemonldap
## Synopsis
[LemonLDAP, a Web Single Sign On and Access Management.](https://lemonldap-ng.org/)
## Example
Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.
```
lemonldap:
applicationservice: lemonldap
provider_zone: oauth2
zones_name:
- ldap
- localdns
- reverseproxy
- smtp
values:
general.revprox.revprox_client.revprox_client_external_domainnames:
- service.example.net
general.lemonldap.lemon_mail_admin: admin@example.net
```
## Basic variables
### General
#### Reverse proxy
##### Clients configuration
This family is a leadership.
| Parameter | Comment |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|
| **[general.revprox.revprox_client.revprox_client_external_domainnames](dictionaries/21_revprox_client.xml)**
mandatory, multiple
**Type:** [`domainname`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Service external domain name.
**Example:** service.example.net |
| **[general.revprox.revprox_client.revprox_client_location](dictionaries/21_revprox_client.xml)**
mandatory
**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | URI to route request to the correct service.
**Default:** / |
#### LemonLDAP
Configuration de la solution d'authentification unique LemonLDAP::NG.
| Parameter | Comments |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------|
| **[general.lemonldap.lemon_mail_admin](dictionaries/70_lemonldap_ng.xml)**
mandatory
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Courriel de l'administrateur.
**Example:** admin@example.net |
## Variables
### General
#### OpenLDAP directory
##### Client
| Parameter | Comment |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
| **[general.ldap.client.ldapclient_family](dictionaries/70_lemonldap_ng.xml)**
mandatory
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Restrict service configuration for a LDAP family.
"all" for all families.
**Default:** all |
#### Reverse proxy
##### Clients configuration
This family is a leadership.
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------|
| **[general.revprox.revprox_client.revprox_client_max_body_size](dictionaries/21_revprox_client.xml)**
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The maximum allowed size of the client request body. |
## Variables for expert
### General
#### NGINX
| Parameter | Comment |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| **[general.nginx.nginx_hash_bucket_size](dictionaries/21_nginx.xml)**
mandatory
**Type:** [`choice`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The bucket size for the server names hash tables.
**Choices:**
- `128` ← default
- `64`
- `32` |
| **[general.nginx.nginx_post_max_size](dictionaries/21_nginx.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | The maximum allowed size of the client request body.
This value is in Mb.
**Default:** 32 |
#### LemonLDAP
Configuration de la solution d'authentification unique LemonLDAP::NG.
| Parameter | Comments |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
| **[general.lemonldap.lemon_proc](dictionaries/70_lemonldap_ng.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs).
**Default:** 1 |
## Requirements services
### Mandatories
- [LocalDNS](../README.LocalDNS.md): DNS forwarder for local domain name.
- [SMTP](../README.SMTP.md): Create a SMTP relay account and authorize sending email.
- [LDAP](../README.LDAP.md): Create account and connexion to a LDAP server.
- [ReverseProxy](../README.ReverseProxy.md): Register to service to a reverse proxy server.
### Optionals
- [Journald](../README.Journald.md): Concentrate journal messages on one host.
## Dependances
- [ldap-client](../ldap-client/README.md): Application service needs interact with a LDAP server.
- [relay-mail-client](../relay-mail-client/README.md): Client SMTP.
- [nginx-https](../nginx-https/README.md): Nginx as HTTPS web site.
- [nginx-common](../nginx-common/README.md): Nginx common configuration.
- [reverse-proxy-client](../reverse-proxy-client/README.md): Application service needs interact with a a reverse proxy server.
- [base-debian-bullseye](../base-debian-bullseye/README.md): Base information of a Debian Bulleye server.
- [base-debian](../base-debian/README.md): Base information of a Debian server.
- [systemd](../systemd/README.md): Systemd, a system and service manager.
- [base-machine](../base-machine/README.md): Base information for a machine.
- [base](../base/README.md): Base of all application services.
- [dns-local](../dns-local/README.md): DNS client with access to local zones.
- [pki-tls](../pki-tls/README.md): Autosign PKI or Let's encrypt support for TLS certificates.
- [journald](../journald/README.md): Journald.
- [resolved](../resolved/README.md): Resolved.
## Useful for services
- [dovecot](../dovecot/README.md): Postfix and Dovecot as mail servers (IMAP and submission).
- [forgejo](../forgejo/README.md): Forgejo, a community managed lightweight code hosting solution.
- [gitea](../gitea/README.md): Transitional package for Gitea to Forgejo.
- [grafana](../grafana/README.md): Grafana is an analytics and interactive visualization web application.
- [mailman](../mailman/README.md): GNU Mailman, managing electronic mail discussion and e-newsletter lists.
- [nextcloud](../nextcloud/README.md): Nextcloud, Online collaboration platform.
- [odoo](../odoo/README.md): Odoo, an ERP and CRM.
- [peertube](../peertube/README.md): Peertube, a federated (ActivityPub) video streaming platform.
- [piwigo](../piwigo/README.md): Piwigo, a photo management software.
- [roundcube](../roundcube/README.md): Roundcube, a webmail.