--- gitea: none include_toc: true --- # openldap ## Synopsis OpenLDAP, the LDAP server. [Software's website.](https://www.openldap.org/) This service provides a LDAP server. It is possible to request the creation of users. Those users can be mixed or classified into families. Those users will be created and updated. They will never be deleted. The initial password will be generated but never updated. You can modify them. Other services may also require automatic user creation. ## Variables ### Accounts #### Users management Management of manually created local users. Those users are not classified. This family is a leadership. | Parameter | Comments | |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------| | **[accounts.users.ldap_user_mail](extras/accounts/00_account.xml)**
multiple
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Email address.
An user is identify by his email address.
**Example:** johndoe@example.net | | **[accounts.users.ldap_user_aliases](extras/accounts/00_account.xml)**
multiple
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Emails aliases.
**Example:** jdoe@example.net | | **[accounts.users.ldap_user_uid](extras/accounts/00_account.xml)**
mandatory
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Account name.
**Example:** jdoe | | **[accounts.users.ldap_user_gn](extras/accounts/00_account.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Given name.
**Example:** John | | **[accounts.users.ldap_user_sn](extras/accounts/00_account.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Surname.
**Example:** Doe | | Parameter | Comments | |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------| | **[accounts.families](extras/accounts/00_account.xml)**
multiple
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Families to create.
Users can be classified into families. This variable contains all the names of the families to be created. | #### Management of family *suffix value* This a dynamic family generated from the variable "accounts.families". ##### Users management for the family *suffix value* Management of manually created users. Those users are classified in a family. This family is a leadership. | Parameter | Comments | |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------| | **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_mail_*suffix value*](extras/accounts/00_account.xml)**
multiple
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Email address for the family .
An user is identify by his email address.
**Example:** johndoe@family.net | | **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_aliases_*suffix value*](extras/accounts/00_account.xml)**
multiple
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Emails aliases for the family .
**Example:** jdoe@family.net | | **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_uid_*suffix value*](extras/accounts/00_account.xml)**
mandatory
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Account name for the family .
**Example:** jdoe | | **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_gn_*suffix value*](extras/accounts/00_account.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Given name for the family .
**Example:** John | | **[accounts.family_*suffix value*.users_*suffix value*.ldap_user_sn_*suffix value*](extras/accounts/00_account.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Surname for the family .
**Example:** Doe | ## Variables for expert ### Général #### LDAP | Parameter | Comments | |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **[general.ldap.ldap_schemas](dictionaries/21_openldap-server.xml)**
mandatory, multiple
**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Additional LDAP schemas.
**Default:** | ##### Limits | Parameter | Comments | |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------| | **[general.ldap.limits.ldap_loglevel](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Log level.
**Default:** 0 | | **[general.ldap.limits.ldap_sizelimit](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre maximum d'entrées à retourner lors d'une requête.
**Default:** 5000 | | **[general.ldap.limits.ldap_timelimit](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Temps de réponse maximum à une requête (en secondes).
**Default:** 3600 | ##### DB environment | Parameter | Comments | |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------| | **[general.ldap.db_environment.db_cache_size_g](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité de Giga-octets à utiliser pour le cache HDB.
**Default:** 0 | | **[general.ldap.db_environment.db_cache_size_o](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'octets à utiliser pour le cache HDB.
**Default:** 268435456 | | **[general.ldap.db_environment.db_cache_chunks](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de fichiers ou écrire le cache HDB.
**Default:** 1 | | **[general.ldap.db_environment.db_log_region_max](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité de fichier de cache mis en cache mémoire.
**Default:** 262144 | | **[general.ldap.db_environment.db_log_max](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'informations de journalisation conservé jusqu'à rotation.
**Default:** 10485760 | | **[general.ldap.db_environment.db_log_bsize](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'informations de journalisation du cache reporté sur le disque.
**Default:** 2097152 | | **[general.ldap.db_environment.db_log_directory](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Répertoire de conservation des informations de journalisation.
**Default:** /srv/openldap/log | | **[general.ldap.db_environment.db_lk_max_objects](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre d'objet qui peuvent être verrouillés simultanément .
**Default:** 5000 | | **[general.ldap.db_environment.db_lk_max](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de verrous maximal.
**Default:** 5000 | | **[general.ldap.db_environment.db_lk_max_lockers](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de verroulleur maximal.
**Default:** 5000 | ## Requirements services - **LocalDNS** - Journald **bold**: provider is mandatory ## Example Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file. ``` openldap: applicationservice: openldap provider_zone: ldap zones_name: - localdns ``` ## Dependances - [base-fedora-37](../base-fedora-37/README.md) - [base-fedora](../base-fedora/README.md) - [systemd](../systemd/README.md) - [base-machine](../base-machine/README.md) - [base](../base/README.md) - [dns-local](../dns-local/README.md) - [pki-tls](../pki-tls/README.md) - [journald](../journald/README.md) - [resolved](../resolved/README.md) ## Supplier [ldap-client](../ldap-client/README.md) [All applications services for this dataset.](../README.md)