---
gitea: none
include_toc: true
---
# openldap
## Synopsis
OpenLDAP, the LDAP server.
[Software's website.](https://www.openldap.org/)
This service provides a LDAP server.
It is possible to request the creation of users. Those users can be mixed or
classified into families.
Those users will be created and updated. They will never be deleted. The
initial password will be generated but never updated. You can modify them.
Other services may also require automatic user creation.
## Variables
### Accounts
#### Users management
Management of manually created local users. Those users are not classified. This family is a leadership.
| Parameter | Comments |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|
| **[accounts.users.ldap_user_mail](extras/accounts/00_account.xml)**
multiple
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Email address.
An user is identify by his email address.
**Example:** johndoe@example.net |
| **[accounts.users.ldap_user_aliases](extras/accounts/00_account.xml)**
multiple
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Emails aliases.
**Example:** jdoe@example.net |
| **[accounts.users.ldap_user_uid](extras/accounts/00_account.xml)**
mandatory
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Account name.
**Example:** jdoe |
| **[accounts.users.ldap_user_gn](extras/accounts/00_account.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Given Name.
**Example:** John |
| **[accounts.users.ldap_user_sn](extras/accounts/00_account.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Surname.
**Example:** Doe |
| Parameter | Comments |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------|
| **[accounts.families](extras/accounts/00_account.xml)**
multiple
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Families to create.
Users can be classified into families. This variable contains all the names of the families to be created. |
#### Management of family *suffix name*
Management of manually created users. Those users an classified in a family. This a dynamic family generated from the variable "accounts.families".
##### Gestion des utilisateurs de la famille *suffix name*
This family is a leadership.
| Parameter | Comments |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
| **[accounts.family_*suffix name*.users_*suffix name*.ldap_user_mail_*suffix name*](extras/accounts/00_account.xml)**
multiple
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Adresse courriel du compte de la famille . |
| **[accounts.family_*suffix name*.users_*suffix name*.ldap_user_aliases_*suffix name*](extras/accounts/00_account.xml)**
multiple
**Type:** [`mail`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Aliases du mail de la famille . |
| **[accounts.family_*suffix name*.users_*suffix name*.ldap_user_uid_*suffix name*](extras/accounts/00_account.xml)**
mandatory
**Type:** [`unix_user`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nom de compte de la famille . |
| **[accounts.family_*suffix name*.users_*suffix name*.ldap_user_sn_*suffix name*](extras/accounts/00_account.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Prénom de la famille . |
| **[accounts.family_*suffix name*.users_*suffix name*.ldap_user_gn_*suffix name*](extras/accounts/00_account.xml)**
mandatory
**Type:** [`string`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nom de famille de la famille . |
## Variables for expert
### Général
#### ldap
| Parameter | Comments |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **[general.ldap.ldap_schemas](dictionaries/21_openldap-server.xml)**
mandatory, multiple
**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Schémas LDAP additionnel.
**Default:** - /etc/openldap/schema/cosine.ldif
- /etc/openldap/schema/inetorgperson.ldif
- /etc/openldap/schema/nis.ldif
- /etc/openldap/schema/misc.ldif
|
##### Limites
| Parameter | Comments |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|
| **[general.ldap.limits.ldap_loglevel](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Niveau de log.
**Default:** 0 |
| **[general.ldap.limits.ldap_sizelimit](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre maximum d'entrées à retourner lors d'une requête.
**Default:** 5000 |
| **[general.ldap.limits.ldap_timelimit](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Temps de réponse maximum à une requête (en secondes).
**Default:** 3600 |
##### DB environment
| Parameter | Comments |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
| **[general.ldap.db_environment.db_cache_size_g](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité de Giga-octets à utiliser pour le cache HDB.
**Default:** 0 |
| **[general.ldap.db_environment.db_cache_size_o](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'octets à utiliser pour le cache HDB.
**Default:** 268435456 |
| **[general.ldap.db_environment.db_cache_chunks](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de fichiers ou écrire le cache HDB.
**Default:** 1 |
| **[general.ldap.db_environment.db_log_region_max](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité de fichier de cache mis en cache mémoire.
**Default:** 262144 |
| **[general.ldap.db_environment.db_log_max](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'informations de journalisation conservé jusqu'à rotation.
**Default:** 10485760 |
| **[general.ldap.db_environment.db_log_bsize](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Quantité d'informations de journalisation du cache reporté sur le disque.
**Default:** 2097152 |
| **[general.ldap.db_environment.db_log_directory](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`filename`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Répertoire de conservation des informations de journalisation.
**Default:** /srv/openldap/log |
| **[general.ldap.db_environment.db_lk_max_objects](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre d'objet qui peuvent être verrouillés simultanément .
**Default:** 5000 |
| **[general.ldap.db_environment.db_lk_max](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de verrous maximal.
**Default:** 5000 |
| **[general.ldap.db_environment.db_lk_max_lockers](dictionaries/21_openldap-server.xml)**
mandatory
**Type:** [`number`](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Nombre de verroulleur maximal.
**Default:** 5000 |
## Requirements services
- **LocalDNS**
- Journald
**bold**: provider is mandatory
## Example
Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.
```
openldap:
applicationservice: openldap
provider_zone: ldap
zones_name:
- localdns
```
## Dependances
- [base-fedora-37](../base-fedora-37/README.md)
- [base-fedora](../base-fedora/README.md)
- [systemd](../systemd/README.md)
- [base-machine](../base-machine/README.md)
- [base](../base/README.md)
- [dns-local](../dns-local/README.md)
- [pki-tls](../pki-tls/README.md)
- [journald](../journald/README.md)
- [resolved](../resolved/README.md)
## Supplier
[ldap-client](../ldap-client/README.md)
[All applications services for this dataset.](../README.md)