--- gitea: none include_toc: true --- # lemonldap ## Synopsis LemonLDAP, a Web Single Sign On and Access Management. [For more informations](https://lemonldap-ng.org/) ## Basic variables #### Client SMTP (*general.smtp*) | Description | Type | Supplier | |----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|------------| | **Nom de domaine du serveur SMTP** (*[smtp_relay_address](dictionaries/20_smtp_client.xml)*) | [domainname](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | SMTP | ##### Serveur (*general.ldap.server*) | Description | Type | Supplier | |----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|------------| | **Nom DNS du serveur LDAP** (*[ldap_server_address](dictionaries/21_ldap-client.xml)*) | [domainname](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | LDAP | #### LemonLDAP (*general.lemonldap*) Configuration de la solution d'authentification unique LemonLDAP::NG | Description | Type | Example | |-------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|-------------------| | **Courriel de l'administrateur** (*[lemon_mail_admin](dictionaries/70_lemonldap_ng.xml)*) | [mail](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | admin@example.net | - [+]: variable is multiple - **bold**: variable is mandatory ## Variables #### systemd-journald (*general.journald*) | Description | Type | Supplier | Values | |--------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|---------------|--------------| | *[journal_client_server_domainname](dictionaries/20_journald.xml)* | [domainname](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Journald | | | *[journal_host_name](dictionaries/20_journald.xml)* | [domainname](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | Journald:host | | ##### Client (*general.ldap.client*) | Description | Type | Values | Supplier | |----------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|--------------|--------------| | **Nom de la famille LDAP** (*[ldapclient_family](dictionaries/70_lemonldap_ng.xml)*) | [unix_user](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | all | LDAP:family | | **Base DN de l'annuaire** (*[ldapclient_base_dn](dictionaries/21_ldap-client.xml)*) | [string](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | LDAP:base_dn | | **Base DN de l'annuaire des utilisateurs** (*[ldapclient_search_dn](dictionaries/21_ldap-client.xml)*) | [string](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | | | **Base DN de l'annuaire des groupes** (*[ldapclient_group_dn](dictionaries/21_ldap-client.xml)*) | [string](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | | | **Base DN de l'annuaire des utilisateurs n'appartenant à une famille** (*[ldapclient_user_dn](dictionaries/21_ldap-client.xml)*) | [string](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | | | #### NGINX (*general.nginx*) Paramétrage global de NGINX | Description | Help | Type | |--------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------| | Nom de domaine du serveur mandataire inverse par défaut (*[nginx_default](dictionaries/21_nginx.xml)*) | Si un client accède au serveur avec un nom de domaine non déclaré, le flux est redirigé vers ce domaine | [domainname](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | ##### Point d'entrée des clients (*general.revprox.revprox_client*) This a family is a leadership. | Description | Type | Supplier | |------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|----------------------------| | **Nom de l'arborescence racine du site** (*[revprox_client_location](dictionaries/21_revprox_client.xml)*) | [filename](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | ReverseProxy:location | | Taille maximum du corps (*[revprox_client_max_body_size](dictionaries/21_revprox_client.xml)*) | [string](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | ReverseProxy:max_body_size | #### LemonLDAP (*general.lemonldap*) Configuration de la solution d'authentification unique LemonLDAP::NG | Description | Type | Values | |------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|----------| | **Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs)** (*[lemon_proc](dictionaries/70_lemonldap_ng.xml)*) | [number](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | 1 | ### Oauth2 (*oauth2*) | Description | Type | Provider | |------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|------------| | Remote clients needing to verify OAuth2 account (*[remotes](extras/oauth2/00_oauth2.xml)*) [+] | [domainname](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | OAuth2 | ##### external_ (*oauth2.oauth2_.external_*) This a family is a leadership. | Description | Provider | |--------------------------------------------------------------------|-----------------| | Remote external for (*[hosts_](extras/oauth2/00_oauth2.xml)*) [+] | OAuth2:external | - [+]: variable is multiple - **bold**: variable is mandatory ## Variables for expert #### NGINX (*general.nginx*) Paramétrage global de NGINX | Description | Type | Values | Choices | |-------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|----------|---------------------| | **Longueur maximum pour un nom de domaine** (*[nginx_hash_bucket_size](dictionaries/21_nginx.xml)*) | [choice](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | 128 | 128
64
32 | | **Taille maximale des données reçues par la méthode POST (en Mo)** (*[nginx_post_max_size](dictionaries/21_nginx.xml)*) | [number](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | 32 | | ##### Point d'entrée des clients (*general.revprox.revprox_client*) This a family is a leadership. | Description | Type | Example | Supplier | |---------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|---------------------|-----------------------| | **Nom de domaine exterieur du serveur** (*[revprox_client_external_domainnames](dictionaries/21_revprox_client.xml)*) [+] | [domainname](https://forge.cloud.silique.fr/risotto/rougail/src/branch/main/doc/variable/README.md#le-type-de-la-variable) | service.example.net | ReverseProxy:external | - [+]: variable is multiple - **bold**: variable is mandatory ## Examples Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file. With minimum providers: ``` lemonldap: applicationservice: lemonldap provider_zone: oauth2 zones_name: - ldap - localdns - reverseproxy - smtp values: general.revprox.revprox_client.revprox_client_external_domainnames: - service.example.net general.lemonldap.lemon_mail_admin: admin@example.net ``` With all providers: ``` lemonldap: applicationservice: lemonldap provider_zone: oauth2 zones_name: - journald - ldap - localdns - reverseproxy - smtp values: general.revprox.revprox_client.revprox_client_external_domainnames: - service.example.net general.lemonldap.lemon_mail_admin: admin@example.net ``` ## Dependances - [ldap-client](../ldap-client/README.md) - [relay-mail-client](../relay-mail-client/README.md) - [nginx-https](../nginx-https/README.md) - [nginx-common](../nginx-common/README.md) - [reverse-proxy-client](../reverse-proxy-client/README.md) - [base-debian-bullseye](../base-debian-bullseye/README.md) - [base-debian](../base-debian/README.md) - [systemd](../systemd/README.md) - [base-machine](../base-machine/README.md) - [base](../base/README.md) - [dns-local](../dns-local/README.md) - [pki-tls](../pki-tls/README.md) - [journald](../journald/README.md) - [resolved](../resolved/README.md) ## Supplier [oauth2-client](../oauth2-client/README.md) [All applications services for this dataset.](../README.md)