dataset/seed/lemonldap
2023-08-29 10:37:29 +02:00
..
dictionaries update doc 2023-08-10 09:34:41 +02:00
extras/oauth2 update doc 2023-08-29 10:37:29 +02:00
funcs remove application version 2022-07-01 22:10:33 +02:00
manual/image/preinstall remove application version 2022-07-01 22:10:33 +02:00
templates update 2023-07-31 15:30:32 +02:00
tests manage well-known file (from internal or external) 2022-07-05 22:08:20 +02:00
applicationservice.yml update doc 2023-08-01 15:13:17 +02:00
DEBUG.md ansible template 2023-06-23 08:12:05 +02:00
doc.md remove application version 2022-07-01 22:10:33 +02:00
README.md update doc 2023-08-29 10:37:29 +02:00

Table of Contents

Return to the list of application services.

lemonldap

Synopsis

LemonLDAP, a Web Single Sign On and Access Management.

Example

Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.

lemonldap:
  applicationservice: lemonldap
  provider_zone: oauth2
  zones_name:
    - ldap
    - localdns
    - reverseproxy
    - smtp
  values:
    general.revprox.revprox_client.revprox_client_external_domainnames:
      - service.example.net
    general.lemonldap.lemon_mail_admin: admin@example.net

Basic variables

General

Reverse proxy

Clients configuration

This family is a leadership.

Parameter Comment
general.revprox.revprox_client.revprox_client_external_domainnames
mandatory, multiple
Type: domainname
Service external domain name.
Example: service.example.net
general.revprox.revprox_client.revprox_client_location
mandatory
Type: filename
URI to route request to the correct service.
Default: /

LemonLDAP

Configuration de la solution d'authentification unique LemonLDAP::NG.

Parameter Comments
general.lemonldap.lemon_mail_admin
mandatory
Type: mail
Courriel de l'administrateur.
Example: admin@example.net

Variables

General

OpenLDAP directory

Client
Parameter Comment
general.ldap.client.ldapclient_family
mandatory
Type: unix_user
Restrict service configuration for a LDAP family.
"all" for all families.
Default: all

Reverse proxy

Clients configuration

This family is a leadership.

Parameter Comment
general.revprox.revprox_client.revprox_client_max_body_size
Type: string
The maximum allowed size of the client request body.

Variables for expert

General

NGINX

Parameter Comment
general.nginx.nginx_hash_bucket_size
mandatory
Type: choice
The bucket size for the server names hash tables.
Choices:
- 128 ← default
- 64
- 32
general.nginx.nginx_post_max_size
mandatory
Type: number
The maximum allowed size of the client request body.
This value is in Mb.
Default: 32

LemonLDAP

Configuration de la solution d'authentification unique LemonLDAP::NG.

Parameter Comments
general.lemonldap.lemon_proc
mandatory
Type: number
Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs).
Default: 1

Requirements services

Mandatories

  • LocalDNS: DNS forwarder for local domain name.
  • SMTP: Create a SMTP relay account and authorize sending email.
  • LDAP: Create account and connexion to a LDAP server.
  • ReverseProxy: Register to service to a reverse proxy server.

Optionals

  • Journald: Concentrate journal messages on one host.

Dependances

Useful for services

  • dovecot: Postfix and Dovecot as mail servers (IMAP and submission).
  • forgejo: Forgejo, a community managed lightweight code hosting solution.
  • gitea: Transitional package for Gitea to Forgejo.
  • grafana: Grafana is an analytics and interactive visualization web application.
  • mailman: GNU Mailman, managing electronic mail discussion and e-newsletter lists.
  • nextcloud: Nextcloud, Online collaboration platform.
  • odoo: Odoo, an ERP and CRM.
  • peertube: Peertube, a federated (ActivityPub) video streaming platform.
  • piwigo: Piwigo, a photo management software.
  • roundcube: Roundcube, a webmail.