dataset/seed/lemonldap/README.md

Table of Contents

• lemonldap
• Synopsis
• Basic variables
• General
• Reverse proxy
• Point d'entrée des clients
• LemonLDAP
• Variables for expert
• General
• OpenLDAP directory
• Client
• NGINX
• Reverse proxy
• Point d'entrée des clients
• LemonLDAP
• Requirements services
• Mandatories
• Optionals
• Example
• Dependances
• Useful for services

Return to the list of application services.

lemonldap

Synopsis

LemonLDAP, a Web Single Sign On and Access Management.

Basic variables

General

Reverse proxy

Point d'entrée des clients

This family is a leadership.

Parameter	Comments
general.revprox.revprox_client.revprox_client_external_domainnames mandatory, multiple Type: domainname	Nom de domaine exterieur du serveur. Example: service.example.net
general.revprox.revprox_client.revprox_client_location mandatory Type: filename	Nom de l'arborescence racine du site.

LemonLDAP

Configuration de la solution d'authentification unique LemonLDAP::NG.

Parameter	Comments
general.lemonldap.lemon_mail_admin mandatory Type: mail	Courriel de l'administrateur. Example: admin@example.net

Variables for expert

General

OpenLDAP directory

Client

Parameter	Comments
general.ldap.client.ldapclient_family mandatory Type: unix_user	Restrict service configuration for a LDAP family. "all" for all families. Default: all

NGINX

Paramétrage global de NGINX.

Parameter	Comments
general.nginx.nginx_hash_bucket_size mandatory Type: choice	Longueur maximum pour un nom de domaine. Choices: - 128 ← default - 64 - 32
general.nginx.nginx_post_max_size mandatory Type: number	Taille maximale des données reçues par la méthode POST (en Mo). Default: 32

Reverse proxy

Point d'entrée des clients

This family is a leadership.

Parameter	Comments
general.revprox.revprox_client.revprox_client_max_body_size Type: string	Taille maximum du corps.

LemonLDAP

Configuration de la solution d'authentification unique LemonLDAP::NG.

Parameter	Comments
general.lemonldap.lemon_proc mandatory Type: number	Nombre de processus dédié à LemonLdap (équivalent au nombre de processeurs). Default: 1

Requirements services

Mandatories

• LocalDNS: nsd-local
• SMTP: postfix-relay
• LDAP: openldap
• ReverseProxy: nginx-reverse-proxy

Optionals

• Journald: vector

bold: provider is mandatory

Example

Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.

lemonldap:
  applicationservice: lemonldap
  provider_zone: oauth2
  zones_name:
    - ldap
    - localdns
    - reverseproxy
    - smtp
  values:
    general.revprox.revprox_client.revprox_client_external_domainnames:
      - service.example.net
    general.lemonldap.lemon_mail_admin: admin@example.net

Dependances

• ldap-client
• relay-mail-client
• nginx-https
  • nginx-common
  • reverse-proxy-client
• base-debian-bullseye
  • base-debian
    • systemd
      • base-machine
        • base
        • dns-local
        • pki-tls
      • journald
      • resolved

Useful for services

• dovecot
• forgejo
• gitea
• grafana
• mailman
• nextcloud
• odoo
• peertube
• piwigo
• roundcube