History

Emmanuel Garette ccb279d482 update doc		2023-08-10 21:58:39 +02:00
..
a_voir/sauvegarde	remove application version	2022-07-01 22:10:33 +02:00
dictionaries	update openldap documentations	2023-08-10 21:54:24 +02:00
extras	update doc	2023-08-10 21:58:39 +02:00
funcs	ansible template	2023-06-23 08:12:05 +02:00
manual/image	improvements	2022-12-25 17:08:52 +01:00
templates	update	2023-07-31 15:30:32 +02:00
tests	update documentations	2023-01-17 21:43:32 +01:00
applicationservice.yml	update doc	2023-08-10 09:34:41 +02:00
DEBUG.md	add gitea tests	2022-07-17 09:46:30 +02:00
doc.md	remove application version	2022-07-01 22:10:33 +02:00
infos.md	docs for application services	2022-12-25 12:17:15 +01:00
ldap.service	remove application version	2022-07-01 22:10:33 +02:00
README.md	update openldap documentations	2023-08-10 21:54:24 +02:00

README.md

Table of Contents

openldap

Synopsis
Variables

Accounts

Users management
Management of family suffix value

Users management for the family suffix value

Variables for expert

Général

LDAP

Limits
DB environment

Requirements services
Example
Dependances
Supplier

openldap

Synopsis

OpenLDAP, the LDAP server.

Software's website.

This service provides a LDAP server.

It is possible to request the creation of users. Those users can be mixed or classified into families.

Those users will be created and updated. They will never be deleted. The initial password will be generated but never updated. You can modify them.

Other services may also require automatic user creation.

Variables

Accounts

Users management

Management of manually created local users. Those users are not classified. This family is a leadership.

Parameter	Comments
accounts.users.ldap_user_mail multiple Type: `mail`	Email address. An user is identify by his email address. Example: johndoe@example.net
accounts.users.ldap_user_aliases multiple Type: `mail`	Emails aliases. Example: jdoe@example.net
accounts.users.ldap_user_uid mandatory Type: `unix_user`	Account name. Example: jdoe
accounts.users.ldap_user_gn mandatory Type: `string`	Given name. Example: John
accounts.users.ldap_user_sn mandatory Type: `string`	Surname. Example: Doe

Parameter	Comments
accounts.families multiple Type: `unix_user`	Families to create. Users can be classified into families. This variable contains all the names of the families to be created.

Management of family suffix value

This a dynamic family generated from the variable "accounts.families".

Users management for the family suffix value

Management of manually created users. Those users are classified in a family. This family is a leadership.

Parameter	Comments
accounts.family_suffix value.users_suffix value.ldap_user_mail_suffix value multiple Type: `mail`	Email address for the family . An user is identify by his email address. Example: johndoe@family.net
accounts.family_suffix value.users_suffix value.ldap_user_aliases_suffix value multiple Type: `mail`	Emails aliases for the family . Example: jdoe@family.net
accounts.family_suffix value.users_suffix value.ldap_user_uid_suffix value mandatory Type: `unix_user`	Account name for the family . Example: jdoe
accounts.family_suffix value.users_suffix value.ldap_user_gn_suffix value mandatory Type: `string`	Given name for the family . Example: John
accounts.family_suffix value.users_suffix value.ldap_user_sn_suffix value mandatory Type: `string`	Surname for the family . Example: Doe

Variables for expert

Général

LDAP

Parameter	Comments
general.ldap.ldap_schemas mandatory, multiple Type: `filename`	Additional LDAP schemas. Default: /etc/openldap/schema/cosine.ldif /etc/openldap/schema/inetorgperson.ldif /etc/openldap/schema/nis.ldif /etc/openldap/schema/misc.ldif

Limits

Parameter	Comments
general.ldap.limits.ldap_loglevel mandatory Type: `number`	Log level. Default: 0
general.ldap.limits.ldap_sizelimit mandatory Type: `number`	Nombre maximum d'entrées à retourner lors d'une requête. Default: 5000
general.ldap.limits.ldap_timelimit mandatory Type: `number`	Temps de réponse maximum à une requête (en secondes). Default: 3600

DB environment

Parameter	Comments
general.ldap.db_environment.db_cache_size_g mandatory Type: `number`	Quantité de Giga-octets à utiliser pour le cache HDB. Default: 0
general.ldap.db_environment.db_cache_size_o mandatory Type: `number`	Quantité d'octets à utiliser pour le cache HDB. Default: 268435456
general.ldap.db_environment.db_cache_chunks mandatory Type: `number`	Nombre de fichiers ou écrire le cache HDB. Default: 1
general.ldap.db_environment.db_log_region_max mandatory Type: `number`	Quantité de fichier de cache mis en cache mémoire. Default: 262144
general.ldap.db_environment.db_log_max mandatory Type: `number`	Quantité d'informations de journalisation conservé jusqu'à rotation. Default: 10485760
general.ldap.db_environment.db_log_bsize mandatory Type: `number`	Quantité d'informations de journalisation du cache reporté sur le disque. Default: 2097152
general.ldap.db_environment.db_log_directory mandatory Type: `filename`	Répertoire de conservation des informations de journalisation. Default: /srv/openldap/log
general.ldap.db_environment.db_lk_max_objects mandatory Type: `number`	Nombre d'objet qui peuvent être verrouillés simultanément . Default: 5000
general.ldap.db_environment.db_lk_max mandatory Type: `number`	Nombre de verrous maximal. Default: 5000
general.ldap.db_environment.db_lk_max_lockers mandatory Type: `number`	Nombre de verroulleur maximal. Default: 5000

Requirements services

LocalDNS
Journald

bold: provider is mandatory

Example

Zone names are provided as examples. Think about adapting with the value of provider_zone in configuration file.

openldap:
  applicationservice: openldap
  provider_zone: ldap
  zones_name:
    - localdns

Dependances

base-fedora-37
- base-fedora
  - systemd
    - base-machine
      - base
      - dns-local
      - pki-tls
    - journald
    - resolved

Supplier

ldap-client

All applications services for this dataset.