Changes - stoney cloud

stoney core: OpenLDAP directory data organisation

19,398 bytes added, 2 February

/* Services */

= Abstract =

This document describes ~~the OpenLDAP directory data organisation for~~ the [[~~Main_Page~~ :Category:stoney core| stoney ~~cloud~~core]]~~. This~~ relevant OpenLDAP directory ~~is the only database for all the services, which are manageable through the web interface of the stoney cloud~~data organisation.

~~Some titles have numbers in brackets. These numbers reflect~~ = Data Organisation =The following chapters explain the data organisation of the stoney cloud ~~version, in which these entries have been added or modified~~OpenLDAP directory. This document describes the [[:Category:stoney core|stoney core]] relevant OpenLDAP directory data organisation.

= ~~Introduction~~ = Administration ==~~All Service-~~The subtree '''ou=administration, ~~User~~dc=stoney- ~~and Billing-Data ist stored in the [http://www.openldap.~~cloud,dc=org~~/ OpenLDAP] directory. The directory runs in Multi-Master Mirror-Mode for high availability~~''' contains all the administrative data.

= ~~Data Organisation~~ == nextfreeuid ===The entry <code>cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org</code> stores the next free UID (Unique Identifier). The <code><uid></code> is unique over the whole directory and is enforced through the directory and is incremented by one.<source lang='ldif'>dn: cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=orgobjectclass: sstNextFreeUIDcn: nextfreeuiduid: 3724591uidNumber: 3724591</source> The following ~~chapters explain~~ table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"! style="text-align:left; width: 180px" | Attribute! style="text-align:left; width: 220px" | Objectclass! style="width: 80px" | Existance! style="width: 80px" | Mandatory! style="text-align:left;" | Description |-| cn| ...| <center>MUST</center>| <center>x</center>| The name of the leaf. For the next free uid, this is: <code>nextfreeuid</code>. |-| uid| ...| <center>...</center>| <center>x</center>| ... |} Legend:* '''x''': Mandatory in all cases. Before using this attribute <code>uidNumber</code>, you need to be sure, that your directory server actually supports atomic increments (LDAP Modify-Increment). See [https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml Lightweight Directory Access Protocol (LDAP) Parameters] and [https://tools.ietf.org/html/rfc4525 Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension (RFC4525)]. The following search should tell you, if you LDAP server supports the LDAP Modify-Increment Object Identifier Descriptor (OID 1.3.6.1.1.14):<source lang='bash'>ldapsearch -H ldaps://ldapm.stepping-stone.ch -b "" -s base -D "cn=Manager,dc=stoney-cloud,dc=org" -W \* + | grep 1.3.6.1.1.14</source> The result should look as follows:<source lang='text'>supportedFeatures: 1.3.6.1.1.14</source> Options:<source lang='text'>-H ldapuri-b searchbase-D binddn-W Prompt for simple authentication.\* All user attributes are returned. + All operational attributes are returned.</source> === Billing ===The sub tree <code>ou=billing,ou=administration,dc=stoney-cloud,dc=org</code> stores all the billing relevant data ~~organisation~~ . Each billable item (bundle, service or service item) is stored in this sub tree.<source lang='ldif'>dn: ou=billing,ou=administration,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitou: billing</source> The following LDIF extract shows the billing schema for the product "Mail Account".<source lang='ldif'>dn: uid=100001,ou=billing,ou=administration,dc=stoney-cloud,dc=orgdescription: Default pricing schema for the product Mail Account.objectclass: topobjectclass: sstBillingPriceSchemasstbaseprice: 0sstbelongstouid: 1sstbillingunit: Gigabytesstfreeunit: 0sstpriceformula: sstPricePerUnit * sstQuotasstpriceperunit: 4.00sstproductname: Mail Accountuid: 100001sstBelongsToUID: 1</source> The finale price is calculated with the help of the stored formula (sstPriceFormula). The customer price for a "Mail Account" with a 2 Gigabyte large mailbox (quota) is calculated as follows:'''Price''' = sstPricePerUnit * sstQuota = 4.00 CHF/(Gigabyte * Month) * 2 Gigabyte = '''8 CHF/Month''' All prices are stored in Swiss Francs (because the company stepping stone GmbH resides in Switzerland). You can decide about the default currency yourself. Once a month a billing run is executed, which scans the whole directory. The billing run is a currently "work in progress". For more information, please contact our [mailto:accounting@stepping-stone.ch Accounting] departement. === Group Mapping ===Used for the group mapping from the given readable format to the local group UID format.<source lang='ldif'>dn: ou=group mapping,ou=administration,dc=stoney -cloud ,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: labeledURIObjectobjectclass: sstLDAPSearchObjectClassou: group mappingdescription: This entry describes, how to map a given group name to an UID in the local LDAP directory.sstDisplayName: Group MappingsstLDAPBaseDn: ou=groups,dc=stoney-cloud,dc=orgsstLDAPFilter: (&(objectClass=sstGroupObjectClass)(sstGroupName=%s)(sstBelongsToResellerUID=%sstBelongsToResellerUID)(sstBelongsToCustomerUID=%sstBelongsToCustomerUID))sstLDAPStaticAttribute: uid</source> ==== Example Mapping for the Technology Group ====The following search maps the group Technology belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 to the uid 4000014:<source lang='bash'>ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid</source> <source lang='text'># extended LDIF## LDAPv3# base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree# filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))# requesting: uid ## 4000014, groups, stoney-cloud.orgdn: uid=4000014,ou=groups,dc=stoney-cloud,dc=orguid: 4000014 # search resultsearch: 2result: 0 Success # numResponses: 2# numEntries: 1</source> ==== Example Mapping for all Groups ====The following search lists all the existing Groups to belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 with the corresponding uids:<source lang='bash'>ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid</source> <source lang='text'># extended LDIF## LDAPv3# base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree# filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))# requesting: uid # # 4000014, groups, stoney-cloud.orgdn: uid=4000014,ou=groups,dc=stoney-cloud,dc=orguid: 4000014 # 4000015, groups, stoney-cloud.orgdn: uid=4000015,ou=groups,dc=stoney-cloud,dc=orguid: 4000015 # search resultsearch: 2result: 0 Success # numResponses: 3# numEntries: 2</source> === People (Superuser) ===The sub tree <code>ou=people,ou=administration,dc=stoney-cloud,dc=org</code> list all users, which have super user richts (users with the attribute <code>sstBelongsToUID=1</code>). This entry uses the functionality of the the dynlist overlay. The attribut '''labeleduri''' contains a pre-defined search, which leads to a automatically created list.<source lang='ldif'>dn: ou=people,ou=administration,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: labeledURIObjectou: peoplelabeleduri: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToUID=1)member: uid=1000000,ou=people,dc=stoney-cloud,dc=orgmember: uid=1000003,ou=people,dc=stoney-cloud,dc=orgmember: uid=1000004,ou=people,dc=stoney-cloud,dc=org</source> As you can see, the OpenLDAP has three people withe Superuser rights. === Services ===The sub tree '''ou=services,ou=administration,dc=stoney-cloud,dc=org''' contains all the service users. Each service and/or application has its own authentication user. The authentication user is used in the [[HTTP Basic authentication against OpenLDAP directory|OpenLDAP Directory Access Control Lists]] (ACLs) to allow or restrict access to the data. Naming Convention '''Notification user''':* <SERVICE>-notification** backup-notification** cloud-notification** lbaas-notification** mail-notification** storage-notification Naming Convention '''Service user''':* <SERVICE>-<DAEMON>** backup-pam-ldap** cloud-openstack** crm-suitecrm** billing-cyclops** cm-puppetboard ('''c'''onfiguration '''m'''anagement - Puppetboard Service)** dms-alfresco ('''d'''ocument '''m'''anagement '''s'''ystem - Alfresco)** iac-terraform ('''i'''nfrastructure '''a'''s '''c'''ode - Terraform)** <s>lbaas-haproxy</s>** <s>lbaas-pam-ldap</s>** monitoring-zabbix** phabricator** pm-kanboard** qos-rally** storage-nextcloud** storage-pam_ldap** timetracking-kimai** vault-cryptopus (A vault is a place where secrets are stored - in other words a password management system)** vcs-gitlab ('''v'''ersion '''c'''ontrol '''s'''ystem - GitLab Service)** virtualization-sc-brokerd** wiki-int Naming Convention '''API user''':* <SERVICE>-api** lbaas-api Naming Convention '''Provisioning user''':* prov-<SERVICE>-<TYPE>** prov-backup-kvm** prov-backup-zsnapshot** prov-cloud-openstack** prov-configuration-management-puppet** <s>prov-lbaas-haproxy</s>** prov-mail-ox ('''O'''pen-'''X'''change)** prov-monitoring-zabbix** prov-storage-nextcloud

== ~~root~~ == backup Service User (stoney backup) ====The following LDIF shows the ~~'''root'''~~ backup service user entry ~~of the whole OpenLDAP directory tree for the stoney cloud~~: dn: cn=backup,ou=services,ou=administration,dc=stoney-cloud,dc=org cn: dhcp

objectclass: top

objectclass: ~~dcObject~~organizationalPerson objectclass: ~~organization~~inetOrgPerson dcsn: ~~stoney-cloud~~backup ouserPassword: ~~stoney-cloud~~{SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

==== dhcp (DHCP) Service User (stoney conductor) ====The following LDIF shows the ~~root of the whole OpenLDAP directory tree for the stoney cloud modified for the company stepping stone GmbH in Switzerland~~dhcp service user entry: dn: ocn=~~stepping~~dhcp,ou=services,ou=administration,dc=stoney-~~stone~~cloud,cdc=chorg cn: dhcp

objectclass: top

objectclass: ~~organization~~organizationalPerson oobjectclass: ~~stepping-stone~~inetOrgPerson sn: dhcp userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

~~The entry '''c~~=~~ch''' stands for the country code of Switzerland while '''o~~=~~stepping-stone''' stands for the the organisation stepping-stone.~~ == libvirtd Service User (stoney conductor) ====The ~~entry stepping-stone is in the process of being reserved at~~ following LDIF shows the ~~[http~~libvirtd service user entry: dn:~~//www.bakom.admin.ch/index.html?lang~~cn=~~en Federal Office of Communications]. With the reservation of the name~~libvirtd, ~~all the directory entries will be unique over the whole world.~~ou=services,ou=administration,dc=stoney-cloud,dc=org cn: libvirtd objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson sn: dhcp userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

==== prov-backup-kvm (Provisioning-Backup-KVM Daemon) Service User (stoney conductor) ====The ~~'''root''' entry can be chosen during~~ following LDIF shows the ~~installation process of the stoney cloud. If you decide to use the default~~ prov-backup-kvm service user entry: dn: cn=prov-backup-kvm,ou=services,ou=administration, ~~you'll end up with '''~~dc=stoney-cloud,dc=org~~'''.~~ objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson cn: prov-backup-kvm sn: prov-backup-kvm userPassword: <STONEY-CLOUD-PROV-BACKUP-KVM-PASSWORD>

== ~~Administration~~ ==slapd-mirrormode Service User (stoney core) ====The following LDIF shows the slapd-mirrormode service user entry: dn: cn=slapd-mirrormode,ou=services,ou=administration,dc=stoney-cloud,dc=org cn: slapd-mirrormode objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson sn: slapd-mirrormode userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ ==== billing-cyclops Service User (stoney core) ====The following LDIF shows the billing service user entry: dn: cn=billing-cyclops,ou=services,ou=administration,dc=stoney-cloud,dc=org cn: slapd-mirrormode objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson sn: billing-cyclops userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

== Configuration ==

=== Configuration management ===

The sub tree '''ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org''' contains the configuration management system relevant entries of the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the configuration management system relevant entries of the whole stoney cloud installation.

dn: ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: organizationalUnit

ou: configuration management

description: This sub tree contains the configuration management system relevant entries of the whole stoney cloud installation.

</source>

==== Configuration management - Regions ====

The sub tree '''ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org''' contains the configuration management system region entries of the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the configuration management system region entries of the whole stoney cloud installation.

dn: ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: organizationalUnit

ou: regions

description: This sub tree contains the configuration management system region entries of the whole stoney cloud installation.

</source>

===== Configuration management - Regions - Region example =====

The following LDIF example shows a typical region.

dn: cn=duedingen_production,ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: organizationalRole

cn: duedingen_production

description: This region contains the two data centres located in Düdingen and is used for production systems.

</source>

The following table describes the different attributes:

{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"

! style="text-align:left; width: 180px" | Attribute

! style="text-align:left; width: 220px" | Objectclass

! style="width: 80px" | Existance

! style="width: 80px" | Mandatory

! style="text-align:left;" | Description

| cn

| organizationalRole

| <center>MUST</center>

| <center>x</center>

| The region used by the configuration management system Puppet via enc.

For example: <code>cn: duedingen_production</code>.

| description

| organizationalRole

| <center>MAY</center>

| <center>x</center>

| The human readable description of region.

For example: <code>description: This region contains the two data centres located in Düdingen and is used for production systems.</code>.

Legend:

* '''x''': Mandatory in all cases.

==== Configuration management - Roles ====

The sub tree '''ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org''' contains the configuration management system role entries of the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the configuration management system role entries of the whole stoney cloud installation.

dn: ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: organizationalUnit

ou: roles

description: This sub tree contains the configuration management system role entries of the whole stoney cloud installation.

</source>

===== Configuration management - Roles - Roles example =====

The following LDIF example shows a typical role.

dn: cn=base,ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstConfigurationManagementRole

cn: base

displayName: Base

sstProfiles: - base

description: This is the base role used by all new servers managed by Puppet, but without a final role decided.

</source>

The following table describes the different attributes:

{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"

! style="text-align:left; width: 180px" | Attribute

! style="text-align:left; width: 220px" | Objectclass

! style="width: 80px" | Existance

! style="width: 80px" | Mandatory

! style="text-align:left;" | Description

| cn

| sstConfigurationManagementRole

| <center>MUST</center>

| <center>x</center>

| The role name used by the configuration management system Puppet via enc.

For example: <code>cn: base</code>.

| displayName

| sstConfigurationManagementRole

| <center>MUST</center>

| <center>x</center>

| The role display name (human readable).

For example: <code>displayName: Base</code>.

| sstProfiles

| sstConfigurationManagementRole

| <center>MUST</center>

| <center>x</center>

| The role definition (profile list) used by the configuration management system Puppet via enc. The profiles are listed, one per line. Multiple lines must be base64 endoded:

For example: <code>sstProfiles: - base</code> or <code>sstProfiles:: LSBiYXNlCi0gY2VydGJvdAo=</code>.

Encode:

cat << EOF | base64

- base

- certbot

EOF

</source>

Decode:

echo LSBiYXNlCi0gY2VydGJvdAo= | base64 --decode

</source>

| description

| organizationalRole

| <center>MAY</center>

| <center></center>

| The human readable description of region.

For example: <code>description: This region contains the two data centres located in Düdingen and is used for production systems.</code>.

=== Operating System ===

The sub tree '''ou=operating system,ou=configuration,dc=stoney-cloud,dc=org''' contains the operating system choices for the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the operating system choices for the whole stoney cloud installation.

dn: ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: organizationalUnit

ou: operating system

description: This sub tree contains the operating system choices for the whole stoney cloud installation.

==== Linux ====

The sub tree '''uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org''' contains the Linux based operating system choices for the whole stoney cloud installation.

# This sub tree contains the Linux based operating system choices for the whole stoney cloud installation.

dn: uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000019

sstDisplayName: Linux

description: This sub tree contains the Linux based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

# This sub tree contains the Debian Linux based operating system choices for the whole stoney cloud installation.

dn: uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000020

sstDisplayName: Debian

description: This sub tree contains the Debian Linux based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000021,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000021

sstDisplayName: 5

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000022,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000022

sstDisplayName: 6

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000023,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000023

sstDisplayName: 7

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

# This sub tree contains the Fedora Linux based operating system choices for the whole stoney cloud installation.

dn: uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000024

sstDisplayName: Fedora

description: This sub tree contains the Fedora Linux based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000025,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000025

sstDisplayName: 12

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000026,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000026

sstDisplayName: 13

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000027,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000027

sstDisplayName: 14

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000028,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000028

sstDisplayName: 15

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000029,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000029

sstDisplayName: 16

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000030,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000030

sstDisplayName: 17

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000031,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000031

sstDisplayName: 18

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000032,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000032

sstDisplayName: 19

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

# This sub tree contains the Gentoo Linux based operating system choices for the whole stoney cloud installation.

dn: uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000033

sstDisplayName: Gentoo

description: This sub tree contains the Gentoo Linux based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000034

sstDisplayName: 2012.0

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000035

sstDisplayName: 2013.0

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

==== Windows ====

The sub tree '''uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org''' contains the Windows based operating system choices for the whole stoney cloud installation.

# This sub tree contains the Windows based operating system choices for the whole stoney cloud installation.

dn: uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000036

sstDisplayName: Windows

description: This sub tree contains the Windows based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

# This sub tree contains the Windows Server 2008 based operating system choices for the whole stoney cloud installation.

dn: uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000037

sstDisplayName: Server 2008

description: This sub tree contains the Windows Server 2008 based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000038,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000038

sstDisplayName: Datacenter

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000039,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000039

sstDisplayName: Enterprise

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000040,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000040

sstDisplayName: Foundation

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000041,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000041

sstDisplayName: Standard

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

# This sub tree contains the Windows Server 2008 R2 based operating system choices for the whole stoney cloud installation.

dn: uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000042

sstDisplayName: Server 2008 R2

description: This sub tree contains the Windows Server 2008 R2 based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000043,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000043

sstDisplayName: Datacenter

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000044,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000044

sstDisplayName: Enterprise

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000045,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000045

sstDisplayName: Foundation

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000046,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000046

sstDisplayName: Standard

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000047,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000047

sstDisplayName: Web

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

# This sub tree contains the Windows Server 2012 based operating system choices for the whole stoney cloud installation.

dn: uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000048

sstDisplayName: Server 2012

description: This sub tree contains the Windows Server 2012 based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000049,uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000049

sstDisplayName: Datacenter

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000050,uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000050

sstDisplayName: Standard

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

=== Software Stack ===

The sub tree '''ou=software stack,ou=configuration,dc=foss-cloud,dc=org''' contains the software stack choices for the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the software stack choices for the whole stoney cloud installation.

dn: ou=software stack,ou=configuration,dc=foss-cloud,dc=org

objectclass: top

objectclass: organizationalUnit

ou: software stack

description: This sub tree contains the software stack choices for the whole stoney cloud installation.

dn: ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org

objectclass: top

objectclass: organizationalUnit

ou: environments

description: This sub tree contains the software stack environment choices for the whole stoney cloud installation.

dn: uid=4000054,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000054

sstDisplayName: Test Environment

description: This is the environment used for testing (pre-production).

sstEnvironmentName: Test

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000055,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000055

sstDisplayName: Development Environment

description: This is the environment used for development (sandbox).

sstEnvironmentName: Development

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000056,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

uid: 4000056

sstDisplayName: Production Environment

description: This is the environment used for production.

sstEnvironmentName: Production

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

The multi-valued '''labeledURI''' attribute contains the '''operating system(s)''' for which a software stack works and therefore can be shown to the customer. The following three attributes tell us, who is allowed to access this leaf:

* '''sstAllowResellerUID''': Stores the reseller UID(s) that are allowed access to this leaf. If set to 0 (zero), all resellers have access.

* '''sstAllowCustomerUID''': Stores the customer UID(s) that are allowed access to this leaf. If set to 0 (zero), all customers belonging to the allowed resellers have access.

* '''sstAllowPersonUID''': Stores the person UID(s) that are allowed access to this leaf. If set to 0 (zero), all people belonging to the allowed resellers and the allowed customers have access.

dn: uid=4000051,ou=software stack,ou=configuration,dc=foss-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

objectclass: labeledURIObject

uid: 4000051

sstDisplayName: Django (Version 1)

description: Django Python Web Framework Version 1.

labeledURI: ldap://uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org

labeledURI: ldap://uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org

sstEnvironmentName: Test

sstEnvironmentName: Development

sstEnvironmentName: Production

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

dn: uid=4000052,ou=software stack,ou=configuration,dc=foss-cloud,dc=org

objectclass: top

objectclass: sstGroupObjectClass

objectclass: sstRelationship

objectclass: labeledURIObject

uid: 4000052

sstDisplayName: Django (Version 2)

description: Django Python Web Framework Version 2.

labeledURI: ldap://uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org

labeledURI: ldap://uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org

sstEnvironmentName: Test

sstEnvironmentName: Development

sstEnvironmentName: Production

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001

sstAllowResellerUID: 0

sstAllowCustomerUID: 0

sstAllowPersonUID: 0

== Customers ==

The sub tree '''ou=customers,dc=stoney-cloud,dc=org''' contains all the customers. Each customer has a unique uid, which is used for later reference.

=== Customers ~~uid (per customer)~~ - Customer ===

We have two kinds of customers:

* '''Company customer''': This is the normal case, as we target companies.

* '''Private customer''': A private customer does not have a company/organisation name.

The following LDIF examples will show both cases where necessary. The first LDIF shows you the default '''company customer''' entry after a fresh stoney cloud installation. All relevant data belonging to this ~~reseller~~ customer is stored below this dn. <source lang='ldif'>dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: ~~sstCustomerCompany~~sstCustomerobjectclass: sstRelationship uid: 4000001 organizationName: Customer Ltd. sstIsCompany: TRUEsstIsActive: TRUEsstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 </source> The following LDIF shows you the '''private customer''' entry. All relevant data belonging to this customer are stored below this dn.<source lang='ldif'>dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstCustomerobjectclass: sstRelationshipuid: 4000001givenName: Namesurname: SurnamesstIsCompany: FALSEsstIsActive: TRUEsstBelongsToResellerUID: 4000000sstBelongsToCustomerUID: 4000001</source>

The following table describes the different attributes:

{| ~~style~~border="~~border-spacing:0;~~1"| style="border-~~top~~collapse:~~0.002cm solid #000000~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''Attribute'''~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Existence'''</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Mandatory'''</center>

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| uid~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| A unique integer value with 7 digits or more. For example: 4000000.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| organizationName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| The organisation name of the ~~reseller~~customer. For example: Customer Ltd..

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToResellerUID~~givenName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For Givenname, example: ~~4000000~~Hans.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToCustomerUID~~surname~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Stores the customer UID the leaf belongs to. A unique value with 7 digits or moreSurname, ~~must correspond with the uid entry. For~~ example: ~~4000001~~Muster.

| ~~style="border-top:none;border-bottom:0~~sstIsCompany| <center>MUST</center>| <center>x</center>| Is the entry active? Either true (yes) or false (no).~~002cm solid #000000;border~~ |-~~left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstIsActive| ~~style="border-top:none;border-bottom:0~~<center>MAY</center>| <center>x</center>| Is the entry active? Either true (yes) or false (no).~~002cm solid #000000;border~~ |-~~left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstExternalID| <center>MAY</center>| ~~style="border-top~~<center></center>| The ID (or number) of a customer, person or product in an external database (for example:~~none;border-bottom:0~~234567).~~002cm solid #000000;border~~ |-~~left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstBelongsToResellerUID| <center>MUST</center>| <center>x</center>| ~~style="border-top:none;border-bottom:0~~Stores the reseller UID the leaf belongs to.~~002cm solid #000000;border-left:0~~A unique value with 7 digits or more.~~002cm solid #000000;border-right~~For example:04000000.~~002cm solid #000000;padding:0.097cm;"~~ | Is -| sstBelongsToCustomerUID| <center>MAY</center>| <center>x</center>| Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry ~~active? Either yes (TRUE) or no (FALSE)~~. For example: 4000001.

Legend:

* '''x''': Mandatory in all cases.

* '''x1''': If <code>sstIsCompany</code> is set to <code>TRUE</code>, the <code>organizationName</code> must be set. Otherwise <code>givenName</code> and <code>surname</code> must be set.

==== Customers - Customer - Billing address ====The ~~following LDIF shows you~~ sub tree '''ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the billing address for a '''~~private~~ company customer''' ~~entry. All relevant data belonging to this reseller are stored below this dn.~~:<source lang='ldif'> dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: ~~sstCustomerPerson~~organizationalUnit objectclass: sstAddressou: addressorganizationName: Customer Ltd.sstGender: mgivenName: Namesurname: SurnamepostalAddress: Street NumbercountryName: CHpostalCode: Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: Name Surname <name.surname@example.com>sstMailCc: Info Customer Ltd. <info@example.com>sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org>telephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source> The sub tree '''ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the billing address for a '''private customer''': <source lang='ldif'>dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstAddressou: addresssstGender: m givenName: Name surname: Surname ~~sstBelongsToResellerUID~~postalAddress: ~~4000000~~Street Number ~~sstBelongsToCustomerUID~~countryName: ~~4000001~~CH ~~sstIsActive~~postalCode: ~~TRUE~~Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: Name Surname <name.surname@example.com>sstMailCc: Info <info@example.com>sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org>telephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source>

The following table describes the different attributes:

{| ~~style~~border="~~border-spacing:0;~~1"| style="border-~~top~~collapse:~~0.002cm solid #000000~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''AttributeName'''~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Existence'''</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Mandatory'''</center>| '''Interface Equivalent'''

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| uid~~organizationName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Customer Name| ~~A unique integer value with 7 digits or more. For~~ Customer name, for example: ~~4000000~~'''stepping stone GmbH'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| givenName~~sstGender~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0~~Gender| Either 'm' for male or 'f' for female.~~002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Givenname,~~ For example: ~~Hans~~'''m'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| surname~~givenName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Name| ~~Surname~~Name, for example: ~~Muster~~'''Hans'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToResellerUID~~surname~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Surname| ~~Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more~~Surname, ~~must correspond with the uid entry. For~~ for example: ~~4000000~~'''Muster'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToCustomerUID~~postalAddress~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x3</center>| ~~style="border~~Address| Multi-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Stores the customer UID the leaf belongs to. A unique value with 7 digits or morelined address, ~~must correspond with the uid entry. For~~ for example: ~~4000001~~'''Neufeldstrasse 9'''.

| ~~style="border~~postOfficeBox| <center>MAY</center>| <center>x3</center>| Post Office Box| Post Office Box, for example: 3456. |-~~top~~| stateOrProvinceName| <center>MAY</center>| <center>x4</center>| State or Province Name| This pull down menu is only active (appears to the user), if the country is set to Canada or the USA. |-| countryName| <center>MUST</center>| <center>x</center>| Country| Country code according to [http:~~none;border~~//www.iso.org/iso/home/standards/country_codes.htm ISO 3166-~~bottom~~1]. The English short name (upper/lower case) is used for the interface and the corresponding ISO 3166-1-alpha-2 code (a two-letter code that represents a country name, recommended as the general purpose code) is used for the LDAP entry). For example:0'''Switzerland''' in the interface and '''CH''' in the LDAP directory.~~002cm solid #000000;border~~ |-~~left~~| postalCode| <center>MUST</center>| <center>x</center>| Postal Code| Postal Code without the country code, for example:0'''3012'''.~~002cm solid #000000;border~~ |-~~right~~| localityName| <center>MUST</center>| <center>x</center>| Location| Location, for example:~~none;padding~~'''Berne'''. |-| preferredLanguage| <center>MUST</center>| <center>x</center>| Language| Display language of the user according to [http:0//www.~~097cm;"~~ietf.org/rfc/rfc1766.txt RFC 1766]. For example: '''de-CH'''. The following languages are currently supported:* de-CH* de-DE* en-GB* en-US* fr-CH* fr-FR | ~~sstIsActive~~-| ~~style=~~mail| <center>MUST</center>| <center>x</center>| Mail Address| The customers "~~border~~To:" billing mail address, for example: '''Hans Muster <hans.muster@example.com>'''. This is a multi-~~top~~valued attribute and it MUST contain at least one "To:~~none;border~~" billing mail address. |-~~bottom~~| sstMailCc| <center>MAY</center>| <center></center>| Mail Address| The customers "CC:0" billing mail address, for example: '''Info Customer Ltd.~~002cm solid #000000;border~~<info@example.com>'''. This is a multi-~~left~~valued attribute and can contain zero or more "CC:0" billing mail addresses.~~002cm solid #000000;border~~ |-~~right~~| sstMailBcc| <center>MAY</center>| <center></center>| Mail Address| The customers "BCC:~~none;padding~~" billing mail address, for example:0'''Accounting Service Provider Ltd.~~097cm;~~<accounting@example.org>'''. This is a multi-valued attribute and can contain zero or more "BCC:" billing mail addresses. Here we'd expect the Accounting mail address of the service provider (for accountability reasons). |-| telephoneNumber| <center>MAY</center>| <center>x2</center>| Telephone| Telephone number of the user according to [http://en.wikipedia.org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: '''+41 31 222 33 44'''. |-| mobileTelephoneNumber| <center>MAY</center>| <center>x2</center>| Mobile| Mobile phone number of the user according to [http://en.wikipedia.org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: '''+41 76 222 33 44'''. |-| sstWebsiteURL| <center>MAY</center>| | Website| Website URL according to [http://tools.ietf.org/html/rfc3986 RFC-3986]. For example: '''http://www.stepping-stone.ch'''/. |}Legend: * '''x1''': If the attribute <code>sstIsCompany</code> of the parent entry is set to <code>TRUE</code>, the <code>organizationName</code> must be set.* '''x2''': Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.* '''x3''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.* '''x4''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present. ==== Customers - Customer - Shipping address (optional) ====The sub tree '''ou=shipping,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the shipping address and is optional (it is only needed, if the shipping address differs from the billing Address).<source lang='ldif'>dn: ou=shipping,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstAddressou: shippingorganizationName: Customer Ltd.sstGender: mgivenName: Namesurname: SurnamepostalAddress: Street NumbercountryName: CHpostalCode: Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: name.surname@example.comtelephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source> ==== Customers - Customer - Billing ====The sub tree '''ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains billing relevant data. The following example shows a customer, receiving a monthly bill.<source lang='ldif'>dn: ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstBillingCustomerou: billingsstBillable: TRUEsstBillingCycle: 1sstCurrency: CHFsstPaymentMethod: invoicesstDeliveryMethod: postsstDiscount: 20sstCancellationDate: 20181231sstMailToUID: 4000002sstMailCcUID: 4000064sstMailBccUID: 4000066sstMailBccUID: 4000069</source> The following example shows a customer, which receives their bill via their reseller (no billing done by us):<source lang='ldif'>dn: ou=billing,uid=4000001,ou=customers,o=stepping-stone,c=chobjectclass: topobjectclass: organizationalUnitobjectclass: sstBillingCustomerou: billingsstBillable: TRUE</source> The following table describes the different attributes:{| border="1" style="border-~~top~~collapse:~~none~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000~~80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border~~-left~~:0.002cm solid #000000~~;border-right:none~~;padding:0.097cm;"| '''Description''' |-| sstBillable| <center>MAY</center>| <center>x2</center>| ~~style="border~~All hierarchical levels must have <code>sstBillable: TRUE</code> to actually have an invoice generated and sent. If the attribute <code>sstBillable</code> doesn't exist, the default is <code>TRUE</code>. This way, we are forced to set a reseller, customer or product manually to <code>sstBillable: FALSE</code> if we want to avoid sending them an invoice.|-~~top~~| sstBillingCycle| <center>MAY</center>| <center></center>| Billing cycle in months. This attribute <code>sstBillingCycle</code> is only checked (evaluated), if the reseller the customer belongs to, has <code>sstResellerBill</code> set to <code>FALSE</code> (as is the case for the reseller stepping stone GmbH). Possible values:~~none;border~~* 1: Monthly invoice.* 3: Quarterly invoice.* 6: Semi-~~bottom~~annually invoice. * '''12''':0Yearly invoice (this is the default billing period if no <code>sstBillingCycle</code> is set).~~002cm solid #000000;border~~ |-~~left~~| sstCurrency| <center>MAY</center>| <center></center>| Three-letter currency code according to [https:0//en.~~002cm solid #000000;border~~wikipedia.org/wiki/ISO_4217 ISO 4217]. Possible values are:* '''CHF''': Swiss franc (this is the default currency if no <code>sstCurrency</code> is set).* EUR: Euro* GBP: Pound sterling* USD: United States dollar |-~~right~~| sstPaymentMethod| <center>MAY</center>| <center></center>| Payment method of the invoice. Possible values are:0* '''invoice''': Classic invoice, sent according to the delivery method defined in <code>sstDeliveryMethod</code> (this is the default payment method if no <code>sstPaymentMethod</code> is set).~~002cm solid #000000;padding~~* postcard:Electronic invoice via PostFinance.* creditcard: Credit card payment. |-| sstDeliveryMethod| <center>MAY</center>| <center></center>| Delivery method of invoices or access data. Possible values are:* email: The invoice or access data is sent via email to the recipient.* '''post''': The invoice or access data is sent via snail mail to the recipient (this is the default delivery method if no <code>sstDeliveryMethod</code> is set). |-| sstDiscount| <center>MAY</center>| <center></center>| An optional customer discount (an integer value between 0and 100).~~097cm;"~~Default is '''0'''. | Is -| sstCancellationDate| <center>MAY</center>| <center></center>| The cancellation date of a reseller, customer or service in the ~~entry active? Either yes~~ form of [YYYY][MM][DD] (~~TRUE~~ISO 8601) . For example: '''20181231'''. The attribute <code>sstCancellationDate</code> is used in a logical AND combination with <code>sstIsActive</code>. |-| sstMailToUID| <center>MAY</center>| <center>x1</center>| This attribute <code>sstMailToUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Even though this attribute is multi-valued, we expect on recipient only. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via To. This UID is used to look up the persons mail address, preferred language, name, surname or no other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000002'''. |-| sstMailCcUID| <center>MAY</center>| <center></center>| This attribute <code>sstMailCcUID</code> is only checked (~~FALSE~~evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via CC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000064'''. |-| sstMailBccUID| <center>MAY</center>| <center></center>| This attribute <code>sstMailBccUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via BCC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000066''' or '''4000069'''.

Legend:

* '''x''': Mandatory in all cases.

* '''x1''': The attribute <code>sstMailToUID</code> is mandatory, if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>.

* '''x2''': As the default of the attribute <code>sstBillable</code> is <code>TRUE</code>, it's not really mandatory. For better readability, please always add the attribute <code>sstBillable</code>.

==== Customers ~~Billing Address~~ - Customer - Employees ====The sub tree '''ou=~~address~~employees,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the ~~billing address for a~~ employees belonging to the reseller '''~~company customer~~Customer Ltd.'''(all the employees with the the attribute sstBelongsToEmployeeUID=4000001). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this customer. The number of employees is always the same or smaller than the number of people belonging to a customer (they are a subset).<source lang='ldif'> dn: ou=~~address~~employees,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: ~~sstAddressCompany~~labeledURIObject ou: ~~address~~employees ~~organizationName~~labeledURI: ~~Reseller Ltd.~~ ~~sstGender~~ldap: m ~~givenName: Name~~///ou=people,dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000001) ~~surname~~member: ~~Surname~~ ~~postalAddress: Street Number~~ ~~countryName: CH~~ ~~postalCode: Postal Code~~ ~~localityName: Locality~~ ~~preferredLanguage: en~~uid=4000002,ou=people,dc=stoney-GBcloud,dc=org ~~mail: name.surname@example.com~~</source> ~~telephoneNumber: +41 00 000 00 00~~ ~~mobileTelephoneNumber: +41 00 000 00 00~~ ~~sstWebsiteURL: https://www.~~In this example, the customer '''Customer Ltd.''' has one employee (with the uid=4000002).~~com/~~

The following table describes the different attributes:

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

| ~~style="border-top~~attribure| <center>MUST</center>| <center>x</center>| TBD.|} Legend:~~none;border-bottom~~* '''x''':0Mandatory in all cases.~~002cm solid #000000;border~~ ==== Customers -~~left~~Customer - People ====The sub tree '''ou=people,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the all the people belonging to the customer '''Customer Ltd.''' (all the people, including the employees, with the the attribute sstBelongsToCustomerUID=4000001). With the attribute labeledURI we use the functionality of the [http:0//www.~~002cm solid~~ openldap.org/doc/admin24/overlays.html#~~000000;border~~Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a reseller.<source lang='ldif'>dn: ou=people,uid=4000001,ou=customers,dc=stoney-~~right~~cloud,dc=orgobjectclass:~~none;padding~~topobjectclass:~~0.097cm;"| organizationName~~organizationalUnit~~| style~~objectclass: labeledURIObjectou: peoplelabeledURI: ldap:///ou=~~"border~~people,dc=stoney-~~top~~cloud,dc=org??one?(sstBelongsToCustomerUID=4000001)member:~~none;border~~uid=4000002,ou=people,dc=stoney-~~bottom~~cloud,dc=orgmember:~~0.002cm solid #000000;border~~uid=4000064,ou=people,dc=stoney-~~left~~cloud,dc=orgmember:~~0.002cm solid #000000;border~~uid=4000066,ou=people,dc=stoney-~~right~~cloud,dc=orgmember:~~none;padding:0.097cm;"| <center>MUST~~uid=4000069,ou=people,dc=stoney-cloud,dc=org</~~center~~source> In this example, four people the customer '''Customer Ltd.''' (including the employee with the uid=4000002). The following table describes the different attributes:{| border="1" style="border-~~top~~collapse:~~none~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''Attribute'''| <center>x'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border~~-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right~~:0.002cm solid #000000;padding:0.097cm;"| ~~Company name, example: stepping stone GmbH~~'''Description'''

| ~~style="border-top~~attribure| <center>MUST</center>| <center>x</center>| TBD.|} Legend:~~none;border-bottom~~* '''x''':0Mandatory in all cases.~~002cm solid #000000;border~~ === Customers -~~left~~Customer (LEGACY) ===We have two kinds of customers:0* '''Company customer''': This is the normal case, as we target companies.~~002cm solid #000000;border-right~~* '''Private customer''':~~none;padding:0~~A private customer does not have a company/organisation name.~~097cm;"| sstGender| style~~The following LDIF examples will show both cases where necessary. The first LDIF shows you the default '''company customer''' entry after a fresh stoney cloud installation. All relevant data belonging to this reseller is stored below this leaf.<source lang=~~"border~~'ldif'>dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass:~~none;border-bottom~~sstCustomerCompanyuid:~~0.002cm solid #000000;border-left~~4000001organizationName:0Customer Ltd.~~002cm solid #000000;border-right~~sstBelongsToResellerUID:~~none;padding~~4000000sstBelongsToCustomerUID:~~0.097cm;"| <center>MUST~~4000001sstIsActive: TRUE</~~center~~source> The following table describes the different attributes:{| border="1" style="border-~~top~~collapse:~~none~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''Attribute'''| <center>x'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border~~-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right~~:0.002cm solid #000000;padding:0.097cm;"| ~~Either~~ 'm' ~~for male or~~ 'fDescription''' ~~for female.~~

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| givenName~~uid~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0~~A unique integer value with 7 digits or more.~~002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Givenname,~~ For example: ~~Hans~~4000000.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| surname~~organizationName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0~~The organisation name of the reseller.~~002cm solid #000000;border-left~~For example:0Customer Ltd.~~002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Surname, example: Muster~~.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| postalAddress~~sstBelongsToResellerUID~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MAY~~MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2x</center>| ~~style="border-top:none;border-bottom:0~~Stores the reseller UID the leaf belongs to.~~002cm solid #000000;border-left:0~~A unique value with 7 digits or more.~~002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Street Number,~~ For example: ~~Neufeldstrasse 9. Multi-lined field~~4000000.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| postOfficeBox~~sstBelongsToCustomerUID~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2x</center>| ~~style="border-top:none;border-bottom:0~~Stores the customer UID the leaf belongs to.~~002cm solid #000000;border-left:0~~A unique value with 7 digits or more, must correspond with the uid entry.~~002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Postbox,~~ For example: ~~3456~~4000001.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| stateOrProvinceName~~sstExternalID~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x3</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| This pulldown menu is only active~~ The ID (~~appears to the user~~or number)of a customer, ~~if the country is set to Canada~~ person or ~~the USA~~product in an external database (for example: 234567).

| ~~style="border-top~~sstIsActive| <center>MAY</center>| <center>x</center>| Is the entry active? Either true (yes) or false (no). |} Legend:~~none;border-bottom~~* '''x''':0Mandatory in all cases.~~002cm solid #000000;border-left:0~~ The following LDIF shows you the '''private customer''' entry.~~002cm solid #000000;border-right:none;padding:0~~All relevant data belonging to this reseller are stored below this leaf.~~097cm;"| countryName| style~~<source lang=~~"border~~'ldif'>dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass:~~none;border-bottom~~sstCustomerPersonuid:~~0.002cm solid #000000;border-left~~4000001givenName:~~0.002cm solid #000000;border-right~~Namesurname:~~none;padding~~SurnamesstBelongsToResellerUID:~~0.097cm;"| <center>MUST~~4000000sstBelongsToCustomerUID: 4000001sstIsActive: TRUE</~~center~~source> The following table describes the different attributes:{| border="1" style="border-~~top~~collapse:~~none~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''Attribute'''| <center>x'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border~~-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right~~:0.002cm solid #000000;padding:0.097cm;"| ~~Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH.~~'''Description'''

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| postalCode~~uid~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0~~A unique integer value with 7 digits or more.~~002cm solid #000000;border-left~~For example:04000000.~~002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Zipcode, example: 3012~~

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| localityName~~givenName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| City~~Givenname, example: ~~Bern~~Hans.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| preferredLanguage~~surname~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Display language of the user according to RFC 1766~~Surname, example: ~~de-CH~~Muster. ~~Currently supported:~~* de-CH* en-GB

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| mail~~sstBelongsToResellerUID~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0~~Stores the reseller UID the leaf belongs to.~~002cm solid #000000;border-left:0~~A unique value with 7 digits or more, must correspond with the uid entry.~~002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| E-mail address of the user,~~ For example: ~~hans.muster@example.com~~4000000.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| telephoneNumber~~sstBelongsToCustomerUID~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1x</center>| ~~style="border-top:none;border-bottom:0~~Stores the customer UID the leaf belongs to.~~002cm solid #000000;border-left:0~~A unique value with 7 digits or more, must correspond with the uid entry.~~002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Fixnet phone number,~~ For example: ~~+41 31 222 33 44~~4000001.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| mobileTelephoneNumber~~sstExternalID~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Mobile phone~~ The ID (or number) of a customer, person or product in an external database (for example: ~~+41 76 222 33 44~~234567).

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstWebsiteURL~~sstIsActive~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"|~~ <center>x</center>| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/Is the entry active? Either true (yes) or false (no).

Legend:

* '''x''': Mandatory in all cases.

* '''x1''': Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.* '''x2''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.* '''x3''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.==== Customers - Customer (LEGACY) - Billing address ====The sub tree '''ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the billing address for a '''~~private~~ company customer''': <source lang='ldif'>dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: ~~sstAddressPerson~~sstAddressCompany ou: address organizationName: Customer Ltd.sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/</source>

The following table describes the different attributes:

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

| ~~style="border-top~~organizationName| <center>MUST</center>| <center>x</center>| Company name, example:~~none;border~~stepping stone GmbH |-~~bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstGender~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Either 'm' for male or 'f' for female.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| givenName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Givenname, example: Hans.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| surname~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Surname, example: Muster.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postalAddress~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Street Number, example: Neufeldstrasse 9. Multi-lined field.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postOfficeBox~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Postbox, example: 3456.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| stateOrProvinceName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x3</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| countryName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Country code according to ISO 3166-1 (for the web interface) and the corresponding [https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 ISO 3166-1-alpha-2 ] code (as the LDAP entry). Example: For Switzerland the value is CH.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postalCode~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Zipcode, example: 3012

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| localityName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| City, example: Bern.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| preferredLanguage~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Display language of the user according to RFC 1766, example: de-CH. Currently supported:

* de-CH

* en-GB

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| mail~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| E-mail address of the user, example: hans.muster@example.com.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| telephoneNumber~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Fixnet phone number, example: +41 31 222 33 44.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| mobileTelephoneNumber~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Mobile phone number, example: +41 76 222 33 44.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstWebsiteURL~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| ~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/.

* '''x3''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

~~==== Customers Shipping Address (optional) ====~~The sub tree '''ou=~~shipping~~address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the ~~shipping~~ billing address ~~and is optional (it is only needed, if the shipping address differs from the billing Address).~~for a '''private customer''':<source lang='ldif'> dn: ou=~~shipping~~address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: ~~sstAddressCompany~~sstAddressPerson ou: ~~shipping~~ ~~organizationName: Reseller Ltd.~~address sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/ ~~==== Customers Billing ====The sub tree '''ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains billing relevant data:~~ ~~dn: ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=org~~ ~~objectclass: top~~ ~~objectclass: organizationalUnit~~ ~~objectclass: sstBillingReseller~~ ~~ou: billing~~ ~~sstResellerBill: FALSE~~ ~~This entry need to be described in detail. TBD.~~</source>

The following table describes the different attributes:

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| attribure~~sstGender~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0~~Either 'm' for male or 'f' for female.~~002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| TBD.~~|}

~~==== Customers Employees ====~~|-~~The sub tree '''ou=employees~~| surname| <center>MUST</center>| <center>x</center>| Surname,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the employees belonging to the reseller '''Customer Ltd.''' (all the employees with the the attribute sstBelongsToEmployeeUID=4000001). With the attribute labeledURI we use the functionality of the [httpexample://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this customer. The number of employees is always the same or smaller than the number of people belonging to a customer (they are a subset)Muster.

~~dn: ou=employees,uid=4000001,ou=customers,dc=stoney~~|-~~cloud,dc=org~~ ~~objectclass: top~~| postalAddress ~~objectclass: organizationalUnit~~| <center>MAY</center> ~~objectclass: labeledURIObject~~| <center>x2</center> ~~ou: employees~~ ~~labeledURI: ldap:///ou=people~~| Street Number,~~dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000001)~~ ~~member~~example: ~~uid=4000002,ou=people,dc=stoney~~Neufeldstrasse 9. Multi-~~cloud,dc=org~~lined field.

~~The following table describes the different attributes:~~{| ~~style="border~~-~~spacing:0;"~~| ~~style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| '''Attribute'''~~stateOrProvinceName~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~'''Existence'''~~MAY</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~'''Mandatory'''~~x3</center>| ~~style="border:0~~This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA.~~002cm solid #000000;padding:0.097cm;"| '''Description'''~~

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| attribure~~countryName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border~~Country code according to ISO 3166-~~top:none;border~~1 (for the web interface) and the corresponding ISO 3166-~~bottom:0.002cm solid #000000;border~~1-~~left:0.002cm solid #000000;border~~alpha-~~right:0~~2 code (as the LDAP entry).~~002cm solid #000000;padding~~Example:0For Switzerland the value is CH.~~097cm;"| TBD.~~|}

~~==== Customers People ====~~|-~~The sub tree '''ou=people~~| localityName| <center>MUST</center>| <center>x</center>| City,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the all the people belonging to the customer '''Customer Ltd.''' (all the people, including the employees, with the the attribute sstBelongsToCustomerUID=4000001). With the attribute labeledURI we use the functionality of the [httpexample://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a resellerBern.

~~dn: ou=people,uid=4000001,ou=customers,dc=stoney~~|-~~cloud,dc=org~~ ~~objectclass: top~~| preferredLanguage ~~objectclass: organizationalUnit~~| <center>MUST</center> ~~objectclass: labeledURIObject~~| <center>x</center> ~~ou: employees~~ ~~labeledURI: ldap:///ou=people~~| Display language of the user according to RFC 1766,~~dc=stoney-cloud,dc=org??one?(sstBelongsToCustomerUID=4000001)~~ ~~member~~example: ~~uid=4000002,ou=people,dc=stoney~~de-~~cloud,dc=org~~ ~~member~~CH. Currently supported: ~~uid=4000064,ou=people,dc=stoney-cloud,dc=org~~ ~~member: uid=4000066,ou=people,dc=stoney~~* de-~~cloud,dc=org~~CH ~~member: uid=4000069,ou=people,dc=stoney~~* en-~~cloud,dc=org~~GB

~~The following table describes the different attributes:~~{| ~~style="border~~-~~spacing:0;"~~| ~~style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| '''Attribute'''~~telephoneNumber~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~'''Existence'''~~MAY</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~'''Mandatory'''~~x1</center>| ~~style="border~~Fixnet phone number, example:0+41 31 222 33 44.~~002cm solid #000000;padding:0.097cm;"| '''Description'''~~

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| attribure~~mobileTelephoneNumber~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>xx1</center>| ~~style="border-top~~Mobile phone number, example:~~none;border-bottom:0~~+41 76 222 33 44.~~002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| TBD.~~|}

| sstWebsiteURL

| <center>MAY</center>

| URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/.

Legend:

* '''xx1''': ~~Mandatory in all cases~~Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.* '''x2''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.* '''x3''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

== Groups ==

== People ==

The sub tree which contains all the people. Each person has a unique identifier (uid):<source lang='ldif''>dn: ou=people,dc=stoney-cloud,dc=org~~'''~~ objectclass: topobjectclass: organizationalUnitou: peopledescription: The sub tree which contains all the people. ~~Each person has a unique uid, which is used for later reference.~~</source>

=== People ~~uid (per person)~~ - Person ===Each person hat its own leaf with a unique identifier (uid). The following LDIF shows you ~~the default~~ a typical '''person''' entry ~~after a fresh stoney cloud installation~~. All relevant data belonging to this person is stored below this dnleaf.

<source lang='ldif'>dn: uid=4000002,ou=people,dc=stoney-cloud,dc=org objectclass: top objectclass: sstPerson uid: 4000002 sstGender: m sstTitle: CEOgivenName: Name surname: Surname displayName: Name SurnamepreferredLanguage: en-GB userPassword: {SSHA}UgrBHVhKxFQInWWpzf1ddgEVmSg5vKUm mail: name.surname@example.com cn: admin telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstTimeZoneOffset: UTC+01 sstIsActive: TRUE sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstEmployeeOfUID: 4000000 sstEmployeeOfUID: 4000001</source>

The person '''Name Surname''' (with the uid=4000002) belongs to the reseller '''Reseller Ltd.''' (with sstBelongsToResellerUID=4000000) and is an employee of the same company (sstEmployeeOfUID=4000000). The person also belongs the customer '''Customer Ltd.''' (with sstBelongsToCustomerUID=4000001) and is an employee of the same company (sstEmployeeOfUID=4000001).

The following table describes the different attributes:

{| border="1" style="border-~~spacing~~collapse:0collapse;font-size:80%;" width="100%" class="wikitable sortable"

| style="width:200px; border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| '''AttributeType'''

~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Existence'''</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Mandatory'''</center>| ~~style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~'''Interface Equivalent'''| <center>'''User alterable'''</center>

| style="width:600px; border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| uid~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~UID| <center></center>| ~~style="border-top:none;border-bottom:0~~Unique Identifier.~~002cm solid #000000;border-left~~For example:~~0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Unique Identifier~~'''4000002'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstGender~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Gender| <center></center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Either 'm' for male or 'f' for female. For example: '''m'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| surname~~sstTitle~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Title| <center>(x)</center>| ~~style="border-top~~The title of a person as a [http:~~none;border-bottom:0~~//en.~~002cm solid #000000;border-left:0~~wikipedia.~~002cm solid #000000;border~~org/wiki/UTF-~~right:0~~8 UTF-8]] formatted string.~~002cm solid #000000;padding~~For example:0'''CEO''' or '''Technician'''.~~097cm;"| Surname, example: Meier~~

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| givenName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Name| <center>(x)</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Givenname~~Name, for example: '''Hans'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| preferredLanguage~~surname~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Surname| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Display language of the user according to RFC 1766~~Surname, for example: ~~de-CH~~ '''Muster'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| userPassword~~displayName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Display name| <center>x</center>| ~~style="border-top~~Display name, for example:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| SSHA user password. {SSHA} is a RFC 2307 password scheme which uses the SHA1 secure hash algorithm. The {SSHA} is the seeded varient. {SSHA} is recommended over other RFC 2307 schemes''' Hans Muster'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| mail~~preferredLanguage~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Language| <center>x</center>| ~~style="border-top~~Display language of the user according to RFC 1766:~~none;border-bottom~~<nowiki>[</nowiki>[http:0//www.~~002cm solid #000000;border~~loc.gov/standards/iso639-~~left:0~~2/php/code_list.~~002cm solid #000000;border~~php ISO 639-~~right~~1 Code]<nowiki>]</nowiki>-<nowiki>[</nowiki>[http:0//www.~~002cm solid #000000;padding:0~~iso.~~097cm;"| E~~org/iso/english_country_names_and_code_elements ISO 3166-~~mail address of the user,~~ 1-alpha-2 code]<nowiki>]</nowiki> . For example: ~~hans@example.com~~<code>de-CH</code>

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| cn~~userPassword~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MAY~~MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Password| <center>x</center>| ~~style="border-top:none;border-bottom:0~~SSHA user password.~~002cm solid #000000;border-left~~{SSHA} is a [http:0//www.~~002cm solid #000000;border-right:0~~ietf.~~002cm solid #000000;padding:0~~org/rfc/rfc2307.~~097cm;"| Common name of~~ txt RFC 2307] password scheme which uses the ~~user, for instance admin or user1~~SHA1 secure hash algorithm. For example: '''{SSHA}h+qbh3pFWrZxmz02H5tXhOr+0/wrmHFF'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| telephoneNumber~~mail~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MAY~~MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Mail Address| <center>x1x</center>| ~~style="border-top~~The users mail address, for example:~~none;border-bottom:0~~'''hans.~~002cm solid #000000;border-left:0~~muster@example.~~002cm solid #000000;border-right:0~~com'''.~~002cm solid #000000;padding:0.097cm;"| Fixnet phone number, example: +41 31 222 33 44~~

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| mobileTelephoneNumber~~cn~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| ~~<center>x1</center>~~| ~~style="border-top~~Common name of the user, for example:~~none;border~~'''sst-~~bottom:0~~mei'''.~~002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Mobile phone number, example: +41 76 222 33 44~~

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstTimeZoneOffset~~telephoneNumber~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Telephone| <center>x1</center>| ~~style="border-top~~Telephone number of the user according to [http:~~none;border-bottom:0~~//en.~~002cm solid #000000;border-left:0~~wikipedia.~~002cm solid #000000;border-right:0~~org/wiki/E.~~002cm solid #000000;padding:0~~164 E.~~097cm;"| Time zone as an offset from UTC~~164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: ~~UTC~~'''+0141 31 222 33 44'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsUID~~mobileTelephoneNumber~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~Mobile| <center>x1</center>| ~~style="border-top~~Mobile phone number of the user according to [http:~~none;border-bottom:0~~//en.~~002cm solid #000000;border-left:0~~wikipedia.~~002cm solid #000000;border-right:0~~org/wiki/E.~~002cm solid #000000;padding:0~~164 E.~~097cm;"| Wenn dieser Wert vorhanden ist und der Wert "1" aufweist~~164] (international dialling code, ~~ist diese Person Superuser und hat Zugriff über das gesamte System. In der Regel wird der Superuser nur benötigt~~<s>trunk code</s>, ~~um neue Wiederverkäufer (Reseller~~area code, subscriber line) ~~aufzuschalten~~. For example: '''+41 76 222 33 44'''.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToResellerUID~~sstTimeZoneOffset~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MAY~~MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| ~~<center></center>~~| ~~style="border-top:none;border-bottom:0~~Time zone as an offset from UTC.~~002cm solid #000000;border-left~~For example:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Die UID des Wiederverkäufers (Reseller) zu der die Person gehört. Das heisst, die Person ist Mitarbeiter des Wiederverkäufers.'''UTC+01'''

| ~~style="border-top:none;border-bottom:0~~sstIsActive| <center>MAY</center>| <center>x</center>| | | Is the entry active? Either '''true''' (yes) or '''false''' (no).~~002cm solid #000000;border~~ |-~~left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| ~~sstBelongsToCustomerUID~~sstBelongsToUID| ~~style="border-top:none;border-bottom:0~~<center>MAY</center>| <center></center>| | <center></center>| If this value is set to '''1''', the user is the super user of the whole stoney cloud installation.~~002cm solid #000000;border-left:0~~Therefore this user can add and remove resellers.~~002cm solid #000000;border-right:none;padding:0~~Use with caution.~~097cm;"~~ |-| sstBelongsToResellerUID| <center>~~MUST~~MAY</center>| ~~style="border-top:none;border-bottom:0~~<center>x</center>| | <center></center>| Stores the reseller UID the person belongs to.~~002cm solid #000000;border-left:0~~A unique value with 7 digits or more.~~002cm solid #000000;border-right~~For example:~~none;padding:0~~'''4000000'''.~~097cm;"~~ |-| sstBelongsToCustomerUID| <center>MUST</center>| <center>x</center>| ~~style="border-top:none;border-bottom:0~~| <center></center>| Stores the customer UID the person belongs to.~~002cm solid #000000;border-left:0~~A unique value with 7 digits or more.~~002cm solid #000000;border-right~~For example:~~none;padding:0~~'''4000001'''.~~097cm;"~~ |-| sstEmployeeOfUID| <center>MAY</center>| ~~style="border-top:none;border-bottom:0~~<center></center>| Employee of| <center></center>| Stores the UID(s) the person is an employee of.~~002cm solid #000000;border-left:0~~The UID(s) can belong to one or more resellers or also to one or more customers.~~002cm solid #000000;border-right:0~~A unique value with 7 digits or more.~~002cm solid #000000;padding~~For example:0'''4000001'''.~~097cm;"~~ | ~~Die UID des Kunden~~ -| sstExternalID| <center>MAY</center>| <center></center>| External ID| <center></center>| The ID (~~Customer~~or number) ~~zu der die Person gehört. Das heisst~~of a customer, ~~die Person ist Mitarbeiter des Kunden~~person or product in an external database. For example: '''234567'''.

~~Legende zur Mandatory Spalte~~Legend:* x1'''x1''': ~~Entweder~~ Either telephoneNumber ~~oder~~ or mobileTelephoneNumber ~~müssen ausgefüllt sein~~need to be present. Both attributes can exist together.* ('''x)2''': ~~Noch nicht definiert~~Mandatory, ~~ob der Benutzer (User) diese Werte ändern darf~~if the person belongs to customer that has subscribed a [https://wwww.stoney-storage.com/ stoney storage] service.

==== People ~~Roles~~ - Person - Session tokens ====~~This~~ Using session tokens, when the user logs out, the client sends a logout request to the server. The session token is then removed from LDAP by the server and the client discards the session token. Special cases:* If the user's password is changed, all session tokens must be ~~documented~~removed from LDAP in order to force the user to re-login. ~~TBD~~* If any attributes are changed which control the user's affiliation (reseller, company, etc), all session tokens must be removed from LDAP in order to force the user to re-login. Specific attributes:** sstBelongsToResellerUID** sstBelongsToCustomerUID** sstEmployeeOfUID** sstEmployeeOfUID In our case, we store the session tokens in a leaf beneath the person (as these tokens are personal). ===== People - Person - Session tokens example =====Below each person entry, we have a tokens sub tree, which stores the session tokens:<source lang='ldif'> dn: ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitou: tokensdescription: The sub tree for the session tokens of the person with the uid '4000002'.</source> The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| '''Objectclass'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description''' |-| ou| organizationalUnit| <center>MUST</center>| <center>x</center>| The sub tree containing all the session tokens. For example: <code>ou: tokens</code>. |-| description| organizationalUnit| <center>MAY</center>| <center></center>| The description of the leaf. As this sub tree is created by the stoney API, we don't really need a human readable description. For example: <code>description: The sub tree for the session tokens of the person with the uid '4000002'.</code> |} Legend:* '''x''': Mandatory in all cases. Each session token receives its own child-entry to store additional meta data, such as the token's create date, last utilisation date, ... In the example below, the session token <code>sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4</code> was created on the 13th of April 2021 at 08:10:27 UTC (<code>sstCreationDate: 20210413T081027Z</code>) and two clients have used this token (the first with an IPv4 address, the second with an IPv6 address):<source lang='ldif'>dn: sstToken=2e211493-41e6-4c74-9431-b5d990b177a4,ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstTokenObjectClasssstToken: 2e211493-41e6-4c74-9431-b5d990b177a4description: The sub tree for the JSON Web Token with the id '2e211493-41e6-4c74-9431-b5d990b177a4'.sstCreationDate: 20210413T081027ZsstClient: 20210413T081027Z: 194.176.109.13 Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0sstClient: 20210413T132805Z: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4456.0 Safari/537.36 Edg/91.0.845.2</source> The API will make sure, that the amount of registered remote IP addresses and requesting User-Agents doesn't exceed a certain configurable limit (for example: 2). If the limit is exceeded, the session will be invalidated. The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| '''Objectclass'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description''' |-| sstToken| sstTokenObjectClass| <center>MUST</center>| <center>x</center>| The sub tree containing all the information of a session (creation date, access date, IPv4 or IPv6 address and the clients user agent). The session token has the form of a UUID (Universally Unique Identifier).. For example: <code>sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4</code>. |-| description| sstTokenObjectClass| <center>MAY</center>| <center></center>| The description of the leaf. As this sub tree is created by the stoney API, we don't really need a human readable description. For example: <code>description: The sub tree for the JSON Web Token with the id '2e211493-41e6-4c74-9431-b5d990b177a4'.</code> |-| sstCreationDate| sstTokenObjectClass| <center>MUST</center>| <center>x</center>| The session token creation time (UTC) in the form of <code>[YYYY][MM][DD]T[hh][mm][ss]Z</code> according to the [http://en.wikipedia.org/wiki/ISO_8601 ISO 8601] definition. For example: <code>sstCreationDate: 20210413T081027Z</code>. |-| sstClient| sstTokenObjectClass| <center>MUST</center>| <center>x</center>| The multi-valued attribute containing client information. This attribute contains the following information:* The access time (UTC) in the form of <code>[YYYY][MM][DD]T[hh][mm][ss]Z</code> according to the [http://en.wikipedia.org/wiki/ISO_8601 ISO 8601] definition.* The IPv4 or IPv6 address, from which the client has accessed the stoney API.* The user agent of the client. This information is separated by spaces: <code>sstClient: [YYYY][MM][DD]T[hh][mm][ss]Z" "IPv4 or IPv6" "User-Agent"</code>. For example: <code>sstClient: 20210413T081027Z 194.176.109.13 Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0</code>. Please be aware, that the maximal length of a sstClient string is restricted to 256 characters. |} Legend:* '''x''': Mandatory in all cases. ==== People - Person - Roles (LEGACY) ====<source lang='ldif'>dn: sstRole=Monitoring Administrator,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstRolessstProduct: 0sstRole: Monitoring Administrator</source> <source lang='ldif'>dn: sstRole=User,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstRolessstProduct: 0sstRole: User</source> <source lang='ldif'>dn: sstRole=Virtualization Administrator,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstRolessstProduct: 0sstRole: Virtualization Administrator</source>

== Reseller ==

The sub tree '''ou=reseller,dc=stoney-cloud,dc=org''' contains all the resellers. Each reseller has a unique uid, which is used for later reference.

=== Reseller ~~uid (per~~ - Reseller) ===The following LDIF shows ~~you the default~~ a typical reseller entry ~~after a fresh stoney cloud installation~~. All relevant data belonging to this reseller is stored below this dnleaf. <source lang='ldif'>dn: uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: sstReseller uid: 4000000 organizationName: Reseller Ltd. ~~sstBelongsToResellerUID~~sstIsCompany: ~~4000000~~TRUE sstIsActive: TRUEsstBelongsToResellerUID: 4000000</source>

The following table describes the different attributes:

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| organizationName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| The organisation name of the reseller. For example: '''Reseller Ltd.'''. A reseller must be a company (<code>sstIsCompany: TRUE</code>).

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToResellerUID~~description~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Stores the reseller UID~~ The description of the leaf ~~belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000000~~.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~sstIsCompany| ~~sstIsActive~~<center>MUST</center>| ~~style="border-top:none;border-bottom:0~~<center>x</center>| Is the entry a company? Either true (yes) or false (no).~~002cm solid #000000;border~~ |-~~left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstIsActive| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| Is the entry active? Either ~~yes~~ true (~~TRUE~~yes) or false (no ). |-| sstExternalID| <center>MAY</center>| <center></center>| The ID (~~FALSE~~or number)of a customer, person or product in an external database (for example: 234567). |-| sstBelongsToResellerUID| <center>MUST</center>| <center>x</center>| Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000.

* '''x''': Mandatory in all cases.

==== Reseller - Reseller - Billing ~~Address~~ address ====

The sub tree '''ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the billing address:

<source lang='ldif'>dn: ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: ~~sstAddressCompany~~sstAddress ou: address organizationName: Reseller Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: Name Surname <name.surname@example.com>sstMailCc: Info Reseller Ltd. <info@example.com>sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org> telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/</source>

The following table describes the different attributes:

{| ~~style~~border="~~border-spacing:0;~~1"| style="border-~~top~~collapse:~~0.002cm solid #000000~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''AttributeName'''~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Existence'''</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Mandatory'''</center>| ~~style="border:0.002cm solid #000000;padding:0.097cm;"~~'''Interface Equivalent'''| '''Description'''

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| organizationName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Reseller Name| ~~Company~~ Reseller name, for example: '''stepping stone GmbH'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstGender~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Gender| Either 'm' for male or 'f' for female. For example: '''m'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| givenName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Name| ~~Givenname~~Name, for example: '''Hans'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| surname~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Surname| Surname, for example: '''Muster'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postalAddress~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2x3</center>| ~~style="border~~Address| Multi-~~top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Street Number~~lined address, for example: '''Neufeldstrasse 9~~. Multi-lined field~~'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postOfficeBox~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2x3</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Post Office Box| ~~Postbox~~Post Office Box, for example: 3456.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| stateOrProvinceName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x3x4</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~State or Province Name| This ~~pulldown~~ pull down menu is only active (appears to the user), if the country is set to Canada or the USA.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| countryName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Country| Country code according to [http://www.iso.org/iso/home/standards/country_codes.htm ISO 3166-1 ]. The English short name (upper/lower case) is used for the ~~web~~ interface) and the corresponding ISO 3166-1-alpha-2 code (a two-letter code that represents a country name, recommended as the general purpose code) is used for the LDAP entry). ~~Example:~~ For example: '''Switzerland ''' in the ~~value is~~ interface and '''CH''' in the LDAP directory.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postalCode~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Postal Code| ~~Zipcode~~Postal Code without the country code, for example: '''3012'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| localityName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Location| ~~City~~Location, for example: ~~Bern~~'''Berne'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| preferredLanguage~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Language| Display language of the user according to [http://www.ietf.org/rfc/rfc1766.txt RFC 1766, ]. For example: '''de-CH'''. ~~Currently~~ The following languages are currently supported:

* de-CH

* de-DE

* en-GB

* en-US

* fr-CH

* fr-FR

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| mail~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style=~~Mail Address| The resellers "~~border-top~~To:~~none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;~~"~~| E-~~billing mail address ~~of the user~~, for example: '''Hans Muster <hans.muster@example.com>'''. This is a multi-valued attribute and it MUST contain at least one "To:" billing mail address.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| telephoneNumber~~sstMailCc~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style=~~Mail Address| The resellers "~~border-top~~CC:~~none;border-bottom~~" billing mail address, for example:0'''Info Reseller Ltd.~~002cm solid #000000;border-left:0~~<info@example.com>'''.~~002cm solid #000000;border~~This is a multi-~~right~~valued attribute and can contain zero or more "CC:~~0.002cm solid #000000;padding:0.097cm;~~"~~| Fixnet phone number, example: +41 31 222 33 44~~billing mail addresses.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| mobileTelephoneNumber~~sstMailBcc~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style=~~Mail Address| The customers "~~border-top~~BCC:~~none;border-bottom~~" billing mail address, for example:0'''Accounting Service Provider Ltd.~~002cm solid #000000;border-left:0~~<accounting@example.org>'''.~~002cm solid #000000;border~~This is a multi-~~right~~valued attribute and can contain zero or more "BCC:0" billing mail addresses.~~002cm solid #000000;padding:0.097cm;"| Mobile phone number, example: +41 76 222 33 44~~Here we'd expect the Accounting mail address of the service provider (for accountability reasons).

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~telephoneNumber| ~~sstWebsiteURL~~<center>MAY</center>| ~~style="border-top~~<center>x2</center>| Telephone| Telephone number of the user according to [http:~~none;border-bottom:0~~//en.~~002cm solid #000000;border-left:0~~wikipedia.~~002cm solid #000000;border-right~~org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example:~~none;padding:0~~'''+41 31 222 33 44'''.~~097cm;"~~ |-| mobileTelephoneNumber| <center>MAY</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~<center>x2</center>| Mobile| ~~style="border-top~~Mobile phone number of the user according to [http:~~none;border-bottom:0~~//en.~~002cm solid #000000;border-left:0~~wikipedia.~~002cm solid #000000;border-right:0~~org/wiki/E.~~002cm solid #000000;padding~~164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example:0'''+41 76 222 33 44'''.~~097cm;"~~ | ~~URL gemäss RFC~~-~~3986~~ | sstWebsiteURL| <center>MAY</center>| | Website| Website URL according to [http://tools.ietf.org/html/rfc3986RFC-3986]. For example : '''http://www.stepping-stone.ch'''/.

Legend:

* '''x1x1''': If the attribute <code>sstIsCompany</code> of the parent entry is set to <code>TRUE</code>, the <code>organizationName</code> must be set.* '''x2''': Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.* '''x2x3''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.* '''x3x4''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

==== Reseller - Reseller - Shipping ~~Address~~ address (optional) ====

The sub tree '''ou=shipping,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the shipping address and is optional (it is only needed, if the shipping address differs from the billing Address).

<source lang='ldif'>dn: ou=shipping,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: ~~sstAddressCompany~~sstAddress ou: shipping organizationName: Reseller Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/</source>

==== Reseller - Reseller - Billing ====The sub tree '''ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains billing relevant data:. The following example shows a reseller, receiving a monthly bill.<source lang='ldif'> dn: ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstBillingReseller ou: billing sstResellerBill: ~~FALSE~~TRUEsstBillable: TRUEsstBillingCycle: 1sstCurrency: CHFsstPaymentMethod: invoicesstDeliveryMethod: postsstDiscount: 32sstCancellationDate: 20181231sstMailToUID: 4000002sstMailCcUID: 4000064sstMailBccUID: 4000066sstMailBccUID: 4000069</source>

~~This entry need to be described in detail. TBD.~~The following example shows a reseller, where their customers receive a bill directly:<source lang='ldif'>dn: ou=billing,uid=4000000,ou=reseller,o=stepping-stone,c=chobjectclass: topobjectclass: organizationalUnitobjectclass: sstBillingResellerou: billingsstResellerBill: FALSE sstBillable: TRUE</source>

The following table describes the different attributes:

| ~~style="border~~sstResellerBill| <center>MUST</center>| <center>x</center>| Should the the reseller receive a consolidated invoice for all their customers? This can be either <code>TRUE</code> or <code>FALSE</code>. The default value is <code>TRUE</code>, meaning that the resellers receives a consolidated invoice for all their customers. |-~~top~~| sstBillable| <center>MAY</center>| <center>x2</center>| All hierarchical levels must have <code>sstBillable:~~none;border-bottom~~TRUE</code> to actually have an invoice generated and sent. If the attribute <code>sstBillable</code> doesn't exist, the default is <code>TRUE</code>. This way, we are forced to set a reseller, customer or product manually to <code>sstBillable:0FALSE</code> if we want to avoid sending them an invoice.~~002cm solid #000000;border~~ |-~~left~~| sstBillingCycle| <center>MAY</center>| <center></center>| Billing cycle in months. This attribute <code>sstBillingCycle</code> is only checked (evaluated), if the reseller has <code>sstResellerBill</code> set to <code>TRUE</code> (as is the case for the resellers except for stepping stone GmbH). Possible values:0* 1: Monthly invoice (this is the default billing period if no <code>sstBillingCycle</code> is set).~~002cm solid #000000;border-right~~* 3:~~none;padding~~Quarterly invoice.* 6:0Semi-annually invoice.~~097cm;"~~* 12: Yearly invoice. | ~~attribure~~-| ~~style="border~~sstCurrency| <center>MAY</center>| <center></center>| Three-~~top~~letter currency code according to [https:~~none;border-bottom~~//en.wikipedia.org/wiki/ISO_4217 ISO 4217]. Possible values are:0* '''CHF''': Swiss franc (this is the default currency if no <code>sstCurrency</code> is set).~~002cm solid #000000;border~~* EUR: Euro* GBP: Pound sterling* USD: United States dollar |-~~left~~| sstPaymentMethod| <center>MAY</center>| <center></center>| Payment method of the invoice. Possible values are:0* '''invoice''': Classic invoice, sent according to the delivery method defined in <code>sstDeliveryMethod</code> (this is the default payment method if no <code>sstPaymentMethod</code> is set).~~002cm solid #000000;border-right~~* postcard:~~none;padding~~Electronic invoice via PostFinance.* creditcard:0Credit card payment.~~097cm;"~~ |-| sstDeliveryMethod| <center>~~MUST~~MAY</center>| ~~style="border-top~~<center></center>| Delivery method of invoices or access data. Possible values are:~~none;border-bottom~~* email:0The invoice or access data is sent via email to the recipient.~~002cm solid #000000;border-left~~* '''post''':The invoice or access data is sent via snail mail to the recipient (this is the default delivery method if no <code>sstDeliveryMethod</code> is set). |-| sstDiscount| <center>MAY</center>| <center></center>| An optional customer discount (an integer value between 0and 100).~~002cm solid #000000;border~~Default is '''0'''. |-~~right:none;padding~~| sstCancellationDate| <center>MAY</center>| <center></center>| The cancellation date of a reseller, customer or service in the form of [YYYY][MM][DD] (ISO 8601). For example:0'''20181231'''.~~097cm;"~~The attribute <code>sstCancellationDate</code> is used in a logical AND combination with <code>sstIsActive</code>. |-| sstMailToUID| <center>MAY</center>| <center>x1</center>| ~~style~~This attribute <code>sstMailToUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Even though this attribute is multi-valued, we expect on recipient only. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via To. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=~~"border~~stoney-~~top~~cloud,dc=org. For example:~~none;border~~'''4000002'''. |-~~bottom:0~~| sstMailCcUID| <center>MAY</center>| <center></center>| This attribute <code>sstMailCcUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>.~~002cm solid #000000;border~~Please be aware, that this attribure ist multi-~~left:0~~valued and multiple recipients are to be expected.~~002cm solid #000000;border~~Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via CC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-~~right:0~~cloud,dc=org.~~002cm solid #000000;padding~~For example:0'''4000064'''.~~097cm;"~~ | ~~TBD~~-| sstMailBccUID| <center>MAY</center>| <center></center>| This attribute <code>sstMailBccUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>.Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via BCC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000066''' or '''4000069'''.

Legend:

* '''x''': Mandatory in all cases.

* '''x1''': The attribute <code>sstMailToUID</code> is mandatory, if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>.

==== Reseller - Reseller - Customers ====

The sub tree '''ou=customers,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the customers belonging to the reseller '''Reseller Ltd.''' (all the customers with the the attribute sstBelongsToResellerUID=4000000). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of customers belonging to this reseller.

<source lang='ldif'> dn: ou=customers,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: customers labeledURI: ldap:///ou=customers,dc=stoney-cloud,dc=org??one?(sstBelongsToResellerUID=4000000) member: uid=4000001,ou=customers,dc=stoney-cloud,dc=org</source>

In this example, the reseller '''Reseller Ltd.''' has one customer (with the uid=4000001).

The following table describes the different attributes:

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| attribure~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| TBD.

* '''x''': Mandatory in all cases.

==== Reseller - Reseller - Employees ====

The sub tree '''ou=employees,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the employees belonging to the reseller '''Reseller Ltd.''' (all the employees with the the attribute sstBelongsToEmployeeUID=4000000). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this reseller. The number of employees is always the same or smaller than the number of people belonging to a reseller (they are a subset).

<source lang='ldif'> dn: ou=employees,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: employees labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000000) member: uid=4000002,ou=people,dc=stoney-cloud,dc=org</source>

In this example, the reseller '''Reseller Ltd.''' has one employee (with the uid=4000002).

The following table describes the different attributes:

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

* '''x''': Mandatory in all cases.

==== Reseller - Reseller - People ====

The sub tree '''ou=people,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the all the people belonging to the reseller '''Reseller Ltd.''' (all the people, including the employees, with the the attribute sstBelongsToResellerUID=4000000). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a reseller.

<source lang='ldif'>dn: ou=people,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: employees labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToResellerUID=4000000) member: uid=4000002,ou=people,dc=stoney-cloud,dc=org member: uid=4000064,ou=people,dc=stoney-cloud,dc=org member: uid=4000066,ou=people,dc=stoney-cloud,dc=org member: uid=4000069,ou=people,dc=stoney-cloud,dc=org</source>

In this example, four people the reseller '''Reseller Ltd.''' (including the employee with the uid=4000002).

The following table describes the different attributes:

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

* '''x''': Mandatory in all cases.

== ~~Services~~ =Reseller - Reseller (LEGACY) =~~The sub tree '''ou~~=~~services,dc~~=The following LDIF shows you the default reseller entry after a fresh stoney-cloud~~,dc~~installation. All relevant data belonging to this reseller is stored below this leaf.<source lang=~~org~~'ldif'~~' contains all the stoney cloud services like backup or mail.~~> dn: uid=4000000,ou=~~services~~reseller,dc=~~stone~~stoney-cloud,dc=org objectclass: ~~organizationalUnit~~top objectclass: ~~top~~sstReseller ouuid: ~~services~~4000000organizationName: Reseller Ltd.sstBelongsToResellerUID: 4000000sstIsActive: TRUE</source>

The ~~actual services are described in the~~ following ~~chapters~~table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

~~=== Backup ===~~|-~~The (Online) Backup service consists of two areas:~~| uid* '''Server''': The actual backup space | <center>MUST</center>| <center>x</center>| A unique integer value with ~~some extra functionality like informing the user when the backup space runs full~~ 7 digits or ~~if a back was not executed at the planned time~~more.* '''Client''': The backup client (for For example ~~[http~~:~~//www.sepiola.org/en/ Sepiola]), which is responsible to regularly copy the local data to the backup server~~4000000.

~~On the back server the data copied to the backup space ist compared each day to the previous day's backup. If there are any changes found, a copy~~ |-| organizationName| <center>MUST</center>| <center>x</center>| The organisation name of the ~~data will be made (a snapshot taken)~~reseller. ~~Thus the user has access to 7 daily, 4 weekly and 3 monthly backups~~For example: Reseller Ltd. ~~During each snapshot, only the modified data is copied - thereby making optimal use of the available disk space~~.

~~This OpenLDAP related section~~ |-| sstBelongsToResellerUID| <center>MAY</center>| <center>x</center>| Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000000. |-| sstExternalID| <center>MAY</center>| <center></center>| The ID (or number) of a customer, person or product in an external database (for example: 234567). |-| sstIsActive| <center>MAY</center>| <center>x</center>| Is the ~~Backup service~~ entry active? Either true (yes) or false (no). |} Legend:* '''x''': Mandatory in all cases. ==== Reseller - Reseller - Billing address (LEGACY) ====The sub tree '''ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the billing address:<source lang='ldif'>dn: ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstAddressCompanyou: addressorganizationName: Reseller Ltd.sstGender: mgivenName: Namesurname: SurnamepostalAddress: Street NumbercountryName: CHpostalCode: Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: name.surname@example.comtelephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source> The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description''' |-| organizationName| <center>MUST</center>| <center>x</center>| Company name, example: stepping stone GmbH |-| sstGender| <center>MUST</center>| <center>x</center>| Either 'm' for male or 'f' for female. |-| givenName| <center>MUST</center>| <center>x</center>| Givenname, example: Hans. |-| surname| <center>MUST</center>| <center>x</center>| Surname, example: Muster. |-| postalAddress| <center>MAY</center>| <center>x2</center>| Street Number, example: Neufeldstrasse 9. Multi-lined field. |-| postOfficeBox| <center>MAY</center>| <center>x2</center>| Postbox, example: 3456. |-| stateOrProvinceName| <center>MAY</center>| <center>x3</center>| This pulldown menu is ~~described on~~ only active (appears to the ~~[[Backup~~ user), if the country is set to Canada or the USA. |-| countryName| <center>MUST</center>| <center>x</center>| Country code according to ISO 3166-1 (~~OpenLDAP~~for the web interface)~~]] page~~and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH. |-| postalCode| <center>MUST</center>| <center>x</center>| Zipcode, example: 3012 |-| localityName| <center>MUST</center>| <center>x</center>| City, example: Bern. |-| preferredLanguage| <center>MUST</center>| <center>x</center>| Display language of the user according to RFC 1766, example: de-CH. Currently supported:* de-CH* en-GB |-| mail| <center>MUST</center>| <center>x</center>| E-mail address of the user, example: hans.muster@example.com. |-| telephoneNumber| <center>MAY</center>| <center>x1</center>| Fixnet phone number, example: +41 31 222 33 44. |-| mobileTelephoneNumber| <center>MAY</center>| <center>x1</center>| Mobile phone number, example: +41 76 222 33 44. |-| sstWebsiteURL| <center>MAY</center>| | URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/. |}Legend: * '''x1''': Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.* '''x2''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.* '''x3''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

[[Category:stoney core]][[Category:OpenLDAP directory]]

Administrator

Bureaucrat, administrator

edits