Changes - stoney cloud

stoney core: OpenLDAP directory data organisation

76,168 bytes added, 2 February

/* Services */

= Abstract =

This document describes ~~the OpenLDAP directory data organisation for~~ the [[~~Main_Page~~ :Category:stoney core| stoney ~~cloud~~core]]~~. This~~ relevant OpenLDAP directory ~~is the only database for all the services, which are manageable through the web interface of the stoney cloud~~data organisation.

~~Some titles have numbers in brackets. These numbers reflect~~ = Data Organisation =The following chapters explain the data organisation of the stoney cloud ~~version, in which these entries have been added or modified~~OpenLDAP directory. This document describes the [[:Category:stoney core|stoney core]] relevant OpenLDAP directory data organisation.

= ~~Introduction~~ = Administration ==~~All Service-~~The subtree '''ou=administration, ~~User~~dc=stoney- ~~and Billing-Data ist stored in the [http://www.openldap.~~cloud,dc=org~~/ OpenLDAP] directory. The directory runs in Multi-Master Mirror-Mode for high availability~~''' contains all the administrative data.

= ~~Data Organisation~~ == nextfreeuid ===The ~~following chapters explain the data organisation of the~~ entry <code>cn=nextfreeuid,ou=administration,dc=stoney -cloud ~~OpenLDAP~~ ,dc=org</code> stores the next free UID (Unique Identifier). The <code><uid></code> is unique over the whole directoryand is enforced through the directory and is incremented by one.<source lang='ldif'>dn: cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=orgobjectclass: sstNextFreeUIDcn: nextfreeuiduid: 3724591uidNumber: 3724591</source>

The following table describes the different attributes:{| border="1" style= ~~root~~ "border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"! style="text-align:left; width: 180px" | Attribute! style="text-align:left; width: 220px" | Objectclass! style="width: 80px" | Existance! style="width: 80px" | Mandatory! style="text-align:left;" | Description |-| cn| ...| <center>MUST</center>| <center>x</center>| The name of the leaf. For the next free uid, this is: <code>nextfreeuid</code>. |-| uid| ...| <center>...</center>| <center>x</center>| ... |} Legend:* '''x''': Mandatory in all cases. Before using this attribute <code>uidNumber</code>, you need to be sure, that your directory server actually supports atomic increments (LDAP Modify-Increment). See [https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml Lightweight Directory Access Protocol (LDAP) Parameters] and [https://tools.ietf.org/html/rfc4525 Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension (RFC4525)]. The following search should tell you, if you LDAP server supports the LDAP Modify-Increment Object Identifier Descriptor (OID 1.3.6.1.1.14):<source lang='bash'>ldapsearch -H ldaps://ldapm.stepping-stone.ch -b "" -s base -D "cn=Manager,dc=stoney-cloud,dc=org" -W \* + | grep 1.3.6.1.1.14</source> The result should look as follows:<source lang='text'>supportedFeatures: 1.3.6.1.1.14</source> Options:<source lang='text'>-H ldapuri-b searchbase-D binddn-W Prompt for simple authentication.\* All user attributes are returned. + All operational attributes are returned.</source> === Billing ===The sub tree <code>ou=billing,ou=administration,dc=stoney-cloud,dc=org</code> stores all the billing relevant data. Each billable item (bundle, service or service item) is stored in this sub tree.<source lang='ldif'>dn: ou=billing,ou=administration,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitou: billing</source> The following LDIF extract shows the billing schema for the product "Mail Account".<source lang='ldif'>dn: uid=100001,ou=billing,ou=administration,dc=stoney-cloud,dc=orgdescription: Default pricing schema for the product Mail Account.objectclass: topobjectclass: sstBillingPriceSchemasstbaseprice: 0sstbelongstouid: 1sstbillingunit: Gigabytesstfreeunit: 0sstpriceformula: sstPricePerUnit * sstQuotasstpriceperunit: 4.00sstproductname: Mail Accountuid: 100001sstBelongsToUID: 1</source> The finale price is calculated with the help of the stored formula (sstPriceFormula). The customer price for a "Mail Account" with a 2 Gigabyte large mailbox (quota) is calculated as follows:'~~root~~''Price' ~~entry of~~ '' = sstPricePerUnit * sstQuota = 4.00 CHF/(Gigabyte * Month) * 2 Gigabyte = '''8 CHF/Month''' All prices are stored in Swiss Francs (because the company stepping stone GmbH resides in Switzerland). You can decide about the default currency yourself. Once a month a billing run is executed, which scans the whole ~~OpenLDAP~~ directory ~~tree~~ . The billing run is a currently "work in progress". For more information, please contact our [mailto:accounting@stepping-stone.ch Accounting] departement. === Group Mapping ===Used for the group mapping from the given readable format to the local group UID format.<source lang='ldif'>dn: ou=group mapping,ou=administration,dc=stoney -cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: labeledURIObjectobjectclass: sstLDAPSearchObjectClassou: group mappingdescription: This entry describes, how to map a given group name to an UID in the local LDAP directory.sstDisplayName: Group MappingsstLDAPBaseDn: ou=groups,dc=stoney-cloud,dc=orgsstLDAPFilter: (&(objectClass=sstGroupObjectClass)(sstGroupName=%s)(sstBelongsToResellerUID=%sstBelongsToResellerUID)(sstBelongsToCustomerUID=%sstBelongsToCustomerUID))sstLDAPStaticAttribute: uid</source> ==== Example Mapping for the Technology Group ====The following search maps the group Technology belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 to the uid 4000014:<source lang='bash'>ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid</source> <source lang='text'># extended LDIF## LDAPv3# base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree# filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))# requesting: uid ## 4000014, groups, stoney-cloud.orgdn: uid=4000014,ou=groups,dc=stoney-cloud,dc=orguid: 4000014 # search resultsearch: 2result: 0 Success # numResponses: 2# numEntries: 1</source> ==== Example Mapping for all Groups ====The following search lists all the existing Groups to belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 with the corresponding uids:<source lang='bash'>ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid</source> <source lang='text'># extended LDIF## LDAPv3# base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree# filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))# requesting: uid # # 4000014, groups, stoney-cloud.orgdn: uid=4000014,ou=groups,dc=stoney-cloud,dc=orguid: 4000014 # 4000015, groups, stoney-cloud.orgdn: uid=4000015,ou=groups,dc=stoney-cloud,dc=orguid: 4000015 # search resultsearch: 2result: 0 Success # numResponses: 3# numEntries: 2</source> === People (Superuser) ===The sub tree <code>ou=people,ou=administration,dc=stoney-cloud,dc=org</code> list all users, which have super user richts (users with the attribute <code>sstBelongsToUID=1</code>). This entry uses the functionality of the the dynlist overlay. The attribut '''labeleduri''' contains a pre-defined search, which leads to a automatically created list.<source lang='ldif'>dn: ou=people,ou=administration,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: labeledURIObjectou: peoplelabeleduri: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToUID=1)member: uid=1000000,ou=people,dc=stoney-cloud,dc=orgmember: uid=1000003,ou=people,dc=stoney-cloud,dc=orgmember: uid=1000004,ou=people,dc=stoney-cloud,dc=org</source> As you can see, the OpenLDAP has three people withe Superuser rights. === Services ===The sub tree '''ou=services,ou=administration,dc=stoney-cloud,dc=org''' contains all the service users. Each service and/or application has its own authentication user. The authentication user is used in the [[HTTP Basic authentication against OpenLDAP directory|OpenLDAP Directory Access Control Lists]] (ACLs) to allow or restrict access to the data. Naming Convention '''Notification user''':* <SERVICE>-notification** backup-notification** cloud-notification** lbaas-notification** mail-notification** storage-notification Naming Convention '''Service user''':* <SERVICE>-<DAEMON>** backup-pam-ldap** cloud-openstack** crm-suitecrm** billing-cyclops** cm-puppetboard ('''c'''onfiguration '''m'''anagement - Puppetboard Service)** dms-alfresco ('''d'''ocument '''m'''anagement '''s'''ystem - Alfresco)** iac-terraform ('''i'''nfrastructure '''a'''s '''c'''ode - Terraform)** <s>lbaas-haproxy</s>** <s>lbaas-pam-ldap</s>** monitoring-zabbix** phabricator** pm-kanboard** qos-rally** storage-nextcloud** storage-pam_ldap** timetracking-kimai** vault-cryptopus (A vault is a place where secrets are stored - in other words a password management system)** vcs-gitlab ('''v'''ersion '''c'''ontrol '''s'''ystem - GitLab Service)** virtualization-sc-brokerd** wiki-int Naming Convention '''API user''':* <SERVICE>-api** lbaas-api Naming Convention '''Provisioning user''':* prov-<SERVICE>-<TYPE>** prov-backup-kvm** prov-backup-zsnapshot** prov-cloud-openstack** prov-configuration-management-puppet** <s>prov-lbaas-haproxy</s>** prov-mail-ox ('''O'''pen-'''X'''change)** prov-monitoring-zabbix** prov-storage-nextcloud ==== backup Service User (stoney backup) ====The following LDIF shows the backup service user entry: dn: cn=backup,ou=services,ou=administration,dc=stoney-cloud,dc=org cn: dhcp

objectclass: top

objectclass: ~~dcObject~~organizationalPerson objectclass: ~~organization~~inetOrgPerson dcsn: ~~stoney-cloud~~backup ouserPassword: ~~stoney-cloud~~{SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

==== dhcp (DHCP) Service User (stoney conductor) ====The following LDIF shows the ~~root of the whole OpenLDAP directory tree for the stoney cloud modified for the company stepping stone GmbH in Switzerland~~dhcp service user entry: dn: ocn=~~stepping~~dhcp,ou=services,ou=administration,dc=stoney-~~stone~~cloud,cdc=chorg cn: dhcp

objectclass: top

objectclass: ~~organization~~organizationalPerson oobjectclass: ~~stepping-stone~~inetOrgPerson sn: dhcp userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

~~The entry '''c~~=~~ch''' stands for the country code of Switzerland while '''o~~=~~stepping-stone''' stands for the the organisation stepping-stone.~~ == libvirtd Service User (stoney conductor) ====The ~~entry stepping-stone is in the process of being reserved at~~ following LDIF shows the ~~[http~~libvirtd service user entry: dn:~~//www.bakom.admin.ch/index.html?lang~~cn=~~en Federal Office of Communications]. With the reservation of the name~~libvirtd, ~~all the directory entries will be unique over the whole world.~~ou=services,ou=administration,dc=stoney-cloud,dc=org cn: libvirtd objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson sn: dhcp userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

==== prov-backup-kvm (Provisioning-Backup-KVM Daemon) Service User (stoney conductor) ====The ~~'''root''' entry can be chosen during~~ following LDIF shows the ~~installation process of the stoney cloud. If you decide to use the default~~ prov-backup-kvm service user entry: dn: cn=prov-backup-kvm,ou=services,ou=administration, ~~you'll end up with '''~~dc=stoney-cloud,dc=org~~'''.~~ objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson cn: prov-backup-kvm sn: prov-backup-kvm userPassword: <STONEY-CLOUD-PROV-BACKUP-KVM-PASSWORD>

== ~~Administration~~ ==slapd-mirrormode Service User (stoney core) ====The following LDIF shows the slapd-mirrormode service user entry: dn: cn=slapd-mirrormode,ou=services,ou=administration,dc=stoney-cloud,dc=org cn: slapd-mirrormode objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson sn: slapd-mirrormode userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ ==== billing-cyclops Service User (stoney core) ====The following LDIF shows the billing service user entry: dn: cn=billing-cyclops,ou=services,ou=administration,dc=stoney-cloud,dc=org cn: slapd-mirrormode objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson sn: billing-cyclops userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

== Configuration ==

=== Configuration management ===

The sub tree '''ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org''' contains the configuration management system relevant entries of the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the configuration management system relevant entries of the whole stoney cloud installation.

dn: ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: organizationalUnit

ou: configuration management

description: This sub tree contains the configuration management system relevant entries of the whole stoney cloud installation.

</source>

== ~~Customers~~ ==Configuration management - Regions ====The sub tree '''ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org''' contains the configuration management system region entries of the whole stoney cloud installation. They can be extended by the administrator.<source lang='ldif'># This sub tree contains the configuration management system region entries of the whole stoney cloud installation.dn: ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitou: regionsdescription: This sub tree contains the configuration management system region entries of the whole stoney cloud installation.</source>

== ~~Groups~~ === Configuration management - Regions - Region example =====The following LDIF example shows a typical region.<source lang='ldif'>dn: cn=duedingen_production,ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalRolecn: duedingen_productiondescription: This region contains the two data centres located in Düdingen and is used for production systems.</source>

The following table describes the different attributes:{| border="1" style= ~~People~~ "border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"! style="text-align:left; width: 180px" | Attribute! style="text-align:left; width: 220px" | Objectclass! style="width: 80px" | Existance! style="width: 80px" | Mandatory! style="text-align:left;" | Description

~~== Reseller ==~~|-| cn| organizationalRole| <center>MUST</center>| <center>x</center>| The ~~sub tree '''ou=reseller,dc=stoney-cloud,dc=org''' contains all the resellers. Each reseller has a unique uid, which is~~ region used ~~for later reference~~by the configuration management system Puppet via enc.

For example: <code>cn: duedingen_production</code>. |-| description| organizationalRole| <center>MAY</center>| <center>x</center>| The human readable description of region. For example: <code>description: This region contains the two data centres located in Düdingen and is used for production systems.</code>. |} Legend:* '''x''': Mandatory in all cases. === ~~Reseller uid (per Reseller)~~ = Configuration management - Roles ====The sub tree '''ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org''' contains the configuration management system role entries of the whole stoney cloud installation. They can be extended by the administrator.<source lang='ldif'># This sub tree contains the configuration management system role entries of the whole stoney cloud installation.dn: ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitou: rolesdescription: This sub tree contains the configuration management system role entries of the whole stoney cloud installation.</source> ===== Configuration management - Roles - Roles example =====The following LDIF example shows ~~you~~ a typical role.<source lang='ldif'>dn: cn=base,ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstConfigurationManagementRolecn: basedisplayName: BasesstProfiles: - basedescription: This is the ~~default reseller entry after~~ base role used by all new servers managed by Puppet, but without a ~~fresh~~ final role decided.</source> The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"! style="text-align:left; width: 180px" | Attribute! style="text-align:left; width: 220px" | Objectclass! style="width: 80px" | Existance! style="width: 80px" | Mandatory! style="text-align:left;" | Description |-| cn| sstConfigurationManagementRole| <center>MUST</center>| <center>x</center>| The role name used by the configuration management system Puppet via enc. For example: <code>cn: base</code>. |-| displayName| sstConfigurationManagementRole| <center>MUST</center>| <center>x</center>| The role display name (human readable). For example: <code>displayName: Base</code>. |-| sstProfiles| sstConfigurationManagementRole| <center>MUST</center>| <center>x</center>| The role definition (profile list) used by the configuration management system Puppet via enc. The profiles are listed, one per line. Multiple lines must be base64 endoded: For example: <code>sstProfiles: - base</code> or <code>sstProfiles:: LSBiYXNlCi0gY2VydGJvdAo=</code>. Encode:<source lang="bash">cat << EOF | base64- base- certbotEOF</source>Decode:<source lang="bash">echo LSBiYXNlCi0gY2VydGJvdAo= | base64 --decode</source> |-| description| organizationalRole| <center>MAY</center>| <center></center>| The human readable description of region. For example: <code>description: This region contains the two data centres located in Düdingen and is used for production systems.</code>. |} === Operating System ===The sub tree '''ou=operating system,ou=configuration,dc=stoney-cloud,dc=org''' contains the operating system choices for the whole stoney cloud installation. ~~All relevant data belonging to this reseller are stored below this dn~~They can be extended by the administrator. # This sub tree contains the operating system choices for the whole stoney cloud installation. dn: ~~uid~~ou=~~4000000~~operating system,ou=~~reseller~~configuration,dc=stoney-cloud,dc=org

objectclass: top

objectclass: ~~sstReseller~~organizationalUnit ou: operating system description: This sub tree contains the operating system choices for the whole stoney cloud installation. ==== Linux ====The sub tree '''uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org''' contains the Linux based operating system choices for the whole stoney cloud installation. # This sub tree contains the Linux based operating system choices for the whole stoney cloud installation. dn: uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000019 sstDisplayName: ~~4000000~~Linux ~~organizationName~~description: ~~Reseller Ltd~~This sub tree contains the Linux based operating system choices for the whole stoney cloud installation.

sstBelongsToResellerUID: 4000000

sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 # This sub tree contains the Debian Linux based operating system choices for the whole stoney cloud installation. dn: uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000020 sstDisplayName: Debian description: This sub tree contains the Debian Linux based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000021,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000021 sstDisplayName: 5 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000022,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000022 sstDisplayName: 6 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000023,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000023 sstDisplayName: 7 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 # This sub tree contains the Fedora Linux based operating system choices for the whole stoney cloud installation. dn: uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000024 sstDisplayName: Fedora description: This sub tree contains the Fedora Linux based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000025,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000025 sstDisplayName: 12 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000026,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000026 sstDisplayName: 13 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000027,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000027 sstDisplayName: 14 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000028,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000028 sstDisplayName: 15 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000029,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000029 sstDisplayName: 16 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000030,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000030 sstDisplayName: 17 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000031,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000031 sstDisplayName: 18 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000032,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000032 sstDisplayName: 19 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 # This sub tree contains the Gentoo Linux based operating system choices for the whole stoney cloud installation. dn: uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000033 sstDisplayName: Gentoo description: This sub tree contains the Gentoo Linux based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000034 sstDisplayName: 2012.0 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000035 sstDisplayName: 2013.0 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 ==== Windows ====The sub tree '''uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org''' contains the Windows based operating system choices for the whole stoney cloud installation. # This sub tree contains the Windows based operating system choices for the whole stoney cloud installation. dn: uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000036 sstDisplayName: Windows description: This sub tree contains the Windows based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 # This sub tree contains the Windows Server 2008 based operating system choices for the whole stoney cloud installation. dn: uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000037 sstDisplayName: Server 2008 description: This sub tree contains the Windows Server 2008 based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000038,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000038 sstDisplayName: Datacenter sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000039,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000039 sstDisplayName: Enterprise sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000040,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000040 sstDisplayName: Foundation sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000041,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000041 sstDisplayName: Standard sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 # This sub tree contains the Windows Server 2008 R2 based operating system choices for the whole stoney cloud installation. dn: uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000042 sstDisplayName: Server 2008 R2 description: This sub tree contains the Windows Server 2008 R2 based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000043,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000043 sstDisplayName: Datacenter sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000044,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000044 sstDisplayName: Enterprise sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000045,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000045 sstDisplayName: Foundation sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000046,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000046 sstDisplayName: Standard sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000047,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000047 sstDisplayName: Web sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 # This sub tree contains the Windows Server 2012 based operating system choices for the whole stoney cloud installation. dn: uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000048 sstDisplayName: Server 2012 description: This sub tree contains the Windows Server 2012 based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000049,uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000049 sstDisplayName: Datacenter sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000050,uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000050 sstDisplayName: Standard sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 === Software Stack ===The sub tree '''ou=software stack,ou=configuration,dc=foss-cloud,dc=org''' contains the software stack choices for the whole stoney cloud installation. They can be extended by the administrator. # This sub tree contains the software stack choices for the whole stoney cloud installation. dn: ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: software stack description: This sub tree contains the software stack choices for the whole stoney cloud installation. dn: ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: environments description: This sub tree contains the software stack environment choices for the whole stoney cloud installation. dn: uid=4000054,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000054 sstDisplayName: Test Environment description: This is the environment used for testing (pre-production). sstEnvironmentName: Test sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000055,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000055 sstDisplayName: Development Environment description: This is the environment used for development (sandbox). sstEnvironmentName: Development sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000056,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000056 sstDisplayName: Production Environment description: This is the environment used for production. sstEnvironmentName: Production sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 The multi-valued '''labeledURI''' attribute contains the '''operating system(s)''' for which a software stack works and therefore can be shown to the customer. The following three attributes tell us, who is allowed to access this leaf:* '''sstAllowResellerUID''': Stores the reseller UID(s) that are allowed access to this leaf. If set to 0 (zero), all resellers have access.* '''sstAllowCustomerUID''': Stores the customer UID(s) that are allowed access to this leaf. If set to 0 (zero), all customers belonging to the allowed resellers have access.* '''sstAllowPersonUID''': Stores the person UID(s) that are allowed access to this leaf. If set to 0 (zero), all people belonging to the allowed resellers and the allowed customers have access. dn: uid=4000051,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship objectclass: labeledURIObject uid: 4000051 sstDisplayName: Django (Version 1) description: Django Python Web Framework Version 1. labeledURI: ldap://uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org labeledURI: ldap://uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org sstEnvironmentName: Test sstEnvironmentName: Development sstEnvironmentName: Production sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000052,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship objectclass: labeledURIObject uid: 4000052 sstDisplayName: Django (Version 2) description: Django Python Web Framework Version 2. labeledURI: ldap://uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org labeledURI: ldap://uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org sstEnvironmentName: Test sstEnvironmentName: Development sstEnvironmentName: Production sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 == Customers ==The sub tree '''ou=customers,dc=stoney-cloud,dc=org''' contains all the customers. Each customer has a unique uid, which is used for later reference. === Customers - Customer ===We have two kinds of customers:* '''Company customer''': This is the normal case, as we target companies.* '''Private customer''': A private customer does not have a company/organisation name. The following LDIF examples will show both cases where necessary. The first LDIF shows you the default '''company customer''' entry after a fresh stoney cloud installation. All relevant data belonging to this customer is stored below this dn.<source lang='ldif'>dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstCustomerobjectclass: sstRelationshipuid: 4000001organizationName: Customer Ltd.sstIsCompany: TRUEsstIsActive: TRUEsstBelongsToResellerUID: 4000000sstBelongsToCustomerUID: 4000001</source> The following LDIF shows you the '''private customer''' entry. All relevant data belonging to this customer are stored below this dn.<source lang='ldif'>dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstCustomerobjectclass: sstRelationshipuid: 4000001givenName: Namesurname: SurnamesstIsCompany: FALSEsstIsActive: TRUEsstBelongsToResellerUID: 4000000sstBelongsToCustomerUID: 4000001</source>

The following table describes the different attributes:

{| ~~style~~border="~~border-spacing:0;~~1"| style="border-~~top~~collapse:~~0.002cm solid #000000~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''Attribute'''~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Existence'''</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Mandatory'''</center>

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| uid~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| A unique integer value with 7 digits or more. For example: 4000000.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| organizationName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| The organisation name of the ~~reseller~~customer. For example: ~~Reseller~~ Customer Ltd..

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToResellerUID~~givenName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Stores the reseller UID the leaf belongs to. A unique value with 7 digits or moreGivenname, ~~must correspond with the uid entry. For~~ example: ~~4000000~~Hans.

| ~~style="border-top~~surname| <center>MAY</center>| <center>x1</center>| Surname, example:~~none;border-bottom:0~~Muster.~~002cm solid #000000;border~~ |-~~left:0~~| sstIsCompany| <center>MUST</center>| <center>x</center>| Is the entry active? Either true (yes) or false (no).~~002cm solid #000000;border~~ |-~~right:none;padding:0.097cm;"~~| sstIsActive| ~~style="border-top:none;border-bottom:0~~<center>MAY</center>| <center>x</center>| Is the entry active? Either true (yes) or false (no).~~002cm solid #000000;border~~ |-~~left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstExternalID| <center>MAY</center>| ~~style="border-top~~<center></center>| The ID (or number) of a customer, person or product in an external database (for example:~~none;border-bottom:0~~234567).~~002cm solid #000000;border~~ |-~~left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstBelongsToResellerUID| <center>MUST</center>| <center>x</center>| ~~style="border-top:none;border-bottom:0~~Stores the reseller UID the leaf belongs to.~~002cm solid #000000;border-left:0~~A unique value with 7 digits or more.~~002cm solid #000000;border-right~~For example:04000000.~~002cm solid #000000;padding:0.097cm;"~~ | Is -| sstBelongsToCustomerUID| <center>MAY</center>| <center>x</center>| Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry ~~active? Either yes (TRUE) or no (FALSE)~~. For example: 4000001.

Legend:

* '''x''': Mandatory in all cases.

* '''x1''': If <code>sstIsCompany</code> is set to <code>TRUE</code>, the <code>organizationName</code> must be set. Otherwise <code>givenName</code> and <code>surname</code> must be set.

==== ~~Reseller~~ Customers - Customer - Billing ~~Address~~ address ====The sub tree '''ou=address,uid=~~4000000~~4000001,ou=~~reseller~~customers,dc=stoney-cloud,dc=org''' contains the billing addressfor a '''company customer''': <source lang='ldif'>dn: ou=address,uid=~~4000000~~4000001,ou=~~reseller~~customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: ~~sstAddressCompany~~sstAddress ou: address organizationName: ~~Reseller~~ Customer Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: Name Surname <name.surname@example.com>sstMailCc: Info Customer Ltd. <info@example.com>sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org> telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/</source> The sub tree '''ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the billing address for a '''private customer''':<source lang='ldif'>dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstAddressou: addresssstGender: mgivenName: Namesurname: SurnamepostalAddress: Street NumbercountryName: CHpostalCode: Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: Name Surname <name.surname@example.com>sstMailCc: Info <info@example.com>sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org>telephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source>

The following table describes the different attributes:

{| ~~style~~border="~~border-spacing:0;~~1"| style="border-~~top~~collapse:~~0.002cm solid #000000~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''AttributeName'''~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Existence'''</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Mandatory'''</center>| '''Interface Equivalent'''

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| organizationName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>~~MUST~~MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Customer Name| ~~Company~~ Customer name, for example: '''stepping stone GmbH'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| sstGender~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Gender| Either 'm' for male or 'f' for female. For example: '''m'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| givenName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Name| ~~Givenname~~Name, for example: '''Hans'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| surname~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Surname| Surname, for example: '''Muster'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postalAddress~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2x3</center>| ~~style="border~~Address| Multi-~~top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Street Number~~lined address, for example: '''Neufeldstrasse 9~~. Multi-lined field~~'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postOfficeBox~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x2x3</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Post Office Box| ~~Postbox~~Post Office Box, for example: 3456.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| stateOrProvinceName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x3x4</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~State or Province Name| This ~~pulldown~~ pull down menu is only active (appears to the user), if the country is set to Canada or the USA.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| countryName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Country| Country code according to [http://www.iso.org/iso/home/standards/country_codes.htm ISO 3166-1 ]. The English short name (upper/lower case) is used for the ~~web~~ interface) and the corresponding ISO 3166-1-alpha-2 code (a two-letter code that represents a country name, recommended as the general purpose code) is used for the LDAP entry). ~~Example:~~ For example: '''Switzerland ''' in the ~~value is~~ interface and '''CH''' in the LDAP directory.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| postalCode~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Postal Code| ~~Zipcode~~Postal Code without the country code, for example: '''3012'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| localityName~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Location| ~~City~~Location, for example: ~~Bern~~'''Berne'''.

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| preferredLanguage~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~Language| Display language of the user according to [http://www.ietf.org/rfc/rfc1766.txt RFC 1766, ]. For example: '''de-CH'''. ~~Currently~~ The following languages are currently supported:

* de-CH

* de-DE

* en-GB

* en-US

* fr-CH

* fr-FR

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| mail~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>| ~~style=~~Mail Address| The customers "~~border-top~~To:~~none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;~~"~~| E-~~billing mail address ~~of the user~~, for example: '''Hans Muster <hans.muster@example.com>'''. This is a multi-valued attribute and it MUST contain at least one "To:" billing mail address.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| telephoneNumber~~sstMailCc~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style=~~Mail Address| The customers "~~border-top~~CC:~~none;border-bottom~~" billing mail address, for example:0'''Info Customer Ltd.~~002cm solid #000000;border-left:0~~<info@example.com>'''.~~002cm solid #000000;border~~This is a multi-~~right~~valued attribute and can contain zero or more "CC:~~0.002cm solid #000000;padding:0.097cm;~~"~~| Fixnet phone number, example: +41 31 222 33 44~~billing mail addresses.

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| mobileTelephoneNumber~~sstMailBcc~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MAY</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x1</center>| ~~style=~~Mail Address| The customers "~~border-top~~BCC:~~none;border-bottom~~" billing mail address, for example:0'''Accounting Service Provider Ltd.~~002cm solid #000000;border-left:0~~<accounting@example.org>'''.~~002cm solid #000000;border~~This is a multi-~~right~~valued attribute and can contain zero or more "BCC:0" billing mail addresses.~~002cm solid #000000;padding:0.097cm;"| Mobile phone number, example: +41 76 222 33 44~~Here we'd expect the Accounting mail address of the service provider (for accountability reasons).

| telephoneNumber| <center>MAY</center>| <center>x2</center>| Telephone| Telephone number of the user according to [http://en.wikipedia.org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: '''+41 31 222 33 44'''. |-| mobileTelephoneNumber| <center>MAY</center>| <center>x2</center>| Mobile| Mobile phone number of the user according to [http://en.wikipedia.org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: '''+41 76 222 33 44'''. |-| sstWebsiteURL| <center>MAY</center>| | Website| Website URL according to [http://tools.ietf.org/html/rfc3986 RFC-3986]. For example: '''http://www.stepping-stone.ch'''/. |}Legend: * '''x1''': If the attribute <code>sstIsCompany</code> of the parent entry is set to <code>TRUE</code>, the <code>organizationName</code> must be set.* '''x2''': Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.* '''x3''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.* '''x4''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present. ==== Customers - Customer - Shipping address (optional) ====The sub tree '''ou=shipping,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the shipping address and is optional (it is only needed, if the shipping address differs from the billing Address).<source lang='ldif'>dn: ou=shipping,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstAddressou: shippingorganizationName: Customer Ltd.sstGender: mgivenName: Namesurname: SurnamepostalAddress: Street NumbercountryName: CHpostalCode: Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: name.surname@example.comtelephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source> ==== Customers - Customer - Billing ====The sub tree '''ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains billing relevant data. The following example shows a customer, receiving a monthly bill.<source lang='ldif'>dn: ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstBillingCustomerou: billingsstBillable: TRUEsstBillingCycle: 1sstCurrency: CHFsstPaymentMethod: invoicesstDeliveryMethod: postsstDiscount: 20sstCancellationDate: 20181231sstMailToUID: 4000002sstMailCcUID: 4000064sstMailBccUID: 4000066sstMailBccUID: 4000069</source> The following example shows a customer, which receives their bill via their reseller (no billing done by us):<source lang='ldif'>dn: ou=billing,uid=4000001,ou=customers,o=stepping-stone,c=chobjectclass: topobjectclass: organizationalUnitobjectclass: sstBillingCustomerou: billingsstBillable: TRUE</source> The following table describes the different attributes:{| border="1" style="border-~~top~~collapse:~~none~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000~~80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border~~-left~~:0.002cm solid #000000~~;border-right:none~~;padding:0.097cm;"| ~~sstWebsiteURL~~'''Description''' | -| sstBillable| <center>MAY</center>| <center>x2</center>| All hierarchical levels must have <code>sstBillable: TRUE</code> to actually have an invoice generated and sent. If the attribute <code>sstBillable</code> doesn't exist, the default is <code>TRUE</code>. This way, we are forced to set a reseller, customer or product manually to <code>sstBillable: FALSE</code> if we want to avoid sending them an invoice.|-| sstBillingCycle| <center>MAY</center>| <center></center>| Billing cycle in months. This attribute <code>sstBillingCycle</code> is only checked (evaluated), if the reseller the customer belongs to, has <code>sstResellerBill</code> set to <code>FALSE</code> (as is the case for the reseller stepping stone GmbH). Possible values:* 1: Monthly invoice.* 3: Quarterly invoice.* 6: Semi-annually invoice. * '''12''': Yearly invoice (this is the default billing period if no <code>sstBillingCycle</code> is set). |-| sstCurrency| <center>MAY</center>| <center></center>| Three-letter currency code according to [https://en.wikipedia.org/wiki/ISO_4217 ISO 4217]. Possible values are:* '''CHF''': Swiss franc (this is the default currency if no <code>sstCurrency</code> is set).* EUR: Euro* GBP: Pound sterling* USD: United States dollar |-| sstPaymentMethod| <center>MAY</center>| <center></center>| Payment method of the invoice. Possible values are:* '''invoice''': Classic invoice, sent according to the delivery method defined in <code>sstDeliveryMethod</code> (this is the default payment method if no <code>sstPaymentMethod</code> is set).* postcard: Electronic invoice via PostFinance.* creditcard: Credit card payment. |-| sstDeliveryMethod| <center>MAY</center>| <center></center>| Delivery method of invoices or access data. Possible values are:* email: The invoice or access data is sent via email to the recipient.* '''post''': The invoice or access data is sent via snail mail to the recipient (this is the default delivery method if no <code>sstDeliveryMethod</code> is set). |-| sstDiscount| <center>MAY</center>| <center></center>| An optional customer discount (an integer value between 0 and 100). Default is '''0'''. |-| sstCancellationDate| <center>MAY</center>| <center></center>| The cancellation date of a reseller, customer or service in the form of [YYYY][MM][DD] (ISO 8601). For example: '''20181231'''. The attribute <code>sstCancellationDate</code> is used in a logical AND combination with <code>sstIsActive</code>. |-| sstMailToUID| <center>MAY</center>| <center>x1</center>| This attribute <code>sstMailToUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Even though this attribute is multi-valued, we expect on recipient only. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via To. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000002'''. |-| sstMailCcUID| <center>MAY</center>| <center></center>| This attribute <code>sstMailCcUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via CC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000064'''. |-| sstMailBccUID| <center>MAY</center>| <center></center>| This attribute <code>sstMailBccUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via BCC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000066''' or '''4000069'''. |} Legend:* '''x''': Mandatory in all cases.* '''x1''': The attribute <code>sstMailToUID</code> is mandatory, if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>.* '''x2''': As the default of the attribute <code>sstBillable</code> is <code>TRUE</code>, it's not really mandatory. For better readability, please always add the attribute <code>sstBillable</code>. ==== Customers - Customer - Employees ====The sub tree '''ou=employees,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the employees belonging to the reseller '''Customer Ltd.''' (all the employees with the the attribute sstBelongsToEmployeeUID=4000001). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this customer. The number of employees is always the same or smaller than the number of people belonging to a customer (they are a subset).<source lang='ldif'>dn: ou=employees,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: labeledURIObjectou: employeeslabeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000001)member: uid=4000002,ou=people,dc=stoney-cloud,dc=org</source> In this example, the customer '''Customer Ltd.''' has one employee (with the uid=4000002). The following table describes the different attributes:{| border="1" style="border-~~top~~collapse:~~none~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000~~80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border~~-left~~:0.002cm solid #000000~~;border-right:none~~;padding:0.097cm;"| '''Description''' |-| attribure| <center>~~MAY~~MUST</center>| <center>x</center>| TBD.|} Legend:* '''x''': Mandatory in all cases. ==== Customers - Customer - People ====The sub tree '''ou=people,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the all the people belonging to the customer '''Customer Ltd.''' (all the people, including the employees, with the the attribute sstBelongsToCustomerUID=4000001). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a reseller.<source lang='ldif'>dn: ou=people,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: labeledURIObjectou: peoplelabeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToCustomerUID=4000001)member: uid=4000002,ou=people,dc=stoney-cloud,dc=orgmember: uid=4000064,ou=people,dc=stoney-cloud,dc=orgmember: uid=4000066,ou=people,dc=stoney-cloud,dc=orgmember: uid=4000069,ou=people,dc=stoney-cloud,dc=org</source> In this example, four people the customer '''Customer Ltd.''' (including the employee with the uid=4000002). The following table describes the different attributes:{| border="1" style="border-~~top~~collapse:~~none~~collapse;~~border~~font-~~bottom~~size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description''' |-| attribure| <center>MUST</center>| <center>x</center>| TBD.|} Legend:* '''x''': Mandatory in all cases. === Customers - Customer (LEGACY) ===We have two kinds of customers:* '''Company customer''': This is the normal case, as we target companies.* '''Private customer''': A private customer does not have a company/organisation name. The following LDIF examples will show both cases where necessary. The first LDIF shows you the default '''company customer''' entry after a fresh stoney cloud installation. All relevant data belonging to this reseller is stored below this leaf.<source lang='ldif'>dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstCustomerCompanyuid: 4000001organizationName: Customer Ltd.sstBelongsToResellerUID: 4000000sstBelongsToCustomerUID: 4000001sstIsActive: TRUE</source> The following table describes the different attributes:{| border="1" style="border-~~left~~collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000~~;border-right:none~~;padding:0.097cm;"| '''Description''' | -| uid| <center>MUST</center>| <center>x</center>| A unique integer value with 7 digits or more. For example: 4000000. |-| organizationName| <center>MUST</center>| <center>x</center>| The organisation name of the reseller. For example: Customer Ltd.. |-| sstBelongsToResellerUID| <center>MUST</center>| <center>x</center>| Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000. |-| sstBelongsToCustomerUID| <center>MAY</center>| <center>x</center>| Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001. |-| sstExternalID| <center>MAY</center>| <center></center>| The ID (or number) of a customer, person or product in an external database (for example: 234567). |-| sstIsActive| <center>MAY</center>| <center>x</center>| Is the entry active? Either true (yes) or false (no). |} Legend:* '''x''': Mandatory in all cases. The following LDIF shows you the '''private customer''' entry. All relevant data belonging to this reseller are stored below this leaf.<source lang='ldif'>dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstCustomerPersonuid: 4000001givenName: Namesurname: SurnamesstBelongsToResellerUID: 4000000sstBelongsToCustomerUID: 4000001sstIsActive: TRUE</source> The following table describes the different attributes:{| border="1" style="border-~~top~~collapse:~~none~~collapse;~~border~~font-~~bottom~~size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;~~border-left~~padding:0.~~002cm solid #000000~~097cm;"| '''Description''' |-| uid| <center>MUST</center>| <center>x</center>| A unique integer value with 7 digits or more. For example: 4000000. |-| givenName| <center>MUST</center>| <center>x</center>| Givenname, example: Hans. |-| surname| <center>MUST</center>| <center>x</center>| Surname, example: Muster. |-| sstBelongsToResellerUID| <center>MUST</center>| <center>x</center>| Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000000. |-| sstBelongsToCustomerUID| <center>MAY</center>| <center>x</center>| Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001. |-| sstExternalID| <center>MAY</center>| <center></center>| The ID (or number) of a customer, person or product in an external database (for example: 234567). |-| sstIsActive| <center>MAY</center>| <center>x</center>| Is the entry active? Either true (yes) or false (no). |} Legend:* '''x''': Mandatory in all cases. ==== Customers - Customer (LEGACY) - Billing address ====The sub tree '''ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org''' contains the billing address for a '''company customer''':<source lang='ldif'>dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstAddressCompanyou: addressorganizationName: Customer Ltd.sstGender: mgivenName: Namesurname: SurnamepostalAddress: Street NumbercountryName: CHpostalCode: Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: name.surname@example.comtelephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source> The following table describes the different attributes:{| border="1" style="border-~~right~~collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description''' |-| organizationName| <center>MUST</center>| <center>x</center>| Company name, example: stepping stone GmbH |-| sstGender| <center>MUST</center>| <center>x</center>| Either 'm' for male or 'f' for female. |-| givenName| <center>MUST</center>| <center>x</center>| Givenname, example: Hans. |-| surname| <center>MUST</center>| <center>x</center>| Surname, example: Muster. |-| postalAddress| <center>MAY</center>| <center>x2</center>| Street Number, example: Neufeldstrasse 9. Multi-lined field. |-| postOfficeBox| <center>MAY</center>| <center>x2</center>| Postbox, example: 3456. |-| stateOrProvinceName| <center>MAY</center>| <center>x3</center>| This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA. |-| countryName| <center>MUST</center>| <center>x</center>| Country code according to ISO 3166-1 (for the web interface) and the corresponding [https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 ISO 3166-1-alpha-2] code (as the LDAP entry). Example: For Switzerland the value is CH. |-| postalCode| <center>MUST</center>| <center>x</center>| Zipcode, example: 3012 |-| localityName| <center>MUST</center>| <center>x</center>| City, example: Bern. |-| preferredLanguage| <center>MUST</center>| <center>x</center>| Display language of the user according to RFC 1766, example: de-CH. Currently supported:* de-CH* en-GB |-| mail| <center>MUST</center>| <center>x</center>| E-mail address of the user, example: hans.muster@example.com. |-| telephoneNumber| <center>MAY</center>| <center>x1</center>| Fixnet phone number, example: +41 31 222 33 44. |-| mobileTelephoneNumber| <center>MAY</center>| <center>x1</center>| Mobile phone number, example: +41 76 222 33 44. |-| sstWebsiteURL| <center>MAY</center>| | URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/.

* '''x3''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

~~==== Reseller Shipping Address (optional) ====~~The sub tree '''ou=~~shipping~~address,uid=~~4000000~~4000001,ou=~~reseller~~customers,dc=stoney-cloud,dc=org''' contains ~~the shipping address and is optional (it is only needed, if the shipping address differs from~~ the billing ~~Address).~~address for a '''private customer''':<source lang='ldif'> dn: ou=~~shipping~~address,uid=~~4000000~~4000001,ou=~~reseller~~customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: ~~sstAddressCompany~~sstAddressPerson ou: ~~shipping~~ ~~organizationName: Reseller Ltd.~~address sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/</source>

The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class= ~~Reseller Billing ====~~"wikitable sortable"~~The sub tree~~ | '''~~ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org~~Attribute''' ~~contains billing relevant data:~~ ~~dn: ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org~~| <center>'''Existence'''</center> ~~objectclass: top~~| <center>'''Mandatory'''</center> ~~objectclass~~| style="border: ~~organizationalUnit~~ ~~objectclass~~0.002cm solid #000000;padding: ~~sstBillingReseller~~ ~~ou: billing~~ ~~sstResellerBill: FALSE~~0.097cm;"| '''Description'''

|-| sstGender| <center>MUST</center>| <center>x</center>| Either 'm' for male or 'f' for female. |-| givenName| <center>MUST</center>| <center>x</center>| Givenname, example: Hans. |-| surname| <center>MUST</center>| <center>x</center>| Surname, example: Muster. |-| postalAddress| <center>MAY</center>| <center>x2</center>| Street Number, example: Neufeldstrasse 9. Multi-lined field. |-| postOfficeBox| <center>MAY</center>| <center>x2</center>| Postbox, example: 3456. |-| stateOrProvinceName| <center>MAY</center>| <center>x3</center>| This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA. |-| countryName| <center>MUST</center>| <center>x</center>| Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry ). Example: For Switzerland the value is CH. |-| postalCode| <center>MUST</center>| <center>x</center>| Zipcode, example: 3012 |-| localityName| <center>MUST</center>| <center>x</center>| City, example: Bern. |-| preferredLanguage| <center>MUST</center>| <center>x</center>| Display language of the user according to RFC 1766, example: de-CH. Currently supported:* de-CH* en-GB |-| mail| <center>MUST</center>| <center>x</center>| E-mail address of the user, example: hans.muster@example.com. |-| telephoneNumber| <center>MAY</center>| <center>x1</center>| Fixnet phone number, example: +41 31 222 33 44. |-| mobileTelephoneNumber| <center>MAY</center>| <center>x1</center>| Mobile phone number, example: +41 76 222 33 44. |-| sstWebsiteURL| <center>MAY</center>| | URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/. |}Legend: * '''x1''': Either telephoneNumber or mobileTelephoneNumber need to be ~~described~~ present. Both attributes can exist together.* '''x2''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.* '''x3''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present. == Groups == == People ==The sub tree which contains all the people. Each person has a unique identifier (uid):<source lang='ldif'>dn: ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitou: peopledescription: The sub tree which contains all the people.</source> === People - Person ===Each person hat its own leaf with a unique identifier (uid). The following LDIF shows you a typical '''person''' entry. All relevant data belonging to this person is stored below this leaf. <source lang='ldif'>dn: uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstPersonuid: 4000002sstGender: msstTitle: CEOgivenName: Namesurname: SurnamedisplayName: Name SurnamepreferredLanguage: en-GBuserPassword: {SSHA}UgrBHVhKxFQInWWpzf1ddgEVmSg5vKUmmail: name.surname@example.comcn: admintelephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstTimeZoneOffset: UTC+01sstIsActive: TRUEsstBelongsToResellerUID: 4000000sstBelongsToCustomerUID: 4000001sstEmployeeOfUID: 4000000sstEmployeeOfUID: 4000001</source> The person '''Name Surname''' (with the uid=4000002) belongs to the reseller '''Reseller Ltd.''' (with sstBelongsToResellerUID=4000000) and is an employee of the same company (sstEmployeeOfUID=4000000). The person also belongs the customer '''Customer Ltd.''' (with sstBelongsToCustomerUID=4000001) and is an employee of the same company (sstEmployeeOfUID=4000001). The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| style="width:200px; border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| '''AttributeType'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| '''Interface Equivalent'''| <center>'''User alterable'''</center>| style="width:600px; border:0.002cm solid #000000;padding:0.097cm;"| '''Description''' |-| uid| <center>MUST</center>| <center>x</center>| UID| <center></center>| Unique Identifier. For example: '''4000002'''. |-| sstGender| <center>MUST</center>| <center>x</center>| Gender| <center></center>| Either 'm' for male or 'f' for female. For example: '''m'''. |-| sstTitle| <center>MAY</center>| <center>x</center>| Title| <center>x</center>| The title of a person as a [http://en.wikipedia.org/wiki/UTF-8 UTF-8]] formatted string. For example: '''CEO''' or '''Technician'''. |-| givenName| <center>MUST</center>| <center>x</center>| Name| <center>x</center>| Name, for example: '''Hans'''. |-| surname| <center>MUST</center>| <center>x</center>| Surname| <center>x</center>| Surname, for example: '''Muster'''. |-| displayName| <center>MAY</center>| <center>x2</center>| Display name| <center></center>| Display name, for example: ''' Hans Muster'''. |-| preferredLanguage| <center>MUST</center>| <center>x</center>| Language| <center>x</center>| Display language of the user according to RFC 1766: <nowiki>[</nowiki>[http://www.loc.gov/standards/iso639-2/php/code_list.php ISO 639-1 Code]<nowiki>]</nowiki>-<nowiki>[</nowiki>[http://www.iso.org/iso/english_country_names_and_code_elements ISO 3166-1-alpha-2 code]<nowiki>]</nowiki> . For example: <code>de-CH</code> |-| userPassword| <center>MUST</center>| <center>x</center>| Password| <center>x</center>| SSHA user password. {SSHA} is a [http://www.ietf.org/rfc/rfc2307.txt RFC 2307] password scheme which uses the SHA1 secure hash algorithm. For example: '''{SSHA}h+qbh3pFWrZxmz02H5tXhOr+0/wrmHFF'''. |-| mail| <center>MUST</center>| <center>x</center>| Mail Address| <center>x</center>| The users mail address, for example: '''hans.muster@example.com'''. |-| cn| <center>MAY</center>| <center></center>| | | Common name of the user, for example: '''sst-mei'''. |-| telephoneNumber| <center>MAY</center>| <center>x1</center>| Telephone| <center>x1</center>| Telephone number of the user according to [http://en.wikipedia.org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: '''+41 31 222 33 44'''. |-| mobileTelephoneNumber| <center>MAY</center>| <center>x1</center>| Mobile| <center>x1</center>| Mobile phone number of the user according to [http://en.wikipedia.org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: '''+41 76 222 33 44'''. |-| sstTimeZoneOffset| <center>MUST</center>| <center>x</center>| | | Time zone as an offset from UTC. For example: '''UTC+01''' |-| sstIsActive| <center>MAY</center>| <center>x</center>| | | Is the entry active? Either '''true''' (yes) or '''false''' (no). |-| sstBelongsToUID| <center>MAY</center>| <center></center>| | <center></center>| If this value is set to '''1''', the user is the super user of the whole stoney cloud installation. Therefore this user can add and remove resellers. Use with caution. |-| sstBelongsToResellerUID| <center>MAY</center>| <center>x</center>| | <center></center>| Stores the reseller UID the person belongs to. A unique value with 7 digits or more. For example: '''4000000'''. |-| sstBelongsToCustomerUID| <center>MUST</center>| <center>x</center>| | <center></center>| Stores the customer UID the person belongs to. A unique value with 7 digits or more. For example: '''4000001'''. |-| sstEmployeeOfUID| <center>MAY</center>| <center></center>| Employee of| <center></center>| Stores the UID(s) the person is an employee of. The UID(s) can belong to one or more resellers or also to one or more customers. A unique value with 7 digits or more. For example: '''4000001'''. |-| sstExternalID| <center>MAY</center>| <center></center>| External ID| <center></center>| The ID (or number) of a customer, person or product in ~~detail~~an external database. ~~TBD~~For example: '''234567'''. |} Legend:* '''x1''': Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.* '''x2''': Mandatory, if the person belongs to customer that has subscribed a [https://wwww.stoney-storage.com/ stoney storage] service. ==== People - Person - Session tokens ====Using session tokens, when the user logs out, the client sends a logout request to the server. The session token is then removed from LDAP by the server and the client discards the session token. Special cases:* If the user's password is changed, all session tokens must be removed from LDAP in order to force the user to re-login.* If any attributes are changed which control the user's affiliation (reseller, company, etc), all session tokens must be removed from LDAP in order to force the user to re-login. Specific attributes:** sstBelongsToResellerUID** sstBelongsToCustomerUID** sstEmployeeOfUID** sstEmployeeOfUID In our case, we store the session tokens in a leaf beneath the person (as these tokens are personal). ===== People - Person - Session tokens example =====Below each person entry, we have a tokens sub tree, which stores the session tokens:<source lang='ldif'>dn: ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitou: tokensdescription: The sub tree for the session tokens of the person with the uid '4000002'.</source>

The following table describes the different attributes:

{| ~~style~~border="~~border-spacing:0;~~1"| style="border-~~top~~collapse:~~0.002cm solid #000000~~collapse;~~border~~font-~~bottom~~size:~~0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm~~80%;"width="100%" class="wikitable sortable"| '''Attribute'''| ~~style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~'''Objectclass'''| <center>'''Existence'''</center>~~| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>'''Mandatory'''</center>

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

| ~~style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~ou| ~~attribure~~organizationalUnit~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>| ~~style="border-top:none;border-bottom:0~~<center>x</center>| The sub tree containing all the session tokens.~~002cm solid #000000;border-left~~ For example:~~0.002cm solid #000000;border-right~~<code>ou:~~none;padding:0~~tokens</code>.~~097cm;"~~ |-| description| organizationalUnit| <center>xMAY</center>| ~~style="border-top:none;border-bottom:0~~<center></center>| The description of the leaf.~~002cm solid #000000;border-left:0~~As this sub tree is created by the stoney API, we don't really need a human readable description.~~002cm solid #000000;border-right~~ For example:~~0.002cm solid #000000;padding~~<code>description:~~0.097cm;"| TBD~~The sub tree for the session tokens of the person with the uid '4000002'.</code>

* '''x''': Mandatory in all cases.

~~==== Reseller Customers ====~~Each session token receives its own child-entry to store additional meta data, such as the token's create date, last utilisation date, ... In the example below, the session token <code>sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4</code> was created on the 13th of April 2021 at 08:10:27 UTC (<code>sstCreationDate: 20210413T081027Z</code>) and two clients have used this token (the first with an IPv4 address, the second with an IPv6 address):~~The sub tree '~~<source lang='ldif'>dn: sstToken=2e211493-41e6-4c74-9431-b5d990b177a4,ou=~~customers~~tokens,uid=~~4000000~~4000002,ou=~~reseller~~people,dc=stoney-cloud,dc=org~~''' contains~~ objectclass: topobjectclass: sstTokenObjectClasssstToken: 2e211493-41e6-4c74-9431-b5d990b177a4description: The sub tree for the ~~customers belonging to~~ JSON Web Token with the ~~reseller~~ id '2e211493-41e6-4c74-9431-b5d990b177a4'~~'Reseller Ltd~~.~~'''~~ sstCreationDate: 20210413T081027ZsstClient: 20210413T081027Z: 194.176.109.13 Mozilla/5.0 (~~all the customers with the the attribute sstBelongsToResellerUID=4000000~~X11; Linux x86_64; rv:85.0)Gecko/20100101 Firefox/85. ~~With the attribute labeledURI we use the functionality of the [http~~0sstClient:20210413T132805Z: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/~~www~~537.~~openldap~~36 (KHTML, like Gecko) Chrome/91.~~org~~0.4456.0 Safari/~~doc~~537.36 Edg/~~admin24/overlays~~91.~~html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of customers belonging to this reseller~~0.845.2</source>

The API will make sure, that the amount of registered remote IP addresses and requesting User-Agents doesn't exceed a certain configurable limit (for example: 2). If the limit is exceeded, the session will be invalidated. The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| '''Objectclass'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description''' |-| sstToken| sstTokenObjectClass| <center>MUST</center>| <center>x</center>| The sub tree containing all the information of a session (creation date, access date, IPv4 or IPv6 address and the clients user agent). The session token has the form of a UUID (Universally Unique Identifier).. For example: <code>sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4</code>. |-| description| sstTokenObjectClass| <center>MAY</center>| <center></center>| The description of the leaf. As this sub tree is created by the stoney API, we don't really need a human readable description. For example: <code>description: The sub tree for the JSON Web Token with the id '2e211493-41e6-4c74-9431-b5d990b177a4'.</code> |-| sstCreationDate| sstTokenObjectClass| <center>MUST</center>| <center>x</center>| The session token creation time (UTC) in the form of <code>[YYYY][MM][DD]T[hh][mm][ss]Z</code> according to the [http://en.wikipedia.org/wiki/ISO_8601 ISO 8601] definition. For example: <code>sstCreationDate: 20210413T081027Z</code>. |-| sstClient| sstTokenObjectClass| <center>MUST</center>| <center>x</center>| The multi-valued attribute containing client information. This attribute contains the following information:* The access time (UTC) in the form of <code>[YYYY][MM][DD]T[hh][mm][ss]Z</code> according to the [http://en.wikipedia.org/wiki/ISO_8601 ISO 8601] definition.* The IPv4 or IPv6 address, from which the client has accessed the stoney API.* The user agent of the client. This information is separated by spaces: <code>sstClient: [YYYY][MM][DD]T[hh][mm][ss]Z" "IPv4 or IPv6" "User-Agent"</code>. For example: <code>sstClient: 20210413T081027Z 194.176.109.13 Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0</code>. Please be aware, that the maximal length of a sstClient string is restricted to 256 characters. |} Legend:* '''x''': Mandatory in all cases. ==== People - Person - Roles (LEGACY) ====<source lang='ldif'>dn: sstRole=Monitoring Administrator,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstRolessstProduct: 0sstRole: Monitoring Administrator</source> <source lang='ldif'>dn: sstRole=User,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstRolessstProduct: 0sstRole: User</source> <source lang='ldif'>dn: sstRole=Virtualization Administrator,uid=4000002,ou=people,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstRolessstProduct: 0sstRole: Virtualization Administrator</source> == Reseller ==The sub tree '''ou=reseller,dc=stoney-cloud,dc=org''' contains all the resellers. Each reseller has a unique uid, which is used for later reference. === Reseller - Reseller ===The following LDIF shows a typical reseller entry. All relevant data belonging to this reseller is stored below this leaf.<source lang='ldif'>dn: uid=4000000,ou=reseller,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: sstReselleruid: 4000000organizationName: Reseller Ltd.sstIsCompany: TRUEsstIsActive: TRUEsstBelongsToResellerUID: 4000000</source> The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| '''Description''' |-| uid| <center>MUST</center>| <center>x</center>| A unique integer value with 7 digits or more. For example: 4000000. |-| organizationName| <center>MAY</center>| <center>x</center>| The organisation name of the reseller. For example: '''Reseller Ltd.'''. A reseller must be a company (<code>sstIsCompany: TRUE</code>). |-| description| <center>MAY</center>| <center></center>| The description of the leaf. |-| sstIsCompany| <center>MUST</center>| <center>x</center>| Is the entry a company? Either true (yes) or false (no). |-| sstIsActive| <center>MAY</center>| <center>x</center>| Is the entry active? Either true (yes) or false (no). |-| sstExternalID| <center>MAY</center>| <center></center>| The ID (or number) of a customer, person or product in an external database (for example: 234567). |-| sstBelongsToResellerUID| <center>MUST</center>| <center>x</center>| Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000. |} Legend:* '''x''': Mandatory in all cases. ==== Reseller - Reseller - Billing address ====The sub tree '''ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the billing address:<source lang='ldif'>dn: ou=~~customers~~address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstAddressou: addressorganizationName: Reseller Ltd.sstGender: mgivenName: Namesurname: SurnamepostalAddress: Street NumbercountryName: CHpostalCode: Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: Name Surname <name.surname@example.com>sstMailCc: Info Reseller Ltd. <info@example.com>sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org>telephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source> The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute Name'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| '''Interface Equivalent'''| '''Description''' |-| organizationName| <center>MAY</center>| <center>x1</center>| Reseller Name| Reseller name, for example: '''stepping stone GmbH'''. |-| sstGender| <center>MUST</center>| <center>x</center>| Gender| Either 'm' for male or 'f' for female. For example: '''m'''. |-| givenName| <center>MUST</center>| <center>x</center>| Name| Name, for example: '''Hans'''. |-| surname| <center>MUST</center>| <center>x</center>| Surname| Surname, for example: '''Muster'''. |-| postalAddress| <center>MAY</center>| <center>x3</center>| Address| Multi-lined address, for example: '''Neufeldstrasse 9'''. |-| postOfficeBox| <center>MAY</center>| <center>x3</center>| Post Office Box| Post Office Box, for example: 3456. |-| stateOrProvinceName| <center>MAY</center>| <center>x4</center>| State or Province Name| This pull down menu is only active (appears to the user), if the country is set to Canada or the USA. |-| countryName| <center>MUST</center>| <center>x</center>| Country| Country code according to [http://www.iso.org/iso/home/standards/country_codes.htm ISO 3166-1]. The English short name (upper/lower case) is used for the interface and the corresponding ISO 3166-1-alpha-2 code (a two-letter code that represents a country name, recommended as the general purpose code) is used for the LDAP entry). For example: '''Switzerland''' in the interface and '''CH''' in the LDAP directory. |-| postalCode| <center>MUST</center>| <center>x</center>| Postal Code| Postal Code without the country code, for example: '''3012'''. |-| localityName| <center>MUST</center>| <center>x</center>| Location| Location, for example: '''Berne'''. |-| preferredLanguage| <center>MUST</center>| <center>x</center>| Language| Display language of the user according to [http://www.ietf.org/rfc/rfc1766.txt RFC 1766]. For example: '''de-CH'''. The following languages are currently supported:* de-CH* de-DE* en-GB* en-US* fr-CH* fr-FR |-| mail| <center>MUST</center>| <center>x</center>| Mail Address| The resellers "To:" billing mail address, for example: '''Hans Muster <hans.muster@example.com>'''. This is a multi-valued attribute and it MUST contain at least one "To:" billing mail address. |-| sstMailCc| <center>MAY</center>| <center></center>| Mail Address| The resellers "CC:" billing mail address, for example: '''Info Reseller Ltd. <info@example.com>'''. This is a multi-valued attribute and can contain zero or more "CC:" billing mail addresses. |-| sstMailBcc| <center>MAY</center>| <center></center>| Mail Address| The customers "BCC:" billing mail address, for example: '''Accounting Service Provider Ltd. <accounting@example.org>'''. This is a multi-valued attribute and can contain zero or more "BCC:" billing mail addresses. Here we'd expect the Accounting mail address of the service provider (for accountability reasons). |-| telephoneNumber| <center>MAY</center>| <center>x2</center>| Telephone| Telephone number of the user according to [http://en.wikipedia.org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: '''+41 31 222 33 44'''. |-| mobileTelephoneNumber| <center>MAY</center>| <center>x2</center>| Mobile| Mobile phone number of the user according to [http://en.wikipedia.org/wiki/E.164 E.164] (international dialling code, <s>trunk code</s>, area code, subscriber line). For example: '''+41 76 222 33 44'''. |-| sstWebsiteURL| <center>MAY</center>| | Website| Website URL according to [http://tools.ietf.org/html/rfc3986 RFC-3986]. For example: '''http://www.stepping-stone.ch'''/. |}Legend: * '''x1''': If the attribute <code>sstIsCompany</code> of the parent entry is set to <code>TRUE</code>, the <code>organizationName</code> must be set.* '''x2''': Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.* '''x3''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.* '''x4''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present. ==== Reseller - Reseller - Shipping address (optional) ====The sub tree '''ou=shipping,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the shipping address and is optional (it is only needed, if the shipping address differs from the billing Address).<source lang='ldif'>dn: ou=shipping,uid=4000000,ou=reseller,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstAddressou: shippingorganizationName: Reseller Ltd.sstGender: mgivenName: Namesurname: SurnamepostalAddress: Street NumbercountryName: CHpostalCode: Postal CodelocalityName: LocalitypreferredLanguage: en-GBmail: name.surname@example.comtelephoneNumber: +41 00 000 00 00mobileTelephoneNumber: +41 00 000 00 00sstWebsiteURL: https://www.example.com/</source> ==== Reseller - Reseller - Billing ====The sub tree '''ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains billing relevant data. The following example shows a reseller, receiving a monthly bill.<source lang='ldif'>dn: ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: sstBillingResellerou: billingsstResellerBill: TRUEsstBillable: TRUEsstBillingCycle: 1sstCurrency: CHFsstPaymentMethod: invoicesstDeliveryMethod: postsstDiscount: 32sstCancellationDate: 20181231sstMailToUID: 4000002sstMailCcUID: 4000064sstMailBccUID: 4000066sstMailBccUID: 4000069</source> The following example shows a reseller, where their customers receive a bill directly:<source lang='ldif'>dn: ou=billing,uid=4000000,ou=reseller,o=stepping-stone,c=chobjectclass: topobjectclass: organizationalUnitobjectclass: sstBillingResellerou: billingsstResellerBill: FALSE sstBillable: TRUE</source> The following table describes the different attributes:{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| '''Description''' |-| sstResellerBill| <center>MUST</center>| <center>x</center>| Should the the reseller receive a consolidated invoice for all their customers? This can be either <code>TRUE</code> or <code>FALSE</code>. The default value is <code>TRUE</code>, meaning that the resellers receives a consolidated invoice for all their customers. |-| sstBillable| <center>MAY</center>| <center>x2</center>| All hierarchical levels must have <code>sstBillable: TRUE</code> to actually have an invoice generated and sent. If the attribute <code>sstBillable</code> doesn't exist, the default is <code>TRUE</code>. This way, we are forced to set a reseller, customer or product manually to <code>sstBillable: FALSE</code> if we want to avoid sending them an invoice. |-| sstBillingCycle| <center>MAY</center>| <center></center>| Billing cycle in months. This attribute <code>sstBillingCycle</code> is only checked (evaluated), if the reseller has <code>sstResellerBill</code> set to <code>TRUE</code> (as is the case for the resellers except for stepping stone GmbH). Possible values:* 1: Monthly invoice (this is the default billing period if no <code>sstBillingCycle</code> is set).* 3: Quarterly invoice.* 6: Semi-annually invoice. * 12: Yearly invoice. |-| sstCurrency| <center>MAY</center>| <center></center>| Three-letter currency code according to [https://en.wikipedia.org/wiki/ISO_4217 ISO 4217]. Possible values are:* '''CHF''': Swiss franc (this is the default currency if no <code>sstCurrency</code> is set).* EUR: Euro* GBP: Pound sterling* USD: United States dollar |-| sstPaymentMethod| <center>MAY</center>| <center></center>| Payment method of the invoice. Possible values are:* '''invoice''': Classic invoice, sent according to the delivery method defined in <code>sstDeliveryMethod</code> (this is the default payment method if no <code>sstPaymentMethod</code> is set).* postcard: Electronic invoice via PostFinance.* creditcard: Credit card payment. |-| sstDeliveryMethod| <center>MAY</center>| <center></center>| Delivery method of invoices or access data. Possible values are:* email: The invoice or access data is sent via email to the recipient.* '''post''': The invoice or access data is sent via snail mail to the recipient (this is the default delivery method if no <code>sstDeliveryMethod</code> is set). |-| sstDiscount| <center>MAY</center>| <center></center>| An optional customer discount (an integer value between 0 and 100). Default is '''0'''. |-| sstCancellationDate| <center>MAY</center>| <center></center>| The cancellation date of a reseller, customer or service in the form of [YYYY][MM][DD] (ISO 8601). For example: '''20181231'''. The attribute <code>sstCancellationDate</code> is used in a logical AND combination with <code>sstIsActive</code>. |-| sstMailToUID| <center>MAY</center>| <center>x1</center>| This attribute <code>sstMailToUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Even though this attribute is multi-valued, we expect on recipient only. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via To. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000002'''. |-| sstMailCcUID| <center>MAY</center>| <center></center>| This attribute <code>sstMailCcUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via CC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000064'''. |-| sstMailBccUID| <center>MAY</center>| <center></center>| This attribute <code>sstMailBccUID</code> is only checked (evaluated), if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via BCC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: '''4000066''' or '''4000069'''. |} Legend:* '''x''': Mandatory in all cases.* '''x1''': The attribute <code>sstMailToUID</code> is mandatory, if the delivery method <code>sstDeliveryMethod</code> is set to <code>email</code>.* '''x2''': As the default of the attribute <code>sstBillable</code> is <code>TRUE</code>, it's not really mandatory. For better readability, please always add the attribute <code>sstBillable</code>. ==== Reseller - Reseller - Customers ====The sub tree '''ou=customers,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the customers belonging to the reseller '''Reseller Ltd.''' (all the customers with the the attribute sstBelongsToResellerUID=4000000). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of customers belonging to this reseller.<source lang='ldif'>dn: ou=customers,uid=4000000,ou=reseller,dc=stoney-cloud,dc=orgobjectclass: topobjectclass: organizationalUnitobjectclass: labeledURIObject ou: customers labeledURI: ldap:///ou=customers,dc=stoney-cloud,dc=org??one?(sstBelongsToResellerUID=4000000) member: uid=4000001,ou=customers,dc=stoney-cloud,dc=org</source>

In this example, the reseller '''Reseller Ltd.''' has one customer (with the uid=4000001).

The following table describes the different attributes:

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| attribure~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>MUST</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"~~| <center>x</center>~~| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"~~| TBD.

* '''x''': Mandatory in all cases.

==== Reseller - Reseller - Employees ====

The sub tree '''ou=employees,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the employees belonging to the reseller '''Reseller Ltd.''' (all the employees with the the attribute sstBelongsToEmployeeUID=4000000). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this reseller. The number of employees is always the same or smaller than the number of people belonging to a reseller (they are a subset).

<source lang='ldif'> dn: ou=employees,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: employees labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000000) member: uid=4000002,ou=people,dc=stoney-cloud,dc=org</source>

In this example, the reseller '''Reseller Ltd.''' has one employee (with the uid=4000002).

The following table describes the different attributes:

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

* '''x''': Mandatory in all cases.

==== Reseller - Reseller - People ====

The sub tree '''ou=people,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the all the people belonging to the reseller '''Reseller Ltd.''' (all the people, including the employees, with the the attribute sstBelongsToResellerUID=4000000). With the attribute labeledURI we use the functionality of the [http://www.openldap.org/doc/admin24/overlays.html#Dynamic%20Lists dynamic lists overlay] to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a reseller.

<source lang='ldif'>dn: ou=people,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: employees labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToResellerUID=4000000) member: uid=4000002,ou=people,dc=stoney-cloud,dc=org member: uid=4000064,ou=people,dc=stoney-cloud,dc=org member: uid=4000066,ou=people,dc=stoney-cloud,dc=org member: uid=4000069,ou=people,dc=stoney-cloud,dc=org</source>

In this example, four people the reseller '''Reseller Ltd.''' (including the employee with the uid=4000002).

The following table describes the different attributes:{| border="1" style= ~~Services~~ "border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"| '''Attribute'''| <center>'''Existence'''</center>| <center>'''Mandatory'''</center>| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

| attribure

| <center>MUST</center>

| <center>x</center>

| TBD.

Legend:

* '''x''': Mandatory in all cases.

=== Reseller - Reseller (LEGACY) ===

The following LDIF shows you the default reseller entry after a fresh stoney cloud installation. All relevant data belonging to this reseller is stored below this leaf.

dn: uid=4000000,ou=reseller,dc=stoney-cloud,dc=org

objectclass: top

objectclass: sstReseller

uid: 4000000

organizationName: Reseller Ltd.

sstBelongsToResellerUID: 4000000

sstIsActive: TRUE

</source>

The following table describes the different attributes:

{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"

| '''Attribute'''

| <center>'''Existence'''</center>

| <center>'''Mandatory'''</center>

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

| uid

| <center>MUST</center>

| <center>x</center>

| A unique integer value with 7 digits or more. For example: 4000000.

| organizationName

| <center>MUST</center>

| <center>x</center>

| The organisation name of the reseller. For example: Reseller Ltd..

| sstBelongsToResellerUID

| <center>MAY</center>

| <center>x</center>

| Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000000.

| sstExternalID

| <center>MAY</center>

| <center></center>

| The ID (or number) of a customer, person or product in an external database (for example: 234567).

| sstIsActive

| <center>MAY</center>

| <center>x</center>

| Is the entry active? Either true (yes) or false (no).

Legend:

* '''x''': Mandatory in all cases.

==== Reseller - Reseller - Billing address (LEGACY) ====

The sub tree '''ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org''' contains the billing address:

dn: ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org

objectclass: top

objectclass: organizationalUnit

objectclass: sstAddressCompany

ou: address

organizationName: Reseller Ltd.

sstGender: m

givenName: Name

surname: Surname

postalAddress: Street Number

countryName: CH

postalCode: Postal Code

localityName: Locality

preferredLanguage: en-GB

mail: name.surname@example.com

telephoneNumber: +41 00 000 00 00

mobileTelephoneNumber: +41 00 000 00 00

sstWebsiteURL: https://www.example.com/

</source>

The following table describes the different attributes:

{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"

| '''Attribute'''

| <center>'''Existence'''</center>

| <center>'''Mandatory'''</center>

| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''

| organizationName

| <center>MUST</center>

| <center>x</center>

| Company name, example: stepping stone GmbH

| sstGender

| <center>MUST</center>

| <center>x</center>

| Either 'm' for male or 'f' for female.

| givenName

| <center>MUST</center>

| <center>x</center>

| Givenname, example: Hans.

| surname

| <center>MUST</center>

| <center>x</center>

| Surname, example: Muster.

| postalAddress

| <center>MAY</center>

| <center>x2</center>

| Street Number, example: Neufeldstrasse 9. Multi-lined field.

| postOfficeBox

| <center>MAY</center>

| <center>x2</center>

| Postbox, example: 3456.

| stateOrProvinceName

| <center>MAY</center>

| <center>x3</center>

| This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA.

| countryName

| <center>MUST</center>

| <center>x</center>

| Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH.

| postalCode

| <center>MUST</center>

| <center>x</center>

| Zipcode, example: 3012

| localityName

| <center>MUST</center>

| <center>x</center>

| City, example: Bern.

| preferredLanguage

| <center>MUST</center>

| <center>x</center>

| Display language of the user according to RFC 1766, example: de-CH. Currently supported:

* de-CH

* en-GB

| mail

| <center>MUST</center>

| <center>x</center>

| E-mail address of the user, example: hans.muster@example.com.

| telephoneNumber

| <center>MAY</center>

| <center>x1</center>

| Fixnet phone number, example: +41 31 222 33 44.

| mobileTelephoneNumber

| <center>MAY</center>

| <center>x1</center>

| Mobile phone number, example: +41 76 222 33 44.

| sstWebsiteURL

| <center>MAY</center>

| URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/.

Legend:

* '''x1''': Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.

* '''x2''': Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.

* '''x3''': If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

[[Category:stoney core]][[Category:OpenLDAP directory]]

Administrator

Bureaucrat, administrator

edits