Difference between revisions of "Load Balancer as a Service (LBaaS): OpenLDAP directory data organisation"

From stoney cloud
Jump to: navigation, search
[checked revision][checked revision]
(Load Balancer as a Service (LBaaS) - Provisioning)
(Load Balancer as a Service (LBaaS) - Account example)
 
(37 intermediate revisions by the same user not shown)
Line 47: Line 47:
 
* '''x''': Mandatory in all cases.
 
* '''x''': Mandatory in all cases.
  
== Load Balancer as a Service (LBaaS) - Configuration ==
+
== Load Balancer as a Service (LBaaS) - Configuration (currently not used and implemented) ==
 
The sub tree for the configuration of the Load Balancer as a Service (LBaaS):
 
The sub tree for the configuration of the Load Balancer as a Service (LBaaS):
 
<source lang="ldif">
 
<source lang="ldif">
Line 88: Line 88:
 
* '''x''': Mandatory in all cases.
 
* '''x''': Mandatory in all cases.
  
=== Load Balancer as a Service (LBaaS) - Configuration - Provisioning daemon ===
+
=== Load Balancer as a Service (LBaaS) - Configuration - Provisioning daemon (currently not used and implemented) ===
 
See the [[stoney_core:_OpenLDAP_directory_data_organisation#Services | Services description]] for the naming convention.
 
See the [[stoney_core:_OpenLDAP_directory_data_organisation#Services | Services description]] for the naming convention.
  
Line 141: Line 141:
 
* '''x''': Mandatory in all cases.
 
* '''x''': Mandatory in all cases.
  
=== Load Balancer as a Service (LBaaS) - Configuration - Reseller ===
+
=== Load Balancer as a Service (LBaaS) - Configuration - Reseller (currently not used and implemented) ===
 
The sub tree for the reseller specific Load Balancer as a Service (LBaaS) settings:
 
The sub tree for the reseller specific Load Balancer as a Service (LBaaS) settings:
 
<source lang="ldif">
 
<source lang="ldif">
Line 301: Line 301:
 
description: The sub tree for the accounts of the Load Balancer as a Service (LBaaS).
 
description: The sub tree for the accounts of the Load Balancer as a Service (LBaaS).
 
</source>
 
</source>
 +
 +
The following table describes the different attributes:
 +
{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"
 +
! style="text-align:left; width: 180px" | Attribute
 +
! style="text-align:left; width: 220px" | Objectclass
 +
! style="width: 80px"                  | Existance
 +
! style="width: 80px"                  | Mandatory
 +
! style="text-align:left;"              | Description
 +
 +
|-
 +
| ou
 +
| organizationalUnit
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| The name of the leaf.
 +
 +
In this case: <code>accounts</code>.
 +
 +
|-
 +
| description
 +
| organizationalUnit
 +
| <center>MAY</center>
 +
| <center>x</center>
 +
| The description of the leaf.
 +
 +
In this case: <code>The sub tree for the accounts of the Load Balancer as a Service (LBaaS).</code>
 +
 +
|}
 +
 +
Legend:
 +
* '''x''': Mandatory in all cases.
 +
  
 
=== Load Balancer as a Service (LBaaS) - Account example ===
 
=== Load Balancer as a Service (LBaaS) - Account example ===
The following example shows the OpenLDAP directory entry for the stoney wiki account with the uid number 3730083:
+
The following example shows the OpenLDAP directory entry for the Load Balancer as a Service (LBaaS) account with the uid number 4000005:
 +
 
 +
<source lang="ldif">
 +
dn: uid=4000005,ou=accounts,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
 +
objectclass: top
 +
objectclass: account
 +
objectclass: sstLBaaS
 +
objectclass: sstRelationship
 +
uid: 4000005
 +
description: www.example.com (sst-int-001, sst-int-002)        # Human readable description: fqdn (backend host 1, backend host 1)
 +
sstIsActive: TRUE
 +
sstLBaaSFrontendURI: https://www.example.com/                  # Uniform Resource Identifier with optional label.
 +
sstLBaaSFrontendURI: https://example.com/                      # Uniform Resource Identifier with optional label.
 +
sstLBaaSFrontendURI: https://api.example.com/                  # Uniform Resource Identifier with optional label.
 +
sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/  # Uniform Resource Identifier with optional label of the first backend host.
 +
sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/  # Uniform Resource Identifier with optional label of the second backend host.
 +
sstLBaaSHost: haproxy-001.os.stoney-cloud.com                  # Fully qualified domain name (FQDN) of the first HAProxy server.
 +
sstLBaaSHost: haproxy-002.os.stoney-cloud.com                  # Fully qualified domain name (FQDN) of the second HAProxy server.
 +
sstBelongsToResellerUID: 4000000
 +
sstBelongsToCustomerUID: 4000001
 +
sstBelongsToServiceUID: 4000003                                # The service belongs to the first backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/).
 +
sstBelongsToServiceUID: 4000004                                # The service belongs to the second backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/).
 +
</source>
 +
 
 +
The following table describes the different attributes:
 +
{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"
 +
! style="text-align:left; width: 180px" | Attribute
 +
! style="text-align:left; width: 220px" | Objectclass
 +
! style="width: 80px"                  | Existance
 +
! style="width: 80px"                  | Mandatory
 +
! style="text-align:left;"              | Description
 +
 
 +
|-
 +
| uid
 +
| account
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| The unique identifier (uid). This attribute is created by the Self-Service interface by reading (and incrementing) the next free uid from <cod>cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org</code>.
 +
 
 +
|-
 +
| description
 +
| account
 +
| <center>MAY</center>
 +
| <center>x</center>
 +
|  Human readable description: fqdn (backend host 1, backend host 1).
 +
 
 +
For example: <code>www.example.com (sst-int-001, sst-int-002)</code>.
 +
 
 +
|
 +
|-
 +
| sstIsActive
 +
| sstRelationship
 +
| <center>MAY</center>
 +
| <center>x</center>
 +
| Is the Load Balancer as a Service (LBaaS) account active? Either <code>TRUE</code> (yes) or <code>FALSE</code> (no). Default is <code>TRUE</code> (yes).
 +
 
 +
|-
 +
| sstLBaaSFrontendURI
 +
| sstLBaaS
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) frontend servers in the form of a Uniform Resource Identifier with optional label. Some examples:
 +
* <code>https://www.example.com/</code>
 +
* <code>https://example.com/</code>
 +
* <code>https://api.example.com/</code>
 +
 
 +
|-
 +
| sstLBaaSBackendURI
 +
| sstLBaaS
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) backend servers in the form of a Uniform Resource Identifier with optional label. Some examples:
 +
* <code>https://sst-int-001.os.stoney-cloud.com/</code>
 +
* <code>https://sst-int-002.os.stoney-cloud.com/</code>
 +
 
 +
|-
 +
| sstLBaaSHost
 +
| sstLBaaS
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) servers in the form of a fully qualified domain name. Some examples:
 +
* <code>haproxy-001.os.stoney-cloud.com</code>
 +
* <code>haproxy-002.os.stoney-cloud.com</code>
 +
 
 +
|-
 +
| sstBelongsToResellerUID
 +
| sstRelationship
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| Stores the reseller UID the leaf belongs to.
 +
 
 +
|-
 +
| sstBelongsToCustomerUID
 +
| sstRelationship
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| Stores the customer UID the leaf belongs to.
 +
 
 +
|-
 +
| sstBelongsToServiceUID
 +
| sstRelationship
 +
| <center>MAY</center>
 +
| <center>x</center>
 +
| Stores the service UID(s) this entry belongs to. The service belongs to the backend host(s) defined in the variable(s) (sstLBaaSBackendURI). This multi-valued attribute can point to multiple services (one or more LBaaS backends). Some examples:
 +
* <code>4000003</code>: The service belongs to the first backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/).
 +
* <code>4000004</code>: The service belongs to the second backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/).
 +
 
 +
|}
 +
 
 +
Legend:
 +
* '''x''': Mandatory in all cases.
 +
 
 +
=== Load Balancer as a Service (LBaaS) - Account example (with pam_ldap attributes, currently not used and implemented) ===
 +
The following example shows the OpenLDAP directory entry for the Load Balancer as a Service (LBaaS) account with the uid number 3730083:
 +
 
 
<source lang="ldif">
 
<source lang="ldif">
 
dn: uid=3730083,ou=accounts,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
 
dn: uid=3730083,ou=accounts,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
Line 310: Line 456:
 
objectclass: posixAccount
 
objectclass: posixAccount
 
objectclass: shadowAccount
 
objectclass: shadowAccount
objectclass: sstWiki
+
objectclass: sstLBaaS
 
objectclass: sstProvisioning
 
objectclass: sstProvisioning
 
objectclass: sstRelationship
 
objectclass: sstRelationship
Line 317: Line 463:
 
uidNumber: 3730083
 
uidNumber: 3730083
 
gidNumber: 3730083
 
gidNumber: 3730083
cn: 3730083.stoney-wiki.com
+
cn: 3730083
gecos: 3730083.stoney-wiki.com
+
gecos: Example Ltd. (www.example.com)                          # This appears in the 'getent passwd' output. Company name and the main fully qualified domain name (FQDN).
homeDirectory: /var/wiki/3/083/730/3730083
+
homeDirectory: /home/3730083
 
loginShell: /bin/false
 
loginShell: /bin/false
 
shadowFlag: 134539460
 
shadowFlag: 134539460
Line 326: Line 472:
 
shadowWarning: 7
 
shadowWarning: 7
 
sstIsActive: TRUE
 
sstIsActive: TRUE
sstNotificationWarningOn: TRUE
+
sstLBaaSFrontendURI: https://www.example.com/                  # Uniform Resource Identifier with optional label.
sstNotificationWarning: quota
+
sstLBaaSFrontendURI: https://example.com/                      # Uniform Resource Identifier with optional label.
sstNotificationWarningMedium: mail
+
sstLBaaSFrontendURI: https://api.example.com/                  # Uniform Resource Identifier with optional label.
sstInformPersonUID: 1000482
+
sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/  # Uniform Resource Identifier with optional label.
sstQuota: 42949672960
+
sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/  # Uniform Resource Identifier with optional label.
sstSoftwareVersion: 1.31.5
+
sstLBaaSHost: haproxy-001.os.stoney-cloud.com                  # Fully qualified domain name (FQDN).
sstFileUploadSize: 5368709120
+
sstLBaaSHost: haproxy-002.os.stoney-cloud.com                  # Fully qualified domain name (FQDN).
host: kvm-1110
+
 
sstProvisioningMode: add
 
sstProvisioningMode: add
 
sstProvisioningExecutionDate: 0
 
sstProvisioningExecutionDate: 0
Line 339: Line 484:
 
sstBelongsToResellerUID: 4000000
 
sstBelongsToResellerUID: 4000000
 
sstBelongsToCustomerUID: 4000001
 
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002
+
sstBelongsToServiceUID: 4000003                                # The service belongs to the backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/).
 +
sstBelongsToServiceUID: 4000004                                # The service belongs to the backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/).
 
</source>
 
</source>
 +
 +
The LDIF above can be queried via the cli command <code>getent passwd</code>:
 +
<syntaxhighlight lang='bash'>
 +
getent passwd 3730083
 +
</syntaxhighlight>
 +
 +
This will result in the following output:
 +
<syntaxhighlight lang='text'>
 +
# .----------------------------------------------------------------------------- login name
 +
# |    .----------------------------------------------------------------------- encrypted password indicator
 +
# |    | .--------------------------------------------------------------------- numerical user ID
 +
# |    | |      .------------------------------------------------------------- numerical group ID
 +
# |    | |      |      .----------------------------------------------------- gecos field (the typical format is a comma-delimited list)
 +
# |    | |      |      |                              .---------------------- user home directory
 +
# |    | |      |      |                              |            .-------- user command interpreter
 +
# |    | |      |      |                              |            |
 +
# |    | |      |      |                              |            |
 +
3730083:x:3730083:3730083:Example Ltd. (www.example.com):/home/3730083:/bin/false
 +
</syntaxhighlight>
  
 
The following table describes the different attributes:
 
The following table describes the different attributes:
{| style="border-spacing:0;"
+
{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"
| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| '''Attribute'''
+
! style="text-align:left; width: 180px" | Attribute
| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| '''Objectclass'''
+
! style="text-align:left; width: 220px" | Objectclass
| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>'''Existence'''</center>
+
! style="width: 80px"                   | Existance
| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>'''Mandatory'''</center>
+
! style="width: 80px"                   | Mandatory
| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>'''Self-Service'''</center>
+
! style="text-align:left;"             | Description
| style="border-top:0.002cm solid #000000;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>'''Changeable'''</center>
+
| style="border:0.002cm solid #000000;padding:0.097cm;"| '''Description'''
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| uid
+
| uid
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| account
+
| account
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| The unique identifier (uid). This attribute is created by the Self-Service interface by reading (and incrementing) the next free uid from <cod>cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| The unique identifier (uid). This attribute is created by the Self-Service interface by reading (and incrementing) the next free uid from "cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org".
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| userPassword
+
| userPassword
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| posixAccount
+
| posixAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| Identifies the entry's password and encryption method in the following format: <code>{encryption method}encrypted password</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
 
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Identifies the entry's password and encryption method in the following format: <code>{encryption method}encrypted password</code>. For example: {SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U. This password will be automatically set through the Self-Service interface. Afterwords, the password can be changed by the user (including the reseller and customer). The initial password is stored in clear text and is encrypted by the provisioning daemon.
+
For example: <code>{SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U</code>.
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| uidNumber
+
| uidNumber
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| posixAccount
+
| posixAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Related to the /etc/shadow file, this attribute specifies the user's login ID. Has the same value as the <code>uid</code>. For example: <code>3730083</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Related to the /etc/shadow file, this attribute specifies the user's login ID. Is the same as the '''uid'''. For example: '''3730083'''.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| gidNumber
+
| gidNumber
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| posixAccount
+
| posixAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Group ID number. Has the same value as the <code>uid</code>. For example: <code>3730083</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Group ID number. Is the same as the '''uid'''. For example: '''3730083'''.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| cn
+
| cn
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| posixAccount
+
| posixAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| As we don't use this attribute (but the attribute is mandatory), we set this to <code>uid</code> value. For example: <code>3730083</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Consists of the '''uid''' and the domain '''stoney-wiki.com'''. For example: '''3730083.stoney-wiki.com'''.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| gecos
+
| gecos
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| posixAccount
+
| posixAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
|  Named for historical reasons, the GECOS field is mandatory and is used to store extra information (such as the user's full name). Utilities such as finger or getent access this field to provide additional user information. For a personal account, this entry would consist of <code>givenName</code> and <code>surname</code>, for example <code>Michael Eichenberger</code>. These values are taken from the owners entry (ou=people). For a service account, the attribute <code>sstDisplayName</code> from the corresponding service would be used for the content of this attribute. Please be aware, that this attribute is a '''IA5String''' (OID=1.3.6.1.4.1.1466.115.121.1.26) IA5 (almost ASCII) character set (7-bit). Does NOT allow extended characters e.g. é, Ø, å etc. The Self-Service interface automatically creates the content of this attribute. Consists of the '''uid''' and the domain '''stoney-wiki.com'''. For example: '''3730083.stoney-wiki.com'''.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"|  Named for historical reasons, the GECOS field is mandatory and is used to store extra information (such as the user's full name). Utilities such as finger or getent access this field to provide additional user information. For a personal account, this entry would consist of <code>givenName</code> and <code>surname</code>, for example <code>Michael Eichenberger</code>. These values are taken from the owners entry (ou=people). For a service account, the attribute <code>sstDisplayName</code> from the corresponding service would be used for the content of this attribute. Please be aware, that this attribute is a '''IA5String''' (OID=1.3.6.1.4.1.1466.115.121.1.26) IA5 (almost ASCII) character set (7-bit). Does NOT allow extended characters e.g. é, Ø, å etc. The Self-Service interface automatically creates the content of this attribute. Consists of the '''uid''' and the domain '''stoney-wiki.com'''. For example: '''3730083.stoney-wiki.com'''.
+
 
You can use:<br />
 
You can use:<br />
 
<code>~ $ echo "Tüpfelhyänenöhrchen" | iconv -f 'utf-8' -t 'ASCII//TRANSLIT'</code><br />
 
<code>~ $ echo "Tüpfelhyänenöhrchen" | iconv -f 'utf-8' -t 'ASCII//TRANSLIT'</code><br />
Line 413: Line 566:
 
Please be aware, that some characters don't get converted properly ... For example: Ø and £. The characters $ and € work.
 
Please be aware, that some characters don't get converted properly ... For example: Ø and £. The characters $ and € work.
  
|-
+
This appears in the 'getent passwd' output. Company name and the main fully qualified domain name (FQDN). For example: <code>Example Ltd. (www.example.com)</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| homeDirectory
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| posixAccount
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| The directory path corresponds with the 7 digit account uid. The following example describes, how the directory structure is built up for the account with the uid '''3730083'''.
+
<code>/var/wiki/g/efg/bcd/abcdefg</code><br/>
+
<code>/var/wiki/3/083/730/3730083</code>
+
This attribute is created by the Self-Service interface.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| loginShell
+
| homeDirectory
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| posixAccount
+
| posixAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| The directory path corresponds with the 7 digit account uid. The following example describes, how the directory structure is built up for the account with the uid <code>3730083</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| The path to the login shell. The default is '''/bin/false''' and can no be changed.
+
  
|-
+
<code>/home/abcdefg</code><br/>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| shadowFlag
+
<code>/home/3730083</code>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| shadowAccount
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Related to the /etc/shadow file, this attribute is currently not used and is reserved for future use. The default is set to '''134539460''' and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org" entry.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| shadowLastChange
+
| loginShell
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| shadowAccount
+
| posixAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| The path to the login shell. The default is <code>/bin/false</code> and must not be changed.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Related to the /etc/shadow file, this attribute specifies number of days between January 1, 1970, and the date that the password was last modified. Must be set to the day, that the password was set (must be updated, when the password is changed). This attribute is created by the Self-Service interface.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| shadowMax
+
| shadowFlag
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| shadowAccount
+
| shadowAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Related to the <code>/etc/shadow</code> file, this attribute is currently not used and is reserved for future use. The default is set to <code>134539460</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Related to the /etc/shadow file, this attribute specifies the maximum number of days the password is valid. The default is '''99999''', which corresponds to about 273 years. In reality, this means, that the user does not need to change the password. This attribute is created by the Self-Service interface. The value is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org" entry.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| shadowWarning
+
| shadowLastChange
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| shadowAccount
+
| shadowAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Related to the <code>/etc/shadow</code> file, this attribute specifies number of days between January 1, 1970, and the date that the password was last modified. Must be set to the day, that the password was set (must be updated, when the password is changed).  
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Related to the /etc/shadow file, this attribute specifies the number of days before the password expires that the user is warned. The default is '''7''' and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org" entry.
+
  
|-
+
To create this value, you can use: <code>echo $(($(date --utc --date "$1" +%s)/86400))</code>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstIsActive
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstWiki
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Is the wiki account active? Either <code>TRUE</code> (yes) or <code>FALSE</code> (no). Default is <code>TRUE</code> (yes) and is taken from the "ou=defaults,uid=<UID>,ou=reseller,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org" entry.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstNotificationWarningOn
+
| shadowMax
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstWiki
+
| shadowAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Related to the <code>/etc/shadow</code> file, this attribute specifies the maximum number of days the password is valid. The default is <code>99999</code>, which corresponds to about 273 years. In reality, this means, that the user does not need to change the password.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Are the users notification warnings turned on or not? Either <code>TRUE</code> (yes) or <code>FALSE</code> (no). Default is TRUE (yes) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org" entry.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstNotificationWarning
+
| shadowWarning
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstWiki
+
| shadowAccount
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Related to the <code>/etc/shadow</code> file, this attribute specifies the number of days before the password expires that the user is warned. The default is <code>7</code>.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| This multi-valued attribute will be used to turn single notifications on or off. The attribute <code>sstWikiWarningOn</code> must be set to <code>TRUE</code>.
+
 
+
Currently, the Load Balancer as a Service (LBaaS) only supports <code>quota</code> (the names correspond with the template dn).
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstNotificationWarningMedium
+
| sstIsActive
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstWiki
+
| sstRelationship
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Is the Load Balancer as a Service (LBaaS) account active? Either <code>TRUE</code> (yes) or <code>FALSE</code> (no). Default is <code>TRUE</code> (yes).
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| The notification medium, either sms (points to the multi-valued attribute <code>mobileTelephoneNumber</code>) or mail (points to the multi-valued attribute <code>mail</code>). Currently, only mail is supported. This is the default is taken from the "ou=defaults,uid=<UID>,ou=reseller,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org" entry.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstSoftwareVersion
+
| sstLBaaSFrontendURI
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstWiki
+
| sstLBaaS
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) frontend servers in the form of a Uniform Resource Identifier with optional label. Some examples:
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
* <code>https://www.example.com/</code>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| TBD
+
* <code>https://example.com/</code>
 +
* <code>https://api.example.com/</code>
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstFileUploadSize
+
| sstLBaaSBackendURI
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstWiki
+
| sstLBaaS
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) backend servers in the form of a Uniform Resource Identifier with optional label. Some examples:
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
* <code>https://sst-int-001.os.stoney-cloud.com/</code>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| TBD
+
* <code>https://sst-int-002.os.stoney-cloud.com/</code>
 
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| host
+
| sstLBaaSHost
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstWiki
+
| sstLBaaS
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) servers in the form of a fully qualified domain name. Some examples:
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
* <code>haproxy-001.os.stoney-cloud.com</code>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| TBD
+
* <code>haproxy-002.os.stoney-cloud.com</code>
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstProvisioningMode
+
| sstProvisioningMode
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstProvisioning
+
| sstProvisioning
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| The provisioning mode, either <code>add</code>, <code>modify</code> or <code>delete</code>. For a new account, this attribute must be set to <code>add</code>. See [[#Provisioning | Provisioning]] for details.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| The provisioning mode, either <code>add</code>, <code>modify</code> or <code>delete</code>. For a new account, this attribute must be set to <code>add</code>. See [[#Provisioning | Provisioning]] for details.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstProvisioningExecutionDate
+
| sstProvisioningExecutionDate
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstProvisioning
+
| sstProvisioning
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| The date the provisioning shall occur in the form of [YYYY][MM][DD] ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]). For a new account, this attribute must be set to '''0'''. See [[#Provisioning | Provisioning]] for details.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| The date the provisioning shall occur in the form of [YYYY][MM][DD] ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]). For a new account, this attribute must be set to '''0'''. See [[#Provisioning | Provisioning]] for details.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstProvisioningReturnValue
+
| sstProvisioningReturnValue
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstProvisioning
+
| sstProvisioning
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| <center></center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| The provisioning return value written by the [[stoney_wiki:_prov-wiki-mediawiki |prov-wiki-mediawiki]] daemon. '''0''' means success, '''>0''' means failure. See the prov-wiki-mediawiki [[stoney_wiki:_prov-wiki-mediawiki#Exit_Codes | Exit Codes]] for detailed information.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| The provisioning return value written by the [[stoney_wiki:_prov-wiki-mediawiki |prov-wiki-mediawiki]] daemon. '''0''' means success, '''>0''' means failure. See the prov-wiki-mediawiki [[stoney_wiki:_prov-wiki-mediawiki#Exit_Codes | Exit Codes]] for detailed information.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstProvisioningState
+
| sstProvisioningState
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstProvisioning
+
| sstProvisioning
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| The provisioning state, either 0 or in the form of  [YYYY][MM][DD]T[hh][mm][ss] ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]). For a new account, this attribute must be set to '''0'''. See [[#Provisioning | Provisioning]] for details.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| The provisioning state, either 0 or in the form of  [YYYY][MM][DD]T[hh][mm][ss] ([http://en.wikipedia.org/wiki/ISO_8601 ISO 8601]). For a new account, this attribute must be set to '''0'''. See [[#Provisioning | Provisioning]] for details.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToResellerUID
+
| sstBelongsToResellerUID
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"|
+
| sstRelationship
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Stores the reseller UID the leaf belongs to.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Stores the reseller UID the leaf belongs to.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToCustomerUID
+
| sstBelongsToCustomerUID
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| TBD
+
| sstRelationship
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MUST</center>
+
| <center>MUST</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x</center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Stores the customer UID the leaf belongs to.
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Stores the customer UID the leaf belongs to.
+
  
 
|-
 
|-
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstBelongsToPersonUID
+
| sstBelongsToServiceUID
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| sstRelationship
+
| sstRelationship
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>MAY</center>
+
| <center>MAY</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center>x<sup>3</sup></center>
+
| <center>x</center>
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| Stores the service UID(s) this entry belongs to. The service belongs to the backend host(s) defined in the variable(s) (sstLBaaSBackendURI). This multi-valued attribute can point to multiple services (one or more LBaaS backends).
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:none;padding:0.097cm;"| <center></center>
+
| style="border-top:none;border-bottom:0.002cm solid #000000;border-left:0.002cm solid #000000;border-right:0.002cm solid #000000;padding:0.097cm;"| Stores the person UID the leaf belongs to.
+
  
 
|}
 
|}
Line 603: Line 703:
 
Legend:
 
Legend:
 
* '''x''': Mandatory in all cases.
 
* '''x''': Mandatory in all cases.
* '''x<sup>1</sup>''': Only show, if the number is larger than zero.
 
* '''x<sup>2</sup>''': Only show, if <code>sstWikiWarningOn</code> is set to <code>TRUE</code>.
 
* '''x<sup>3</sup>''': Either <code>sstBelongsToPersonUID</code> or <code>sstBelongsToServiceUID</code> must bei set.
 
  
 
== Load Balancer as a Service (LBaaS) - Groups ==
 
== Load Balancer as a Service (LBaaS) - Groups ==
Line 617: Line 714:
 
</source>
 
</source>
  
=== Load Balancer as a Service (LBaaS) - Group example ===
+
The following table describes the different attributes:
 +
{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"
 +
! style="text-align:left; width: 180px" | Attribute
 +
! style="text-align:left; width: 220px" | Objectclass
 +
! style="width: 80px"                  | Existance
 +
! style="width: 80px"                  | Mandatory
 +
! style="text-align:left;"              | Description
 +
 
 +
|-
 +
| ou
 +
| organizationalUnit
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| The name of the leaf.
 +
 
 +
In this case: <code>groups</code>.
 +
 
 +
|-
 +
| description
 +
| organizationalUnit
 +
| <center>MAY</center>
 +
| <center>x</center>
 +
| The description of the leaf.
 +
 
 +
In this case: <code>The sub tree for the groups of the Load Balancer as a Service (LBaaS).</code>
 +
 
 +
|}
 +
 
 +
Legend:
 +
* '''x''': Mandatory in all cases.
 +
 
 +
=== Load Balancer as a Service (LBaaS) - Group example (with pam_ldap attributes, currently not used and implemented) ===
 +
The following example shows the OpenLDAP directory entry for the Load Balancer as a Service (LBaaS) group with the uid number 3730083:
 +
 
 
<source lang="ldif">
 
<source lang="ldif">
 
dn: cn=3730083,ou=groups,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
 
dn: cn=3730083,ou=groups,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
Line 625: Line 755:
 
cn: 3730083
 
cn: 3730083
 
gidNumber: 3730083
 
gidNumber: 3730083
sstIsActive: TRUE
 
 
sstBelongsToResellerUID: 4000000
 
sstBelongsToResellerUID: 4000000
 
sstBelongsToCustomerUID: 4000001
 
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002
+
sstBelongsToServiceUID: 4000003                                # The service belongs to the backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/).
 +
sstBelongsToServiceUID: 4000004                                # The service belongs to the backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/).
 
</source>
 
</source>
 +
 +
The following table describes the different attributes:
 +
{| border="1" style="border-collapse: collapse; font-size:80%;" width="100%" class="wikitable sortable"
 +
! style="text-align:left; width: 180px" | Attribute
 +
! style="text-align:left; width: 220px" | Objectclass
 +
! style="width: 80px"                  | Existance
 +
! style="width: 80px"                  | Mandatory
 +
! style="text-align:left;"              | Description
 +
 +
|-
 +
| cn
 +
| posixGroup
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| As we don't use this attribute (but the attribute is mandatory and is part of the dn), we set this to <code>uid</code> value. For example: <code>3730083</code>.
 +
 +
|-
 +
| gidNumber
 +
| posixGroup
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| The numerical group ID of the Load Balancer as a Service (LBaaS) group.
 +
 +
|-
 +
| sstBelongsToResellerUID
 +
| sstRelationship
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| Stores the reseller UID the leaf belongs to.
 +
 +
|-
 +
| sstBelongsToCustomerUID
 +
| sstRelationship
 +
| <center>MUST</center>
 +
| <center>x</center>
 +
| Stores the customer UID the leaf belongs to.
 +
 +
|-
 +
| sstBelongsToServiceUID
 +
| sstRelationship
 +
| <center>MAY</center>
 +
| <center>x</center>
 +
| Stores the service UID(s) this entry belongs to. The service belongs to the backend host(s) defined in the variable(s) (sstLBaaSBackendURI). This multi-valued attribute can point to multiple services (one or more LBaaS backends).
 +
 +
|}
 +
 +
Legend:
 +
* '''x''': Mandatory in all cases.
  
 
= Links =
 
= Links =

Latest revision as of 15:23, 30 January 2023

Abstract

This document describes the OpenLDAP directory data organisation for the Load Balancer as a Service (LBaaS).

Data Organisation

The following chapters explain the data organisation of the stoney cloud OpenLDAP directory. In this case we are looking at the Load Balancer as a Service (LBaaS).

Load Balancer as a Service (LBaaS)

The sub tree ou=lbaas,ou=services,dc=stoney-cloud,dc=org contains all the HAProxy based Load Balancer as a Service (LBaaS) data. The following LDIF shows the lbaas LDAP entry for the Load Balancer as a Service (LBaaS):

dn: ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: lbaas
description: The sub tree for the HAproxy based Load Balancer as a Service (LBaaS).

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
ou organizationalUnit
MUST
x
The name of the leaf.

For the HAProxy based Load Balancer as a Service (LBaaS) this is: lbaas.

description organizationalUnit
MAY
x
The description of the leaf.

For the HAProxy based Load Balancer as a Service (LBaaS) the description ist is: The sub tree for the HAproxy based Load Balancer as a Service (LBaaS).

Legend:

  • x: Mandatory in all cases.

Load Balancer as a Service (LBaaS) - Configuration (currently not used and implemented)

The sub tree for the configuration of the Load Balancer as a Service (LBaaS):

dn: ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: configuration
description: The sub tree for the configuration of the HAProxy based Load Balancer as a Service (LBaaS).

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
ou organizationalUnit
MUST
x
The name of the leaf.

For the configuration of the HAProxy based Load Balancer as a Service (LBaaS) this is: configuration.

description organizationalUnit
MAY
x
The description of the leaf.

For the configuration of the HAProxy based Load Balancer as a Service (LBaaS) this is: The sub tree for the configuration of the HAProxy based Load Balancer as a Service (LBaaS).

Legend:

  • x: Mandatory in all cases.

Load Balancer as a Service (LBaaS) - Configuration - Provisioning daemon (currently not used and implemented)

See the Services description for the naming convention.

The sub tree for the configuration of the prov-lbaas-haproxy daemon:

dn: ou=prov-lbaas-haproxy,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstServiceConfigurationObjectClass
ou: prov-lbaas-haproxy
description: The sub tree for the configuration of the prov-lbaas-haproxy provisioning daemon.
sstIsActive: TRUE

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
ou organizationalUnit
MUST
x
The name of the leaf.

For the HAProxy based Load Balancer as a Service (LBaaS) prov-lbaas-haproxy provisioning daemon this is: prov-lbaas-haproxy.

description organizationalUnit
MAY
x
The description of the leaf.

For the HAProxy based Load Balancer as a Service (LBaaS) prov-lbaas-haproxy provisioning daemon this is: The sub tree for the configuration of the prov-lbaas-haproxy provisioning daemon.

sstIsActive sstServiceConfigurationObjectClass
MUST
x
Is the entry active? Either TRUE (yes) or FALSE (no).

The default value is TRUE.

Legend:

  • x: Mandatory in all cases.

Load Balancer as a Service (LBaaS) - Configuration - Reseller (currently not used and implemented)

The sub tree for the reseller specific Load Balancer as a Service (LBaaS) settings:

dn: ou=reseller,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: reseller
description: The sub tree for the reseller specific configuration of the HAProxy based Load Balancer as a Service (LBaaS).

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
ou organizationalUnit
MUST
x
The name of the leaf.

For the reseller specific HAProxy based Load Balancer as a Service (LBaaS) service this is: reseller.

description organizationalUnit
MAY
x
The description of the leaf.

For the reseller specific HAProxy based Load Balancer as a Service (LBaaS) service this is: The sub tree for the configuration of the HAProxy based Load Balancer as a Service (LBaaS).

Legend:

  • x: Mandatory in all cases.

The sub tree for the specific Load Balancer as a Service (LBaaS) settings for the reseller Reseller Ltd. with the uid 4000000.

dn: uid=4000000,ou=reseller,ou=configuration,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstReseller
objectclass: sstServiceConfigurationObjectClass
uid: 4000000
organizationName: Reseller Ltd.
description: The sub tree for the specific Load Balancer as a Service (LBaaS) settings for the reseller Reseller Ltd. with the uid 4000000.
sstIsActive: TRUE
sstIsCompany: TRUE
sstIsDefault: TRUE
sstBelongsToResellerUID: 4000000

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
uid sstReseller
MUST
x
A unique integer value with 7 digits or more.

For example: uid: 4000000 corresponds with sstBelongsToResellerUID: 4000000.

organizationName sstReseller
MAY
x1
The company name.

For example: stepping stone AG.

givenName sstReseller
MAY
x1
Name.

For example: Hans.

surname sstReseller
MAY
x1
Surname.

For example: Muster.

description sstReseller
MAY
x
The description of the leaf.

For example: The sub tree for the specific Load Balancer as a Service (LBaaS) settings for the reseller Reseller Ltd. with the uid 4000000.

sstIsActive sstReseller
MUST
x
Is the entry active? Either TRUE (yes) or FALSE (no).

The default value is TRUE.

sstIsCompany sstReseller
MUST
x
Do we have an organisation or a private person? Either TRUE (yes) or FALSE (no).

The default value is TRUE.

sstIsDefault sstServiceConfigurationObjectClass
MAY
x
Is this leaf a default entry? Either TRUE (yes) or FALSE (no). If sstIsDefault is set to TRUE, this entry acts as a fall back configuration. In other words: If a reseller doesn't have his own Load Balancer as a Service (LBaaS) configuration, then this one will be used.

As you would normally have only one default configuration per cloud, the default value is FALSE.

sstBelongsToResellerUID sstReseller
MUST
x
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more.

For example: sstBelongsToResellerUID: 4000000 corresponds with uid: 4000000.

Legend:

  • x: Mandatory in all cases.
  • x1: If sstIsCompany is set to TRUE, the organizationName must be set. Otherwise givenName and surname must be set.

Load Balancer as a Service (LBaaS) - Accounts

The sub tree for the accounts of the Load Balancer as a Service (LBaaS):

dn: ou=accounts,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: accounts
description: The sub tree for the accounts of the Load Balancer as a Service (LBaaS).

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
ou organizationalUnit
MUST
x
The name of the leaf.

In this case: accounts.

description organizationalUnit
MAY
x
The description of the leaf.

In this case: The sub tree for the accounts of the Load Balancer as a Service (LBaaS).

Legend:

  • x: Mandatory in all cases.


Load Balancer as a Service (LBaaS) - Account example

The following example shows the OpenLDAP directory entry for the Load Balancer as a Service (LBaaS) account with the uid number 4000005:

dn: uid=4000005,ou=accounts,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: account
objectclass: sstLBaaS
objectclass: sstRelationship
uid: 4000005
description: www.example.com (sst-int-001, sst-int-002)        # Human readable description: fqdn (backend host 1, backend host 1)
sstIsActive: TRUE
sstLBaaSFrontendURI: https://www.example.com/                  # Uniform Resource Identifier with optional label.
sstLBaaSFrontendURI: https://example.com/                      # Uniform Resource Identifier with optional label.
sstLBaaSFrontendURI: https://api.example.com/                  # Uniform Resource Identifier with optional label.
sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/   # Uniform Resource Identifier with optional label of the first backend host.
sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/   # Uniform Resource Identifier with optional label of the second backend host.
sstLBaaSHost: haproxy-001.os.stoney-cloud.com                  # Fully qualified domain name (FQDN) of the first HAProxy server.
sstLBaaSHost: haproxy-002.os.stoney-cloud.com                  # Fully qualified domain name (FQDN) of the second HAProxy server.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToServiceUID: 4000003                                # The service belongs to the first backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/).
sstBelongsToServiceUID: 4000004                                # The service belongs to the second backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/).

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
uid account
MUST
x
The unique identifier (uid). This attribute is created by the Self-Service interface by reading (and incrementing) the next free uid from <cod>cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org</code>.
description account
MAY
x
Human readable description: fqdn (backend host 1, backend host 1).

For example: www.example.com (sst-int-001, sst-int-002).

sstIsActive sstRelationship
MAY
x
Is the Load Balancer as a Service (LBaaS) account active? Either TRUE (yes) or FALSE (no). Default is TRUE (yes).
sstLBaaSFrontendURI sstLBaaS
MUST
x
This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) frontend servers in the form of a Uniform Resource Identifier with optional label. Some examples:
sstLBaaSBackendURI sstLBaaS
MUST
x
This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) backend servers in the form of a Uniform Resource Identifier with optional label. Some examples:
sstLBaaSHost sstLBaaS
MUST
x
This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) servers in the form of a fully qualified domain name. Some examples:
  • haproxy-001.os.stoney-cloud.com
  • haproxy-002.os.stoney-cloud.com
sstBelongsToResellerUID sstRelationship
MUST
x
Stores the reseller UID the leaf belongs to.
sstBelongsToCustomerUID sstRelationship
MUST
x
Stores the customer UID the leaf belongs to.
sstBelongsToServiceUID sstRelationship
MAY
x
Stores the service UID(s) this entry belongs to. The service belongs to the backend host(s) defined in the variable(s) (sstLBaaSBackendURI). This multi-valued attribute can point to multiple services (one or more LBaaS backends). Some examples:

Legend:

  • x: Mandatory in all cases.

Load Balancer as a Service (LBaaS) - Account example (with pam_ldap attributes, currently not used and implemented)

The following example shows the OpenLDAP directory entry for the Load Balancer as a Service (LBaaS) account with the uid number 3730083:

dn: uid=3730083,ou=accounts,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: account
objectclass: posixAccount
objectclass: shadowAccount
objectclass: sstLBaaS
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 3730083
userPassword: {SSHA}E/KLUgeAtApAPQ7mG2GMddCxTE9m9QOS
uidNumber: 3730083
gidNumber: 3730083
cn: 3730083
gecos: Example Ltd. (www.example.com)                          # This appears in the 'getent passwd' output. Company name and the main fully qualified domain name (FQDN).
homeDirectory: /home/3730083
loginShell: /bin/false
shadowFlag: 134539460
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
sstIsActive: TRUE
sstLBaaSFrontendURI: https://www.example.com/                  # Uniform Resource Identifier with optional label.
sstLBaaSFrontendURI: https://example.com/                      # Uniform Resource Identifier with optional label.
sstLBaaSFrontendURI: https://api.example.com/                  # Uniform Resource Identifier with optional label.
sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/   # Uniform Resource Identifier with optional label.
sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/   # Uniform Resource Identifier with optional label.
sstLBaaSHost: haproxy-001.os.stoney-cloud.com                  # Fully qualified domain name (FQDN).
sstLBaaSHost: haproxy-002.os.stoney-cloud.com                  # Fully qualified domain name (FQDN).
sstProvisioningMode: add
sstProvisioningExecutionDate: 0
sstProvisioningState: 0
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToServiceUID: 4000003                                # The service belongs to the backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/).
sstBelongsToServiceUID: 4000004                                # The service belongs to the backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/).

The LDIF above can be queried via the cli command getent passwd:

getent passwd 3730083

This will result in the following output:

# .----------------------------------------------------------------------------- login name
# |     .----------------------------------------------------------------------- encrypted password indicator
# |     | .--------------------------------------------------------------------- numerical user ID
# |     | |       .------------------------------------------------------------- numerical group ID
# |     | |       |       .----------------------------------------------------- gecos field (the typical format is a comma-delimited list)
# |     | |       |       |                              .---------------------- user home directory
# |     | |       |       |                              |             .-------- user command interpreter
# |     | |       |       |                              |             |
# |     | |       |       |                              |             |
3730083:x:3730083:3730083:Example Ltd. (www.example.com):/home/3730083:/bin/false

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
uid account
MUST
x
The unique identifier (uid). This attribute is created by the Self-Service interface by reading (and incrementing) the next free uid from <cod>cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org</code>.
userPassword posixAccount
MAY
x
Identifies the entry's password and encryption method in the following format: {encryption method}encrypted password.

For example: {SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U.

uidNumber posixAccount
MUST
x
Related to the /etc/shadow file, this attribute specifies the user's login ID. Has the same value as the uid. For example: 3730083.
gidNumber posixAccount
MUST
x
Group ID number. Has the same value as the uid. For example: 3730083.
cn posixAccount
MUST
x
As we don't use this attribute (but the attribute is mandatory), we set this to uid value. For example: 3730083.
gecos posixAccount
MAY
x
Named for historical reasons, the GECOS field is mandatory and is used to store extra information (such as the user's full name). Utilities such as finger or getent access this field to provide additional user information. For a personal account, this entry would consist of givenName and surname, for example Michael Eichenberger. These values are taken from the owners entry (ou=people). For a service account, the attribute sstDisplayName from the corresponding service would be used for the content of this attribute. Please be aware, that this attribute is a IA5String (OID=1.3.6.1.4.1.1466.115.121.1.26) IA5 (almost ASCII) character set (7-bit). Does NOT allow extended characters e.g. é, Ø, å etc. The Self-Service interface automatically creates the content of this attribute. Consists of the uid and the domain stoney-wiki.com. For example: 3730083.stoney-wiki.com.

You can use:
~ $ echo "Tüpfelhyänenöhrchen" | iconv -f 'utf-8' -t 'ASCII//TRANSLIT'
which gives you:
Tuepfelhyaenenoehrchen
or:
iconv("UTF-8", "ASCII//TRANSLIT", "Tüpfelhyänenöhrchen")
Please be aware, that some characters don't get converted properly ... For example: Ø and £. The characters $ and € work.

This appears in the 'getent passwd' output. Company name and the main fully qualified domain name (FQDN). For example: Example Ltd. (www.example.com).

homeDirectory posixAccount
MUST
x
The directory path corresponds with the 7 digit account uid. The following example describes, how the directory structure is built up for the account with the uid 3730083.

/home/abcdefg
/home/3730083

loginShell posixAccount
MAY
x
The path to the login shell. The default is /bin/false and must not be changed.
shadowFlag shadowAccount
MAY
x
Related to the /etc/shadow file, this attribute is currently not used and is reserved for future use. The default is set to 134539460.
shadowLastChange shadowAccount
MAY
x
Related to the /etc/shadow file, this attribute specifies number of days between January 1, 1970, and the date that the password was last modified. Must be set to the day, that the password was set (must be updated, when the password is changed).

To create this value, you can use: echo $(($(date --utc --date "$1" +%s)/86400))

shadowMax shadowAccount
MAY
x
Related to the /etc/shadow file, this attribute specifies the maximum number of days the password is valid. The default is 99999, which corresponds to about 273 years. In reality, this means, that the user does not need to change the password.
shadowWarning shadowAccount
MAY
x
Related to the /etc/shadow file, this attribute specifies the number of days before the password expires that the user is warned. The default is 7.
sstIsActive sstRelationship
MAY
x
Is the Load Balancer as a Service (LBaaS) account active? Either TRUE (yes) or FALSE (no). Default is TRUE (yes).
sstLBaaSFrontendURI sstLBaaS
MUST
x
This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) frontend servers in the form of a Uniform Resource Identifier with optional label. Some examples:
sstLBaaSBackendURI sstLBaaS
MUST
x
This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) backend servers in the form of a Uniform Resource Identifier with optional label. Some examples:
sstLBaaSHost sstLBaaS
MUST
x
This multi-valued attribute stores one or more Load Balancer as a Service (LBaaS) servers in the form of a fully qualified domain name. Some examples:
  • haproxy-001.os.stoney-cloud.com
  • haproxy-002.os.stoney-cloud.com
sstProvisioningMode sstProvisioning
MUST
x
The provisioning mode, either add, modify or delete. For a new account, this attribute must be set to add. See Provisioning for details.
sstProvisioningExecutionDate sstProvisioning
MUST
x
The date the provisioning shall occur in the form of [YYYY][MM][DD] (ISO 8601). For a new account, this attribute must be set to 0. See Provisioning for details.
sstProvisioningReturnValue sstProvisioning
MAY
The provisioning return value written by the prov-wiki-mediawiki daemon. 0 means success, >0 means failure. See the prov-wiki-mediawiki Exit Codes for detailed information.
sstProvisioningState sstProvisioning
MUST
x
The provisioning state, either 0 or in the form of [YYYY][MM][DD]T[hh][mm][ss] (ISO 8601). For a new account, this attribute must be set to 0. See Provisioning for details.
sstBelongsToResellerUID sstRelationship
MUST
x
Stores the reseller UID the leaf belongs to.
sstBelongsToCustomerUID sstRelationship
MUST
x
Stores the customer UID the leaf belongs to.
sstBelongsToServiceUID sstRelationship
MAY
x
Stores the service UID(s) this entry belongs to. The service belongs to the backend host(s) defined in the variable(s) (sstLBaaSBackendURI). This multi-valued attribute can point to multiple services (one or more LBaaS backends).

Legend:

  • x: Mandatory in all cases.

Load Balancer as a Service (LBaaS) - Groups

The sub tree for the groups of the Load Balancer as a Service (LBaaS):

dn: ou=groups,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
description: The sub tree for the groups of the Load Balancer as a Service (LBaaS).

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
ou organizationalUnit
MUST
x
The name of the leaf.

In this case: groups.

description organizationalUnit
MAY
x
The description of the leaf.

In this case: The sub tree for the groups of the Load Balancer as a Service (LBaaS).

Legend:

  • x: Mandatory in all cases.

Load Balancer as a Service (LBaaS) - Group example (with pam_ldap attributes, currently not used and implemented)

The following example shows the OpenLDAP directory entry for the Load Balancer as a Service (LBaaS) group with the uid number 3730083:

dn: cn=3730083,ou=groups,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: posixGroup
objectclass: sstRelationship
cn: 3730083
gidNumber: 3730083
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToServiceUID: 4000003                                # The service belongs to the backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/).
sstBelongsToServiceUID: 4000004                                # The service belongs to the backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/).

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
cn posixGroup
MUST
x
As we don't use this attribute (but the attribute is mandatory and is part of the dn), we set this to uid value. For example: 3730083.
gidNumber posixGroup
MUST
x
The numerical group ID of the Load Balancer as a Service (LBaaS) group.
sstBelongsToResellerUID sstRelationship
MUST
x
Stores the reseller UID the leaf belongs to.
sstBelongsToCustomerUID sstRelationship
MUST
x
Stores the customer UID the leaf belongs to.
sstBelongsToServiceUID sstRelationship
MAY
x
Stores the service UID(s) this entry belongs to. The service belongs to the backend host(s) defined in the variable(s) (sstLBaaSBackendURI). This multi-valued attribute can point to multiple services (one or more LBaaS backends).

Legend:

  • x: Mandatory in all cases.

Links