Changes
/* Load Balancer as a Service (LBaaS) - Account example */
=== Load Balancer as a Service (LBaaS) - Account example ===
The following example shows the OpenLDAP directory entry for the Load Balancer as a Service (LBaaS) account with the uid number 37420054000005:
<source lang="ldif">
dn: uid=37420054000005,ou=accounts,ou=lbaas,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: account
objectclass: sstLBaaS
objectclass: sstRelationship
uid: 37420054000005
description: www.example.com (sst-int-001, sst-int-002) # Human readable description: fqdn (backend host 1, backend host 1)
sstIsActive: TRUE
|-
| userPassworddescription| posixAccountaccount
| <center>MAY</center>
| <center>x</center>
| Identifies the entry's password and encryption method in the following format Human readable description: <code>{encryption method}encrypted password</code>fqdn (backend host 1, backend host 1).
For example: <code>{SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U</code>www. |-| uidNumber| posixAccount| <center>MUST</center>| <center>x</center>| Related to the /etc/shadow file, this attribute specifies the user's login ID. Has the same value as the <code>uid</code>. For example: <code>3730083</code>. |-| gidNumber| posixAccount| <center>MUST</center>| <center>x</center>| Group ID number. Has the same value as the <code>uid</code>. For example: <code>3730083</code>. |-| cn| posixAccount| <center>MUST</center>| <center>x</center>| As we don't use this attribute (but the attribute is mandatory), we set this to <code>uid</code> value. For example: <code>3730083</code>. |-| gecos| posixAccount| <center>MAY</center>| <center>x</center>| Named for historical reasons, the GECOS field is mandatory and is used to store extra information (such as the user's full name). Utilities such as finger or getent access this field to provide additional user information. For a personal account, this entry would consist of <code>givenName</code> and <code>surname</code>, for example <code>Michael Eichenberger</code>. These values are taken from the owners entry (ou=people). For a service account, the attribute <code>sstDisplayName</code> from the corresponding service would be used for the content of this attribute. Please be aware, that this attribute is a '''IA5String''' (OID=1.3.6.1.4.1.1466.115.121.1.26) IA5 (almost ASCII) character set (7-bit). Does NOT allow extended characters e.g. é, Ø, å etc. The Self-Service interface automatically creates the content of this attribute. Consists of the '''uid''' and the domain '''stoney-wiki.com'''. For example: '''3730083.stoney-wiki.com'''.You can use:<br /><code>~ $ echo "Tüpfelhyänenöhrchen" | iconv -f 'utf-8' -t 'ASCII//TRANSLIT'</code><br />which gives you:<br /><code>Tuepfelhyaenenoehrchen</code><br />or:<br /><code>iconv("UTFsst-8", "ASCII//TRANSLIT", "Tüpfelhyänenöhrchen")</code><br />Please be aware, that some characters don't get converted properly ... For example: Ø and £. The characters $ and € work. This appears in the 'getent passwd' output. Company name and the main fully qualified domain name (FQDN). For example: <code>Example Ltd. (www.example.com)</code>. |int-| homeDirectory| posixAccount| <center>MUST</center>| <center>x</center>| The directory path corresponds with the 7 digit account uid. The following example describes001, how the directory structure is built up for the account with the uid <code>3730083</code>. <code>/home/abcdefg</code><br/><code>/home/3730083</code> |sst-| loginShell| posixAccount| <center>MAY</center>| <center>x</center>| The path to the login shell. The default is <code>/bin/false</code> and must not be changed. |int-| shadowFlag| shadowAccount| <center>MAY</center>| <center>x</center>| Related to the <code>/etc/shadow</code> file, this attribute is currently not used and is reserved for future use. The default is set to <code>134539460</code>. |-| shadowLastChange| shadowAccount| <center>MAY</center>| <center>x</center>| Related to the <code>/etc/shadow</code> file, this attribute specifies number of days between January 1, 1970, and the date that the password was last modified. Must be set to the day, that the password was set (must be updated, when the password is changed002). To create this value, you can use: <code>echo $(($(date --utc --date "$1" +%s)/86400))</code> |-| shadowMax| shadowAccount| <center>MAY</center>| <center>x</center>| Related to the <code>/etc/shadow</code> file, this attribute specifies the maximum number of days the password is valid. The default is <code>99999</code>, which corresponds to about 273 years. In reality, this means, that the user does not need to change the password. |-| shadowWarning| shadowAccount| <center>MAY</center>| <center>x</center>| Related to the <code>/etc/shadow</code> file, this attribute specifies the number of days before the password expires that the user is warned. The default is <code>7</code>.
|
|-
| sstIsActive
* <code>haproxy-001.os.stoney-cloud.com</code>
* <code>haproxy-002.os.stoney-cloud.com</code>
|-
| <center>MAY</center>
| <center>x</center>
| Stores the service UID(s) this entry belongs to. The service belongs to the backend host(s) defined in the variable(s) (sstLBaaSBackendURI). This multi-valued attribute can point to multiple services (one or more LBaaS backends). Some examples:* <code>4000003</code>: The service belongs to the first backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-001.os.stoney-cloud.com/).* <code>4000004</code>: The service belongs to the second backend host defined in the variabe (sstLBaaSBackendURI: https://sst-int-002.os.stoney-cloud.com/).
|}
