Abstract

This document describes the OpenLDAP directory data organisation for the stoney cloud (Online) Backup service.

Data Organisation

The following chapters explain the data organisation of the stoney cloud OpenLDAP directory, in this case we looking at the (Online) Backup service.

Backup

The following LDIF shows the backup entry of the whole OpenLDAP directory tree for the stoney cloud:

dn: ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: organizationalUnit
objectclass: top
ou: backup

Backup Configuration

The sub tree for the configuration of the (online) backup service:

dn: ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: configuration
description: The sub tree for the configuration of the (online) backup service.

Backup rsnapshot Provisioning Daemon

The sub tree for the configuration of the prov-backup-rsnapshot daemon:

dn: ou=prov-backup-rsnapshot,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstServiceConfigurationObjectClass
ou: prov-backup-rsnapshot
description: The sub tree for the configuration of the prov-backup-rsnapshot daemon.
sstIsActive: TRUE

The following table describes the different attributes:

Attribute	Existence	Mandatory	Description
description	MAY	x	The description of the leaf.
sstIsActive	MAY	x	Is the entry active? Either true (yes) or false (no).

Legend:

• x: Mandatory in all cases.

Backup Reseller

The sub tree for the reseller specific (online) backup service settings:

dn: ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: reseller
description: The sub tree for the reseller specific (online) backup service settings.

The sub tree for the specific (online) backup service settings for the reseller Reseller Ltd. with the uid 4000000.

dn: uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstReseller
objectclass: sstServiceConfigurationObjectClass
uid: 4000000
o: Reseller Ltd.
description: The sub tree for the specific (online) backup service settings for the reseller Reseller Ltd. with the uid 4000000.
sstIsActive: TRUE
sstIsDefault: TRUE

Backup Reseller Billing

The sub tree for the billing information of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=billing,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: TBD
ou: billing
description: The sub tree for the billing information of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.
TBD: Der Aufbau sollte so sein, dass er hierarchische Informationen abbilden könnte. Oder wir machen den normalen Billing Tree, den wir ursprünglich vorgeshene haben.

Backup Reseller Backup Account Defaults

The sub tree for the backup account defaults for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=defaults,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstBackup
ou: defaults
description: The sub tree for the default settings of the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.
loginShell: /bin/sh
shadowMax: 99999
shadowWarning: 7
shadowFlag: 134539460
sstBackupWarningDays: 1
sstBackupWarningNumbers: 0
sstBackupWarningOn: FALSE
sstNotificationWarningLevel: 85
sstNotificationWarningMedium: mail
sstBackupSize: 0
sstIncrementSize: 0
sstBackupIntervalHourly: 0
sstBackupIntervalDaily: 7
sstBackupIntervalWeekly: 4
sstBackupIntervalMonthly: 3
sstBackupIntervalYearly: 0
sstUseSelfcare: FALSE
sstUseSSH: TRUE
sstIsActive: TRUE

The following table describes the different attributes:

Attribute	Existence	Mandatory	Selfcare	Changeable	Description
ou	MUST	x
description	MAY	x
loginShell	MAY	x			The path to the login shell. The default is /bin/sh.
shadowMax	MAY	x			Related to the /etc/shadow file, this attribute specifies the maximum number of days the password is valid. The default is 99999, which corresponds to about 273 years. In reality, this means, that the user does not need to change the password.
shadowWarning	MAY	x			Related to the /etc/shadow file, this attribute specifies the number of days before the password expires that the user is warned. The default is 7.
shadowFlag	MAY	x			Related to the /etc/shadow file, this attribute is currently not used and is reserved for future use. The default is set to 134539460.
sstVolumeCapacityDefault	MAY	x
sstVolumeCapacityMin	MAY	x
sstVolumeCapacityMax	MAY	x
sstVolumeCapacityStep	MAY	x
sstQuotaChange	MAY	x			Can the user change the quota? Either TRUE (yes) or FALSE (no). Default is FALSE (no).
sstBackupWarningDays	MUST	x			After how many missed backup days should the user be warned. Possible values are between 0 and 99. Default is 1.
sstBackupWarningNumbers	MUST	x			After how many missed backups should the user be warned. Possible values are between 0 and 99. Default is 0.
sstBackupWarningOn	MUST	x			Does the user want to informed about failed backups (TRUE) or not (FALSE).
sstNotificationWarningLevel	MUST	x			The quota notification level in percent, when the owner of the backup needs to warned. A value between 0 and 100. The default is 85 percent.
sstNotificationWarningMedium	MUST	x			The notification medium, either sms (points to the multi-valued attribute mobileTelephoneNumber) or mail (points to the multi-valued attribute mail). Currently, only mail is supported.
sstNotificationWarningMediumChange	MAY	x			Can a user change the notification warning medium? Either TRUE (yes) or FALSE (no). The default is FALSE (no).
sstNotificationWarningMediumAdd	MAY	x			Can a user add new notification warning mediums (mobileTelephoneNumber or mail? Either TRUE (yes) or FALSE (no). The default is TRUE (yes). Currently, only adding new mail addresses are supported.
sstBackupIntervalHourly	MUST	x			How many hourly backups do we want? The default is 0.
sstBackupIntervalDaily	MUST	x			How many daily backups do we want? The default is 7.
sstBackupIntervalWeekly	MUST	x			How many weekly backups do we want? The default is 4.
sstBackupIntervalMonthly	MUST	x			How many monthly backups do we want? The default is 3.
sstBackupIntervalYearly	MUST	x			How many yearly backups do we want? The default is 0.
sstIsActive	MUST	x			Is the backup account active? Either TRUE (yes) or FALSE (no). Default is TRUE (yes).
sstUseSelfcare	MUST	x			Can the selfcare interface be used with the credentials of the backup account? Either TRUE (yes) or FALSE (no). Default is FALSE (no).
sstUseSSH	MUST	x			Is the ssh service active for the backup account? Either TRUE (yes) or FALSE (no). Default is TRUE (yes).

Legend:

• x: Mandatory in all cases.

Backup Reseller Backup Notification Settings

The sub tree stores the notification information for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000. This information is used independently of the notification settings of the users. The idea is, that the reseller can receive notifications for a customer and reaction on the received information (for example, when the quota has been reached:

dn: ou=notifications,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstNotificationObjectClass
ou: notifications
description: The sub tree stores the notification information for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000. This information is used independently of the notification settings of the users.
sstNotificationWarning: quota
sstNotificationWarning: schedule
sstNotificationWarning: unsuccessful

The following table describes the different attributes:

Attribute	Existence	Mandatory	Selfcare	Changeable	Description
ou	MUST	x
description	MAY	x
sstNotificationWarning	MAY				This multi-valued attribute will be used to turn single notifications on or off. The attribute sstBackupWarningOn must be set to TRUE Possible values are quota, schedule and unsuccessful (the names correspond with the template dn).

Legend:

• x: Mandatory in all cases.

Backup Reseller Backup Account Settings

The sub tree stores the information about what can be modified in which scope for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=settings,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstServiceSettingsObjectClass
ou: settings
description: This sub tree stores the information about what can be modified in which scope.
sstVolumeCapacityDefault: 1073741824
sstVolumeCapacityMin: 1073741824
sstVolumeCapacityMax: 536870912000
sstVolumeCapacityStep: 1073741824
sstNotificationWarningMediumChange: FALSE
sstNotificationWarningMediumAdd: TRUE
sstQuotaChange: FALSE
sstSendCredentialsTo: owner
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>

Human readable format:

• sstVolumeCapacityDefault: 1 Gigabyte
• sstVolumeCapacityMin: 1 Gigabyte
• sstVolumeCapacityMax: 500 Gigabytes
• sstVolumeCapacityStep: 1 Gigabyte

The following table describes how to calculate the sstVolumeCapacity* attributes:

Size	Calculation	Value
1 Byte	1	1
1 Kilobyte	1 x 1024	1024
1 Megabyte	1 x 1024 x 1024	1048576
1 Gigabyte	1 x 1024 x 1024 x 1024	1073741824
5 Gigabytes	5 x 1024 x 1024 x 1024	5368709120
10 Gigabytes	10 x 1024 x 1024 x 1024	10737418240
100 Gigabytes	100 x 1024 x 1024 x 1024	107374182400
500 Gigabytes	500 x 1024 x 1024 x 1024	536870912000
1 Terabyte	1 x 1024 x 1024 x 1024 x 1024	1099511627776

The following table describes the different attributes:

Attribute	Existence	Mandatory	Selfcare	Changeable	Description
ou	MUST	x
description	MAY	x
sstVolumeCapacityDefault	MAY	x
sstVolumeCapacityMin	MAY	x
sstVolumeCapacityMax	MAY	x
sstVolumeCapacityStep	MAY	x			Arrow left / Arrow right: 1 Gigabyte (sstVolumeCapacityStep) Page up / Page down: 10 Gigabyte (10 x sstVolumeCapacityStep)
sstNotificationWarningMediumChange	MAY	x			Can a user change the notification warning medium? Either TRUE (yes) or FALSE (no). The default is FALSE (no).
sstNotificationWarningMediumAdd	MAY	x			Can a user add new notification warning mediums (mobileTelephoneNumber or mail? Either TRUE (yes) or FALSE (no). The default is TRUE (yes). Currently, only adding new mail addresses are supported.
sstQuotaChange	MAY	x			Can the user change the quota? Either TRUE (yes) or FALSE (no). Default is FALSE (no).
sstSendCredentialsTo	MAY	x			To whom do we send the access data or credentials. At least one entry must exist. Possible values: sstSendCredentialsTo: login: The access data or credentials are sent to the person logged in. sstSendCredentialsTo: owner: The access data or credentials are sent to the owner (person), the service belongs to.
sstMailFrom	MAY	x			The mail address, from which the credentials are to be sent from. In the example from above, this value is Support stepping stone GmbH <support@stepping-stone.ch>.

Legend:

• x: Mandatory in all cases.

Backup Reseller Templates

This sub tree contains the templates for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000:

dn: ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: templates
description: This sub tree contains the templates for the (online) backup service for the reseller Reseller Ltd. with the uid 4000000.

Backup Reseller Quota Templates

This sub tree contains the quota templates for the (online) backup service:

dn: ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateSetup
ou: quota
description: This sub tree contains the quota templates for the (online) backup service. The leaf contains the information about the sender and default recipient of the mails sent.
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTo: Support stepping stone GmbH <support@stepping-stone.ch>

Backup Reseller Quota Templates for de-CH

The Swiss German template looks as follows:

{$salutation} {$surname}

Ihr Online Backup Konto {$uid} ist zu {$percent}% voll.
- Sie verwenden {$size} von {$quota} Gigabyte.
- Grösse des aktuellen Backups: {$backup_size} Gigabyte
- Grösse der Iterationen (Snapshots): {$snapshot_size} Gigabyte.

Daher lassen sich neue oder geänderte Daten nicht mehr sichern und Sie
verlieren die Möglichkeit auf das Backup dieser Daten zurückzugreifen.

Um die weitere Sicherung Ihrer Daten zu garantieren, bieten sich
folgende Möglichkeiten an.

Mehr Speicherplatz bestellen:
Geben Sie dazu bitte Ihre Online Backup Konto ID (7-stellige Nummer) und
die gewünschte neue Backup-Grösse an. Für mögliche Angebote und deren
Preise siehe http://www.stepping-stone.ch/produkte/online-backup/

Dateien / Verzeichnisse ausschliessen:
Schliessen Sie unkritische Daten aus Ihrem Backup aus. Diese werden
anschliessend nicht mehr gesichert und belegen somit keinen neuen
Speicherplatz auf Ihrem Konto.


Für Fragen stehen wir Ihnen gerne zur Verfügung.


Freundliche Grüsse
Ihr Support-Team der stepping stone GmbH

--
stepping stone GmbH
Neufeldstrasse 9
CH-3012 Bern

Telefon: +41 31 332 53 63
www.stepping-stone.ch
support@stepping-stone.ch

Before saving the template in the OpenLDAP directory, you need to encode the template into base64. Save the above template into a file called quota_de-CH.txt. Then execute the following command:

base64 quota_de-CH.txt

The result will look as follows:

eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHIgT25saW5lIEJhY2t1cCBLb250byB7JHVpZH0g
aXN0IHp1IHskcGVyY2VudH0lIHZvbGwuCi0gU2llIHZlcndlbmRlbiB7JHNpemV9IHZvbiB7JHF1
b3RhfSBHaWdhYnl0ZS4KLSBHcsO2c3NlIGRlcyBha3R1ZWxsZW4gQmFja3VwczogeyRiYWNrdXBf
c2l6ZX0gR2lnYWJ5dGUKLSBHcsO2c3NlIGRlciBJdGVyYXRpb25lbiAoU25hcHNob3RzKTogeyRz
bmFwc2hvdF9zaXplfSBHaWdhYnl0ZS4KCkRhaGVyIGxhc3NlbiBzaWNoIG5ldWUgb2RlciBnZcOk
bmRlcnRlIERhdGVuIG5pY2h0IG1laHIgc2ljaGVybiB1bmQgU2llCnZlcmxpZXJlbiBkaWUgTcO2
Z2xpY2hrZWl0IGF1ZiBkYXMgQmFja3VwIGRpZXNlciBEYXRlbiB6dXLDvGNrenVncmVpZmVuLgoK
VW0gZGllIHdlaXRlcmUgU2ljaGVydW5nIElocmVyIERhdGVuIHp1IGdhcmFudGllcmVuLCBiaWV0
ZW4gc2ljaApmb2xnZW5kZSBNw7ZnbGljaGtlaXRlbiBhbi4KCk1laHIgU3BlaWNoZXJwbGF0eiBi
ZXN0ZWxsZW46CkdlYmVuIFNpZSBkYXp1IGJpdHRlIElocmUgT25saW5lIEJhY2t1cCBLb250byBJ
RCAoNy1zdGVsbGlnZSBOdW1tZXIpIHVuZApkaWUgZ2V3w7xuc2NodGUgbmV1ZSBCYWNrdXAtR3LD
tnNzZSBhbi4gRsO8ciBtw7ZnbGljaGUgQW5nZWJvdGUgdW5kIGRlcmVuClByZWlzZSBzaWVoZSBo
dHRwOi8vd3d3LnN0ZXBwaW5nLXN0b25lLmNoL3Byb2R1a3RlL29ubGluZS1iYWNrdXAvCgpEYXRl
aWVuIC8gVmVyemVpY2huaXNzZSBhdXNzY2hsaWVzc2VuOgpTY2hsaWVzc2VuIFNpZSB1bmtyaXRp
c2NoZSBEYXRlbiBhdXMgSWhyZW0gQmFja3VwIGF1cy4gRGllc2Ugd2VyZGVuCmFuc2NobGllc3Nl
bmQgbmljaHQgbWVociBnZXNpY2hlcnQgdW5kIGJlbGVnZW4gc29taXQga2VpbmVuIG5ldWVuClNw
ZWljaGVycGxhdHogYXVmIElocmVtIEtvbnRvLgoKCkbDvHIgRnJhZ2VuIHN0ZWhlbiB3aXIgSWhu
ZW4gZ2VybmUgenVyIFZlcmbDvGd1bmcuCgoKRnJldW5kbGljaGUgR3LDvHNzZQpJaHIgU3VwcG9y
dC1UZWFtIGRlciBzdGVwcGluZyBzdG9uZSBHbWJICgotLQpzdGVwcGluZyBzdG9uZSBHbWJICk5l
dWZlbGRzdHJhc3NlIDkKQ0gtMzAxMiBCZXJuCgpUZWxlZm9uOiArNDEgMzEgMzMyIDUzIDYzCnd3
dy5zdGVwcGluZy1zdG9uZS5jaApzdXBwb3J0QHN0ZXBwaW5nLXN0b25lLmNoIAo=

The resulting LDIF looks as follows (make sure, that you add two colons after sstMailTemplate to tell the OpenLDAP server, that the content is encoded in base64):

dn: ou=de-CH,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateLanguage
ou: de-CH
sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHIgT25saW5lIEJhY2t1cCBLb250byB7JHVpZH0g
 aXN0IHp1IHskcGVyY2VudH0lIHZvbGwuCi0gU2llIHZlcndlbmRlbiB7JHNpemV9IHZvbiB7JHF1
 b3RhfSBHaWdhYnl0ZS4KLSBHcsO2c3NlIGRlcyBha3R1ZWxsZW4gQmFja3VwczogeyRiYWNrdXBf
 c2l6ZX0gR2lnYWJ5dGUKLSBHcsO2c3NlIGRlciBJdGVyYXRpb25lbiAoU25hcHNob3RzKTogeyRz
 bmFwc2hvdF9zaXplfSBHaWdhYnl0ZS4KCkRhaGVyIGxhc3NlbiBzaWNoIG5ldWUgb2RlciBnZcOk
 bmRlcnRlIERhdGVuIG5pY2h0IG1laHIgc2ljaGVybiB1bmQgU2llCnZlcmxpZXJlbiBkaWUgTcO2
 Z2xpY2hrZWl0IGF1ZiBkYXMgQmFja3VwIGRpZXNlciBEYXRlbiB6dXLDvGNrenVncmVpZmVuLgoK
 VW0gZGllIHdlaXRlcmUgU2ljaGVydW5nIElocmVyIERhdGVuIHp1IGdhcmFudGllcmVuLCBiaWV0
 ZW4gc2ljaApmb2xnZW5kZSBNw7ZnbGljaGtlaXRlbiBhbi4KCk1laHIgU3BlaWNoZXJwbGF0eiBi
 ZXN0ZWxsZW46CkdlYmVuIFNpZSBkYXp1IGJpdHRlIElocmUgT25saW5lIEJhY2t1cCBLb250byBJ
 RCAoNy1zdGVsbGlnZSBOdW1tZXIpIHVuZApkaWUgZ2V3w7xuc2NodGUgbmV1ZSBCYWNrdXAtR3LD
 tnNzZSBhbi4gRsO8ciBtw7ZnbGljaGUgQW5nZWJvdGUgdW5kIGRlcmVuClByZWlzZSBzaWVoZSBo
 dHRwOi8vd3d3LnN0ZXBwaW5nLXN0b25lLmNoL3Byb2R1a3RlL29ubGluZS1iYWNrdXAvCgpEYXRl
 aWVuIC8gVmVyemVpY2huaXNzZSBhdXNzY2hsaWVzc2VuOgpTY2hsaWVzc2VuIFNpZSB1bmtyaXRp
 c2NoZSBEYXRlbiBhdXMgSWhyZW0gQmFja3VwIGF1cy4gRGllc2Ugd2VyZGVuCmFuc2NobGllc3Nl
 bmQgbmljaHQgbWVociBnZXNpY2hlcnQgdW5kIGJlbGVnZW4gc29taXQga2VpbmVuIG5ldWVuClNw
 ZWljaGVycGxhdHogYXVmIElocmVtIEtvbnRvLgoKCkbDvHIgRnJhZ2VuIHN0ZWhlbiB3aXIgSWhu
 ZW4gZ2VybmUgenVyIFZlcmbDvGd1bmcuCgoKRnJldW5kbGljaGUgR3LDvHNzZQpJaHIgU3VwcG9y
 dC1UZWFtIGRlciBzdGVwcGluZyBzdG9uZSBHbWJICgotLQpzdGVwcGluZyBzdG9uZSBHbWJICk5l
 dWZlbGRzdHJhc3NlIDkKQ0gtMzAxMiBCZXJuCgpUZWxlZm9uOiArNDEgMzEgMzMyIDUzIDYzCnd3
 dy5zdGVwcGluZy1zdG9uZS5jaApzdXBwb3J0QHN0ZXBwaW5nLXN0b25lLmNoIAo=

Backup Reseller Quota Templates for en-GB (Fallback Template)

The British English template looks as follows:

{$salutation} {$surname}

Your Online Backup account {$uid} is full by {$percent}%.
- You are using {$size} of {$quota} Gigabyte.
- Size of current backup: {$backup_size} Gigabyte
- Size of iterations (snapshots): {$snapshot_size} Gigabyte.

Therefore new or changed files won't be saved anymore and you loose the
ability to restore them from your backup.


In order to assure an uninterrupted backup service, consider one of the
following possibilities.

Increase your Online Backup storage amount:
Increase the storage capabilities of your Online Backup account by
ordering more space. Please provide us with your Online Backup account
ID (7-digit number) and the desired backup size.
For possible offers and their prices see:
http://www.stepping-stone.ch/en/products/online-backup/

Exclude files / directories:
Exclude non-critical data from your backup. Those won't be backed up any
more and won't use additional space within your account.


If you have any further questions do not hesitate to contact us.


Best regards
your stepping stone GmbH support team

--
stepping stone GmbH
Neufeldstrasse 9
CH-3012 Bern

Telefon: +41 31 332 53 63
www.stepping-stone.ch
support@stepping-stone.ch

Before saving the template in the OpenLDAP directory, you need to encode the template into base64. Save the above template into a file called quota_en-GB.txt. Then execute the following command:

base64 quota_en-GB.txt

The result will look as follows:

eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpZb3VyIE9ubGluZSBCYWNrdXAgYWNjb3VudCB7JHVp
ZH0gaXMgZnVsbCBieSB7JHBlcmNlbnR9JS4KLSBZb3UgYXJlIHVzaW5nIHskc2l6ZX0gb2YgeyRx
dW90YX0gR2lnYWJ5dGUuCi0gU2l6ZSBvZiBjdXJyZW50IGJhY2t1cDogeyRiYWNrdXBfc2l6ZX0g
R2lnYWJ5dGUKLSBTaXplIG9mIGl0ZXJhdGlvbnMgKHNuYXBzaG90cyk6IHskc25hcHNob3Rfc2l6
ZX0gR2lnYWJ5dGUuCgpUaGVyZWZvcmUgbmV3IG9yIGNoYW5nZWQgZmlsZXMgd29uJ3QgYmUgc2F2
ZWQgYW55bW9yZSBhbmQgeW91IGxvb3NlIHRoZQphYmlsaXR5IHRvIHJlc3RvcmUgdGhlbSBmcm9t
IHlvdXIgYmFja3VwLgoKCkluIG9yZGVyIHRvIGFzc3VyZSBhbiB1bmludGVycnVwdGVkIGJhY2t1
cCBzZXJ2aWNlLCBjb25zaWRlciBvbmUgb2YgdGhlCmZvbGxvd2luZyBwb3NzaWJpbGl0aWVzLgoK
SW5jcmVhc2UgeW91ciBPbmxpbmUgQmFja3VwIHN0b3JhZ2UgYW1vdW50OgpJbmNyZWFzZSB0aGUg
c3RvcmFnZSBjYXBhYmlsaXRpZXMgb2YgeW91ciBPbmxpbmUgQmFja3VwIGFjY291bnQgYnkKb3Jk
ZXJpbmcgbW9yZSBzcGFjZS4gUGxlYXNlIHByb3ZpZGUgdXMgd2l0aCB5b3VyIE9ubGluZSBCYWNr
dXAgYWNjb3VudApJRCAoNy1kaWdpdCBudW1iZXIpIGFuZCB0aGUgZGVzaXJlZCBiYWNrdXAgc2l6
ZS4KRm9yIHBvc3NpYmxlIG9mZmVycyBhbmQgdGhlaXIgcHJpY2VzIHNlZToKaHR0cDovL3d3dy5z
dGVwcGluZy1zdG9uZS5jaC9lbi9wcm9kdWN0cy9vbmxpbmUtYmFja3VwLwoKRXhjbHVkZSBmaWxl
cyAvIGRpcmVjdG9yaWVzOgpFeGNsdWRlIG5vbi1jcml0aWNhbCBkYXRhIGZyb20geW91ciBiYWNr
dXAuIFRob3NlIHdvbid0IGJlIGJhY2tlZCB1cCBhbnkKbW9yZSBhbmQgd29uJ3QgdXNlIGFkZGl0
aW9uYWwgc3BhY2Ugd2l0aGluIHlvdXIgYWNjb3VudC4KCgpJZiB5b3UgaGF2ZSBhbnkgZnVydGhl
ciBxdWVzdGlvbnMgZG8gbm90IGhlc2l0YXRlIHRvIGNvbnRhY3QgdXMuCgoKQmVzdCByZWdhcmRz
CnlvdXIgc3RlcHBpbmcgc3RvbmUgR21iSCBzdXBwb3J0IHRlYW0KCi0tCnN0ZXBwaW5nIHN0b25l
IEdtYkgKTmV1ZmVsZHN0cmFzc2UgOQpDSC0zMDEyIEJlcm4KClRlbGVmb246ICs0MSAzMSAzMzIg
NTMgNjMKd3d3LnN0ZXBwaW5nLXN0b25lLmNoCnN1cHBvcnRAc3RlcHBpbmctc3RvbmUuY2ggCg==

The resulting LDIF looks as follows (make sure, that you add two colons after sstMailTemplate to tell the OpenLDAP server, that the content is encoded in base64):

dn: ou=en-GB,ou=quota,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: sstTemplateLanguage
objectclass: top
objectclass: organizationalUnit
ou: en-GB
sstIsDefault: TRUE
sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpZb3VyIE9ubGluZSBCYWNrdXAgYWNjb3VudCB7JHVp
 ZH0gaXMgZnVsbCBieSB7JHBlcmNlbnR9JS4KLSBZb3UgYXJlIHVzaW5nIHskc2l6ZX0gb2YgeyRx
 dW90YX0gR2lnYWJ5dGUuCi0gU2l6ZSBvZiBjdXJyZW50IGJhY2t1cDogeyRiYWNrdXBfc2l6ZX0g
 R2lnYWJ5dGUKLSBTaXplIG9mIGl0ZXJhdGlvbnMgKHNuYXBzaG90cyk6IHskc25hcHNob3Rfc2l6
 ZX0gR2lnYWJ5dGUuCgpUaGVyZWZvcmUgbmV3IG9yIGNoYW5nZWQgZmlsZXMgd29uJ3QgYmUgc2F2
 ZWQgYW55bW9yZSBhbmQgeW91IGxvb3NlIHRoZQphYmlsaXR5IHRvIHJlc3RvcmUgdGhlbSBmcm9t
 IHlvdXIgYmFja3VwLgoKCkluIG9yZGVyIHRvIGFzc3VyZSBhbiB1bmludGVycnVwdGVkIGJhY2t1
 cCBzZXJ2aWNlLCBjb25zaWRlciBvbmUgb2YgdGhlCmZvbGxvd2luZyBwb3NzaWJpbGl0aWVzLgoK
 SW5jcmVhc2UgeW91ciBPbmxpbmUgQmFja3VwIHN0b3JhZ2UgYW1vdW50OgpJbmNyZWFzZSB0aGUg
 c3RvcmFnZSBjYXBhYmlsaXRpZXMgb2YgeW91ciBPbmxpbmUgQmFja3VwIGFjY291bnQgYnkKb3Jk
 ZXJpbmcgbW9yZSBzcGFjZS4gUGxlYXNlIHByb3ZpZGUgdXMgd2l0aCB5b3VyIE9ubGluZSBCYWNr
 dXAgYWNjb3VudApJRCAoNy1kaWdpdCBudW1iZXIpIGFuZCB0aGUgZGVzaXJlZCBiYWNrdXAgc2l6
 ZS4KRm9yIHBvc3NpYmxlIG9mZmVycyBhbmQgdGhlaXIgcHJpY2VzIHNlZToKaHR0cDovL3d3dy5z
 dGVwcGluZy1zdG9uZS5jaC9lbi9wcm9kdWN0cy9vbmxpbmUtYmFja3VwLwoKRXhjbHVkZSBmaWxl
 cyAvIGRpcmVjdG9yaWVzOgpFeGNsdWRlIG5vbi1jcml0aWNhbCBkYXRhIGZyb20geW91ciBiYWNr
 dXAuIFRob3NlIHdvbid0IGJlIGJhY2tlZCB1cCBhbnkKbW9yZSBhbmQgd29uJ3QgdXNlIGFkZGl0
 aW9uYWwgc3BhY2Ugd2l0aGluIHlvdXIgYWNjb3VudC4KCgpJZiB5b3UgaGF2ZSBhbnkgZnVydGhl
 ciBxdWVzdGlvbnMgZG8gbm90IGhlc2l0YXRlIHRvIGNvbnRhY3QgdXMuCgoKQmVzdCByZWdhcmRz
 CnlvdXIgc3RlcHBpbmcgc3RvbmUgR21iSCBzdXBwb3J0IHRlYW0KCi0tCnN0ZXBwaW5nIHN0b25l
 IEdtYkgKTmV1ZmVsZHN0cmFzc2UgOQpDSC0zMDEyIEJlcm4KClRlbGVmb246ICs0MSAzMSAzMzIg
 NTMgNjMKd3d3LnN0ZXBwaW5nLXN0b25lLmNoCnN1cHBvcnRAc3RlcHBpbmctc3RvbmUuY2ggCg==

Backup Reseller Schedule Templates

This sub tree contains the schedule templates for the (online) backup service:

dn: ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateSetup
ou: schedule
description: This sub tree contains the schedule templates for the (online) backup service. The leaf contains the information about the sender and default recipient of the mails sent.
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTo: Support stepping stone GmbH <support@stepping-stone.ch>

Backup Reseller Schedule Templates for de-CH

dn: ou=de-CH,ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateLanguage
ou: de-CH
sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHIgYW0geyRzY2hlZHVsZWRfZGF0ZX0gdW0geyRz
 Y2hlZHVsZWRfdGltZX0gVWhyIGdlcGxhbnRlcyBCYWNrdXAgZsO8ciBkZW4gQWNjb3VudCAneyRn
 ZWNvc30nIHVuZCBkZW4gQ29tcHV0ZXIgJ3skY29tcHV0ZXJ9JyB3dXJkZSBuaWNodCBhdXNnZWzD
 tnN0Lgp7JGxhc3Rfc3VjY2Vzc19kZX0KCkZhbGxzIElociBDb21wdXRlciAneyRjb21wdXRlcn0n
 IGFtIHskc2NoZWR1bGVkX2RhdGV9IHVtIHskc2NoZWR1bGVkX3RpbWV9IFVociBuaWNodCBnZWxh
 dWZlbiBpc3QsIGvDtm5uZW4gU2llIGRpZXNlIE5hY2hyaWNodAppZ25vcmllcmVuLiBBbnNvbnN0
 ZW4ga29udHJvbGxpZXJlbiBTaWUgYml0dGUsIG9iIGRpZSBOZXR6d2Vyay1WZXJiaW5kdW5nIGlu
 IE9yZG51bmcgaXN0LgoKTWl0IGZyZXVuZGxpY2hlbiBHcsO8c3NlbgpJaHIgU3VwcG9ydCBUZWFt
 IGRlciBzdGVwcGluZyBzdG9uZSBHbWJICgotLQpzdGVwcGluZyBzdG9uZSBHbWJICk5ldWZlbGRz
 dHJhc3NlIDkKQ0gtMzAxMiBCZXJuCgpUZWxlZm9uOiArNDEgMzEgMzMyIDUzIDYzCnd3dy5zdGVw
 cGluZy1zdG9uZS5jaApzdXBwb3J0QHN0ZXBwaW5nLXN0b25lLmNoCg==

Backup Reseller Schedule Templates for en-GB (Fallback Template)

dn: ou=en-GB,ou=schedule,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateLanguage
ou: en-GB
sstIsDefault: TRUE
sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpZb3VyIGJhY2t1cCBmb3IgdGhlIGFjY291bnQgJ3sk
 Z2Vjb3N9JyBhbmQgdGhlIGNvbXB1dGVyICd7JGNvbXB1dGVyfScsIHNjaGVkdWxlZCBmb3IgdGhl
 IHskc2NoZWR1bGVkX2RhdGV9IGF0IHskc2NoZWR1bGVkX3RpbWV9LCB3YXMgbm90IGV4ZWN1dGVk
 Lgp7JGxhc3Rfc3VjY2Vzc19lbn0KCklmIHlvdXIgY29tcHV0ZXIgd2Fzbid0IHJ1bm5pbmcgb24g
 dGhlIHskc2NoZWR1bGVkX2RhdGV9IGF0IHskc2NoZWR1bGVkX3RpbWV9LCB5b3UgY2FuIGlnbm9y
 ZSB0aGlzIG1lc3NhZ2UuCk90aGVyd2lzZSBwbGVhc2UgY2hlY2ssIGlmIHlvdXIgbmV0d29yayBz
 ZXR0aW5ncyBhcmUgY29ycmVjdC4KCktpbmQgcmVnYXJkcwp5b3VyIHN0ZXBwaW5nIHN0b25lIEdt
 Ykggc3VwcG9ydCB0ZWFtCgotLQpzdGVwcGluZyBzdG9uZSBHbWJICk5ldWZlbGRzdHJhc3NlIDkK
 Q0gtMzAxMiBCZXJuCgpUZWxlZm9uOiArNDEgMzEgMzMyIDUzIDYzCnd3dy5zdGVwcGluZy1zdG9u
 ZS5jaApzdXBwb3J0QHN0ZXBwaW5nLXN0b25lLmNoIAo=

Backup Reseller Unsuccessful Templates

This sub tree contains the unsuccessful templates for the (online) backup service:

dn: ou=unsuccessful,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateSetup
ou: unsuccessful
description: This sub tree contains the schedule templates for the (online) backup service. The leaf contains the information about the sender and default recipient of the mails sent.
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTo: Support stepping stone GmbH <support@stepping-stone.ch>

Backup Reseller Unsuccessful Templates for de-CH

dn: ou=de-CH,ou=unsuccessful,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateLanguage
ou: de-CH
sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpJaHIgYW0geyRzY2hlZHVsZWRfZGF0ZX0gdW0geyRz
 Y2hlZHVsZWRfdGltZX0gVWhyIGdlcGxhbnRlcyBCYWNrdXAgZsO8ciBkZW4gQWNjb3VudCAneyRn
 ZWNvc30nIHVuZCBkZW4gQ29tcHV0ZXIgJ3skY29tcHV0ZXJ9JyB3YXIgbmljaHQgZXJmb2xncmVp
 Y2guCnskbGFzdF9zdWNjZXNzX2RlfQoKRmFsbHMgZGFzIFByb2JsZW0gbWl0IGVpbmVtIG1hbnVl
 bGxlbiBCYWNrdXAgYmVob2JlbiB3ZXJkZW4ga2Fubiwga8O2bm5lbiBTaWUgZGllc2UKTmFjaHJp
 Y2h0IGlnbm9yaWVyZW4uIEFuc29uc3RlbiBnaWJ0IGVzIGVpbiBncsO2c3NlcmVzIFByb2JsZW0u
 IEJpdHRlIGtvbnRha3RpZXJlbiAKU2llIHVucyB1bnRlciA6IHN1cHBvcnRAc3RlcHBpbmctc3Rv
 bmUuY2gKCk1pdCBmcmV1bmRsaWNoZW4gR3LDvHNzZW4KSWhyIFN1cHBvcnQgVGVhbSBkZXIgc3Rl
 cHBpbmcgc3RvbmUgR21iSAoKLS0Kc3RlcHBpbmcgc3RvbmUgR21iSApOZXVmZWxkc3RyYXNzZSA5
 CkNILTMwMTIgQmVybgoKVGVsZWZvbjogKzQxIDMxIDMzMiA1MyA2Mwp3d3cuc3RlcHBpbmctc3Rv
 bmUuY2gKc3VwcG9ydEBzdGVwcGluZy1zdG9uZS5jaCAK

Backup Reseller Unsuccessful Templates for en-GB (Fallback Template)

dn: ou=en-GB,ou=unsuccessful,ou=templates,uid=4000000,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstTemplateLanguage
ou: en-GB
sstIsDefault: TRUE
sstMailTemplate:: eyRzYWx1dGF0aW9ufSB7JHN1cm5hbWV9CgpZb3VyIGJhY2t1cCBmb3IgdGhlIGFjY291bnQgJ3sk
 Z2Vjb3N9JyBhbmQgdGhlIGNvbXB1dGVyICd7JGNvbXB1dGVyfScsIHNjaGVkdWxlZCBmb3IgdGhl
 IHskc2NoZWR1bGVkX2RhdGV9IGF0IHskc2NoZWR1bGVkX3RpbWV9LCB3YXMgbm90IHN1Y2Nlc3Nm
 dWwuCnskbGFzdF9zdWNjZXNzX2VufQoKSWYgdGhlIHByb2JsZW0gY2FuIGJlIHNvbHZlZCB3aXRo
 IGEgbWFudWFsIEJhY2t1cCwgeW91IG1heSBpZ25vcmUgdGhpcyBtZXNzYWdlLiAKT3RoZXJ3aXNl
 IHBsZWFzZSBjb250YWN0IHVzIHVuZGVyOiBzdXBwb3J0QHN0ZXBwaW5nLXN0b25lLmNoCgpLaW5k
 IHJlZ2FyZHMKeW91ciBzdGVwcGluZyBzdG9uZSBHbWJIIHN1cHBvcnQgdGVhbQoKLS0Kc3RlcHBp
 bmcgc3RvbmUgR21iSApOZXVmZWxkc3RyYXNzZSA5CkNILTMwMTIgQmVybgoKVGVsZWZvbjogKzQx
 IDMxIDMzMiA1MyA2Mwp3d3cuc3RlcHBpbmctc3RvbmUuY2gKc3VwcG9ydEBzdGVwcGluZy1zdG9u
 ZS5jaCAK

Backup Accounts

The sub tree for the accounts of the (online) backup service:

dn: ou=accounts,ou=backup,ou=services,dc=foss-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: accounts
description: The sub tree for the accounts of the (online) backup service.

Backup Account Example

Each (Online) Backup service account has it's own change root (chroot, jail) directory. The following example shows the OpenLDAP directory entry for the (online) backup account with the uid number 3723707:

dn: uid=3723707,ou=accounts,ou=backup,ou=services,dc=stoney-cloud,dc=org
objectclass: top
objectclass: account
objectclass: posixAccount
objectclass: shadowAccount
objectclass: sstBackup
objectclass: sstProvisioning
objectclass: sstRelationship
uid: 3723707
userPassword: {SSHA}E/KLUgeAtApAPQ7mG2GMddCxTE9m9QOS
uidNumber: 3723707
gidNumber: 3723707
cn: Michael Eichenberger
gecos: Michael Eichenberger
homeDirectory: /var/backup/7/707/723/3723707/chroot/./home/3723707
loginShell: /bin/sh
shadowLastChange: 11108
shadowMax: 99999
shadowWarning: 7
shadowFlag: 134539460
sstBackupIntervalHourly: 0
sstBackupIntervalDaily: 7
sstBackupIntervalWeekly: 4
sstBackupIntervalMonthly: 3
sstBackupIntervalYearly: 0
sstBackupWarningDays: 1
sstBackupWarningNumbers: 0
sstBackupWarningOn: TRUE
sstNotificationWarningLevel: 85
preferredLanguage: de-CH
sstNotificationWarningMedium: mail
sstUseSelfcare: FALSE
sstUseSSH: TRUE
sstIsActive: TRUE
sstQuota: 10737418240
sstBackupSize: 0
sstIncrementSize: 0
sstProvisioningMode: add
sstProvisioningExecutionDate: 0
sstProvisioningState: 0
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002

The following table describes the different attributes:

Attribute	Existence	Mandatory	Selfcare	Changeable	Description
uid	MUST	x	x		The unique identifier (uid). This attribute is created by the selfcare interface by reading (and incrementing) the next free uid from "cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org".
userPassword	MAY	x	x	x	Identifies the entry's password and encryption method in the following format: {encryption method}encrypted password. For example: {SSHA}zBiT1dHAZh/8zbCeyocRVWhdP0j9xJ3U. This password will be automatically set through the selfcare interface. Afterwords, the password can be changed by the user (including the reseller and customer).
uidNumber	MUST	x			Related to the /etc/shadow file, this attribute specifies the user's login ID. Is the same as the uid. For example: 3723707.
gidNumber	MUST	x			Group ID number. Is the same as the uid. For example: 3723707.
cn	MUST	x			givenName and Surname. Will be used for the presentation in the interface. TBD
gecos	MAY	x	x	x	Named for historical reasons, the GECOS field is mandatory and is used to store extra information (such as the user's full name). Utilities such as finger or getent access this field to provide additional user information. For a personal account, this entry would consist of givenName and surname, for example Michael Eichenberger. These values are taken from the owners entry (ou=people). For a service account, the attribute sstDisplayName from the corresponding service would be used for the content of this attribute. Please be aware, that this attribute is a IA5String (OID=1.3.6.1.4.1.1466.115.121.1.26) IA5 (almost ASCII) character set (7-bit). Does NOT allow extended characters e.g. é, Ø, å etc. The selfcare interface automatically creates the content of this attribute. The user (including the reseller and customer) can modify this attribute as desired (except for the IA5 restrictions). You can use: ~ $ echo "Tüpfelhyänenöhrchen" | iconv -f 'utf-8' -t 'ASCII//TRANSLIT' which gives you: Tuepfelhyaenenoehrchen or: iconv("UTF-8", "ASCII//TRANSLIT", "Tüpfelhyänenöhrchen") Please be aware, that some characters don't get converted properly ... For example: Ø and £. The characters $ and € work.
homeDirectory	MUST	x			The directory path corresponds with the 7 digit account uid. The following example describes, how the directory structure is built up for the account with the uid 3723707. /var/backup/g/efg/bcd/abcdefg/chroot/./home/abcdefg /var/backup/7/707/723/3723707/chroot/./home/3723707 This attribute is created by the selfcare interface.
loginShell	MAY	x			The path to the login shell. The default is /bin/sh and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
shadowLastChange	MAY	x			Related to the /etc/shadow file, this attribute specifies number of days between January 1, 1970, and the date that the password was last modified. Must be set to the day, that the password was set (must be updated, when the password is changed). This attribute is created by the selfcare interface.
shadowMax	MAY	x			Related to the /etc/shadow file, this attribute specifies the maximum number of days the password is valid. The default is 99999, which corresponds to about 273 years. In reality, this means, that the user does not need to change the password. This attribute is created by the selfcare interface. The value is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
shadowWarning	MAY	x			Related to the /etc/shadow file, this attribute specifies the number of days before the password expires that the user is warned. The default is 7 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
shadowFlag	MAY	x			Related to the /etc/shadow file, this attribute is currently not used and is reserved for future use. The default is set to 134539460 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupIntervalHourly	MUST	x	x1		How many hourly backups do we want? The default is 0 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupIntervalDaily	MUST	x	x1		How many daily backups do we want? The default is 7 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupIntervalWeekly	MUST	x	x1		How many weekly backups do we want? The default is 4 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupIntervalMonthly	MUST	x	x1		How many monthly backups do we want? The default is 3 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupIntervalYearly	MUST	x	x1		How many yearly backups do we want? The default is 0 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupWarningDays	MUST	x	x1		If the attribute sstBackupWarningOn ist true, a non-successful backup notification warning is sent after X days of non-successful backups (where X is an integer number larger than zero). X is an integer number larger than 1. 0 means, the warning is turned off. The default is 1 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupWarningNumbers	MUST	x	x1		If the attribute sstBackupWarningOn ist true, a non-successful backup notification warning is sent after X non-successful backups. X is an integer number larger than 1. 0 means, the warning is turned off. The default is 0 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupWarningOn	MUST	x			Is the non-successful backup notification warning turned on or not? Either true (yes) or false (no). Default is true (yes) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstNotificationWarning	MAY				This multi-valued attribute will be used to turn single notifications on or off. The attribute sstBackupWarningOn must be set to TRUE Possible values are quota, schedule and unsuccessful (the names correspond with the template dn).
preferredLanguage	MAY	x	x2	x	The notification language according to RFC 1766 (ISO 3166-1-alpha-2 code-ISO 639-1 Code. For example de-CH or en-GB. The content of this value is taken from the person entry from the attribute preferredLanguage. If the backup account belongs to a service, the user must be asked for the notification language.
sstNotificationWarningLevel	MUST	x	x2	x	The quota notification level in percent, when the owner of the backup needs to warned. A value between 0 and 100. The default is 85 percent and is taken from the "ou=defaults,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstNotificationWarningMedium	MUST	x			The notification medium, either sms (points to the multi-valued attribute mobileTelephoneNumber) or mail (points to the multi-valued attribute mail). Currently, only mail is supported. This is the default is taken from the "ou=defaults,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstQuota	MAY	x	x	x	The filesystem quota in bytes. 10737418240 Bytes equal 10 Gigabytes. The user can change the quota, if the sstQuotaChange is set to TRUE. See "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstBackupSize	MAY	x	x		The size of the actual backup in bytes. Default is 0 and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry. This attribute will be updated by the writeAccountSize.pl script, which is called during the daily backup run by the rsnapshotPostExecWrapper.sh script.
sstIncrementSize	MAY	x	x		The size of all the incremental backups combined in bytes. This attribute will be updated by the writeAccountSize.pl script, which is called during the daily backup run by the rsnapshotPostExecWrapper.sh script.
mobileTelephoneNumber	MAY				Multi-valued attribute with the mobile phone number(s) that is used for the notification of the user(s), if the attribute sstBackupWarningOn ist true and the attribute sstNotificationWarningMedium ist set to sms. Currently, only adding new mail addresses are supported, therefore this attribute is not used for the moment.
mail	MAY	x2	x2	x	Multi-valued attribute with the E-Mail addresse(s) that is used for the notification of the user(s), if the attribute sstBackupWarningOn ist TRUE and the attribute sstNotificationWarningMedium ist set to mail. If sstNotificationWarningMediumAdd is set to TRUE and the backup service belongs to a personal account, the mail entry would be taken from the owners entry (ou=people). For a backup service belonging to another serviĉe, the selfcare would ask the user for the mail address.
sstIsActive	MUST	x			Is the backup account active? Either TRUE (yes) or FALSE (no). Default is TRUE (yes) and is taken from the "ou=defaults,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstUseSelfcare	MUST	x			Can the selfcare interface be used with the credentials of the backup account? Either TRUE (yes) or FALSE (no). Default is FALSE (no) and is taken from the "ou=defaults,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstUseSSH	MUST	x			Is the ssh service active for the backup account? Either TRUE (yes) or FALSE (no). Default is TRUE (yes) and is taken from the "ou=settings,uid=<UID>,ou=reseller,ou=configuration,ou=backup,ou=services,dc=stoney-cloud,dc=org" entry.
sstProvisioningMode	MUST	x			The provisioning mode, either add, modify or delete. For a new account, this attribute must be set to add. See Provisioning for details.
sstProvisioningExecutionDate	MUST	x			The date the provisioning shall occur in the form of [YYYY][MM][DD] (ISO 8601). For a new account, this attribute must be set to 0. See Provisioning for details.
sstProvisioningReturnValue	MAY				The provisioning return value written by the prov-backup-rsnaphot daemon. 0 means success, >0 means failure. See the prov-backup-rsnapshot Exit Codes for detailed information.
sstProvisioningState	MUST	x			The provisioning state, either 0 or in the form of [YYYY][MM][DD]T[hh][mm][ss] (ISO 8601). For a new account, this attribute must be set to 0. See Provisioning for details.
sstBelongsToResellerUID	MUST	x			Stores the reseller UID the leaf belongs to.
sstBelongsToCustomerUID	MUST	x			Stores the customer UID the leaf belongs to.
sstBelongsToPersonUID	MAY	x3			Stores the person UID the leaf belongs to.
sstBelongsToServiceUID	MAY	x3			Stores the service UID the leaf belongs to.

Legend:

• x: Mandatory in all cases.
• x¹: Only show, if the number is larger than zero.
• x²: Only show, if sstBackupWarningOn is set to TRUE.
• x³: Either sstBelongsToPersonUID or sstBelongsToServiceUID must bei set.

Backup Groups

The sub tree for the groups of the (online) backup service:

dn: ou=groups,ou=backup,ou=services,dc=foss-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
description: The sub tree for the groups of the (online) backup service.

Backup Group Example

dn: cn=3723707,ou=groups,ou=backup,ou=services,dc=foss-cloud,dc=org
objectclass: top
objectclass: posixGroup
objectclass: sstRelationship
cn: 3723707
gidNumber: 3723707
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstBelongsToPersonUID: 4000002

• Entscheid chroot-Umgebung. TMU/CAF/PKL/MEI
  • chroot-Umgebung mit einer Kombination von busybox, Jailkit und dem täglich ablaufendem Backup-Script (als aufrufende Instanz)
  • rsync vom Host (als static Binary)
  • busybox vom Host (als static Binary)

• Verzicht auf Bind-Mount (.snapshots ist read only) -> CAF
• LDAP Struktur -> MEI/TMU
• Neuer Backup Server aufbauen (Gleicher Fingerprint) -> TMU/MEI
• Backup Script (prov-backup-rsnapshot) -> PKL
• SSHA Umstellung bei den Passwörtern -> MEI/CWI

• Icons: http://www.famfamfam.com/lab/icons/silk/

Provisioning

Die Provisionierung benötigt die drei Attribute sstProvisioningMode und sstProvisioningState und sstProvisioningExecutionDate. Ablauf:

1. sstProvisioningMode: Die Applikation Selfcare beschreibt das Attribut sstProvisioningMode mit den Werten add, modify der delete.
   1. sstProvisioningMode: add: Der Service soll hinzugefügt werden. Dieser Fall muss mehrmals nacheinander aufgerufen werden können. Beispiel: Bei Online Backup wurde die chroot-Umgebung bereits erstellt, dann müsste ein add nur noch kontrollieren, ob die chroot-Umgebung aktuell ist, falls nicht, müssten die entsprechenden Punkte aktualisiert werden.
   2. sstProvisioningMode: modify: Der Service soll modifiziert werden.
   3. sstProvisioningMode: delete: Der Service soll gelöscht werden.
2. sstProvisioningExecutionDate: Die Applikation Selfcare beschreibt das Attribut sstProvisioningExecutionDate mit dem gewünschten Ausführungszeitpunkt. Zwei Fälle:
   1. 0: Dies bedeutet "sofort" und wird durch den Provisionierungs-Daemon provisioning.pl ausgewertet.
   2. [YYYY][MM][DD]: Das gewünschte Ausführungsdatum (ISO 8601). Muss mindestens ein Tag später als das aktuelle Datum sein, da diese Attribut durch ein alle 24 Stunden aufgerufenes Aufräum-Script gelesen wird. Der genaue Ausführungszeitpunkt kann somit nicht bestimmt werden (da abhängig vom Ausführungszeitpuntk der Aufräum-Scripts und der Anzahl anstehenden Aufgaben).
3. sstProvisioningState: Die Applikation Selfcare oder der Provisionierungs-Daemon provisioning.pl beschreiben das Attribut sstProvisioningState:
   1. Keine Provisionierung nötig: Falls eine Änderung keine Provisionierung im Backend verlangt (zum Beispiel bei einer Passwört-Änderung), wird das Attribut sstProvisioningState direkt durch die Applikation Selfcare it dem aktuellen Datum und der aktuellen Zeit in Form von [YYYY][MM][DD]T[hh][mm][ss] ausfüllen (ISO 8601) beschrieben. In diesem Falle ignoriert der Provisionierungs-Daemon provisioning.pl die Modifikation.
   2. Provisionierung nötig: Falls eine Änderung eine Provisionierung im Backend verlangt (zum Beispiel bei einer Quota-Änderung), muss die Applikation Selfcare dieses Attribut auf den Wert 0 setzen. Nach der erfolgreichen Provisionierung muss Provisionierungs-Daemon provisioning.pl das Attribut sstProvisioningState mit dem aktuellen Datum und der aktuellen Zeit in Form von [YYYY][MM][DD]T[hh][mm][ss] ausfüllen (ISO 8601).

Die Applikation Selfcare darf erst dann wieder eine Modifikation durch einen Benutzer zulassen, wenn das Attribut sstProvisioningState einen gültigen Zeitstempel in der Form von [YYYY][MM][DD]T[hh][mm][ss] (ISO 8601) hat. Technisch gesehen muss der Provisionierungs-Daemon provisioning.pl im RefreshAndPersist Modus nur noch auf die LDAP-Mechanismen add und modify hören. Der LDAP-Mechanismus delete muss ignoriert werden.

Links

• nis.schema
• cosine.schema