== Administration ==
The subtree '''ou=administration,dc=stoney-cloud,dc=org''' contains all the administrative data.
=== nextfreeuid ===
The entry '''cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org''' stores the next free UID (Unique Identifier). The UID is unique over the whole directory and is enforced through the directory and is incremented by one.
dn: cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org
cn: nextFreeUID
objectclass: inetOrgPerson
sn: nextFreeUID
uid: 3724591
=== Billing ===
The sub tree '''ou=billing,ou=administration,dc=stoney-cloud,dc=org''' stores all the billing relevant data. Each billable item (bundle, service or service item) is stored in this sub tree.
dn: ou=billing,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: billing
The following LDIF extract shows the billing schema for the product "Mail Account".
dn: uid=100001,ou=billing,ou=administration,dc=stoney-cloud,dc=org
description: Default pricing schema for the product Mail Account.
objectclass: top
objectclass: sstBillingPriceSchema
sstbaseprice: 0
sstbelongstouid: 1
sstbillingunit: Gigabyte
sstfreeunit: 0
sstpriceformula: sstPricePerUnit * sstQuota
sstpriceperunit: 4.00
sstproductname: Mail Account
uid: 100001
sstBelongsToUID: 1
The finale price is calculated with the help of the stored formula (sstPriceFormula). The customer price for a "Mail Account" with a 2 Gigabyte large mailbox (quota) is calculated as follows:
'''Price''' = sstPricePerUnit * sstQuota = 4.00 CHF/(Gigabyte * Month) * 2 Gigabyte = '''8 CHF/Month'''
All prices are stored in Swiss Francs (because the company stepping stone GmbH resides in Switzerland). You can decide about the default currency yourself. Once a month a billing run is executed, which scans the whole directory. The billing run is a currently "work in progress". For more information, please contact our [mailto:accounting@stepping-stone.ch Accounting] departement.
=== Group Mapping ===
Used for the group mapping from the given readable format to the local group UID format.
dn: ou=group mapping,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
objectclass: sstLDAPSearchObjectClass
ou: group mapping
description: This entry describes, how to map a given group name to an UID in the local LDAP directory.
sstDisplayName: Group Mapping
sstLDAPBaseDn: ou=groups,dc=stoney-cloud,dc=org
sstLDAPFilter: (&(objectClass=sstGroupObjectClass)(sstGroupName=%s)(sstBelongsToResellerUID=%sstBelongsToResellerUID)(sstBelongsToCustomerUID=%sstBelongsToCustomerUID))
sstLDAPStaticAttribute: uid
==== Example Mapping for the Technology Group ====
The following search maps the group Technology belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 to the uid 4000014:
<pre>
ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid
# extended LDIF
#
# LDAPv3
# base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree
# filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))
# requesting: uid
#
# 4000014, groups, stoney-cloud.org
dn: uid=4000014,ou=groups,dc=stoney-cloud,dc=org
uid: 4000014
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
</pre>
==== Example Mapping for all Groups ====
The following search lists all the existing Groups to belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 with the corresponding uids:
<pre>
ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid
# extended LDIF
#
# LDAPv3
# base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree
# filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))
# requesting: uid
#
# 4000014, groups, stoney-cloud.org
dn: uid=4000014,ou=groups,dc=stoney-cloud,dc=org
uid: 4000014
# 4000015, groups, stoney-cloud.org
dn: uid=4000015,ou=groups,dc=stoney-cloud,dc=org
uid: 4000015
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
</pre>
=== People (Superuser) ===
Im Eintrag '''ou=people,ou=administration,dc=stoney-cloud,dc=org''' werden sich die Superuser (die Benutzer mit dem Attribut '''sstbelongstouid=1''') aufgelistet. Dieser Eintrag nutzt die Funktionalitäten vom Overlay dynlist, indem im Attribut '''labeleduri''' eine Formel eingetragen wird. Die Attribute '''member''' werden so „on the fly“ erstellt.
dn: ou=people,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
ou: people
labeleduri: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToUID=1)
member: uid=1000000,ou=people,dc=stoney-cloud,dc=org
member: uid=1000003,ou=people,dc=stoney-cloud,dc=org
member: uid=1000004,ou=people,dc=stoney-cloud,dc=org
As you can see, the OpenLDAP has three people withe Superuser rights.
=== Services ===
The sub tree '''ou=services,ou=administration,dc=stoney-cloud,dc=org''' contains all the service users. Each service and/or application has its own authentication user. The authentication user is used in the [[OpenLDAP Directory Access Control Lists]] (ACLs) to allow or restrict access to the data.
==== Naming Convention Notification User ====
<SERVICE>-notification
* mail-notification
* backup-notification
==== Naming Convention Service User ====
<SERVICE>-<DAEMON>
* virtualization-fc-brokerd
==== Naming Convention Provisioning User ====
prov-<SERVICE>-<TYPE>
* prov-mail-ox (führt dazu, dass das aktuelle Modul umbenannt werden muss)
* prov-backup-kvm
* prov-monitoring-zabbix
* prov-configuration-management-puppet
==== backup Service User (stoney backup) ====
The following LDIF shows the backup service user entry:
dn: cn=backup,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: dhcp
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: backup
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
==== dhcp (DHCP) Service User (stoney conductor) ====
The following LDIF shows the dhcp service user entry:
dn: cn=dhcp,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: dhcp
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: dhcp
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
==== libvirtd Service User (stoney conductor) ====
The following LDIF shows the libvirtd service user entry:
dn: cn=libvirtd,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: libvirtd
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: dhcp
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
==== prov-backup-kvm (Provisioning-Backup-KVM Daemon) Service User (stoney conductor) ====
The following LDIF shows the prov-backup-kvm service user entry:
dn: cn=prov-backup-kvm,ou=services,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: prov-backup-kvm
sn: prov-backup-kvm
userPassword: <STONEY-CLOUD-PROV-BACKUP-KVM-PASSWORD>
==== slapd-mirrormode Service User (stoney core) ====
The following LDIF shows the libvirtd service user entry:
dn: cn=slapd-mirrormode,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: slapd-mirrormode
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: dhcp
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
== Configuration ==