stoney core: OpenLDAP directory data organisation
From stoney cloud
Contents
- 1 Abstract
- 2 Data Organisation
- 2.1 Administration
- 2.1.1 nextfreeuid
- 2.1.2 Billing
- 2.1.3 Group Mapping
- 2.1.4 People (Superuser)
- 2.1.5 Services
- 2.1.5.1 backup Service User (stoney backup)
- 2.1.5.2 dhcp (DHCP) Service User (stoney conductor)
- 2.1.5.3 libvirtd Service User (stoney conductor)
- 2.1.5.4 prov-backup-kvm (Provisioning-Backup-KVM Daemon) Service User (stoney conductor)
- 2.1.5.5 slapd-mirrormode Service User (stoney core)
- 2.1.5.6 billing-cyclops Service User (stoney core)
- 2.2 Configuration
- 2.3 Customers
- 2.4 Groups
- 2.5 People
- 2.6 Reseller
- 2.1 Administration
Abstract
This document describes the stoney core relevant OpenLDAP directory data organisation.
Data Organisation
The following chapters explain the data organisation of the stoney cloud OpenLDAP directory. This document describes the stoney core relevant OpenLDAP directory data organisation.
Administration
The subtree ou=administration,dc=stoney-cloud,dc=org contains all the administrative data.
nextfreeuid
The entry cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org stores the next free UID (Unique Identifier). The <uid> is unique over the whole directory and is enforced through the directory and is incremented by one.
dn: cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org objectclass: sstNextFreeUID cn: nextfreeuid uid: 3724591 uidNumber: 3724591
The following table describes the different attributes:
| Attribute | Objectclass | Existance | Mandatory | Description |
|---|---|---|---|---|
| cn | ... | |
|
The name of the leaf.
For the next free uid, this is: |
| uid | ... | |
|
... |
Legend:
- x: Mandatory in all cases.
Before using this attribute uidNumber, you need to be sure, that your directory server actually supports atomic increments (LDAP Modify-Increment). See Lightweight Directory Access Protocol (LDAP) Parameters and Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension (RFC4525).
The following search should tell you, if you LDAP server supports the LDAP Modify-Increment Object Identifier Descriptor (OID 1.3.6.1.1.14):
ldapsearch -H ldaps://ldapm.stepping-stone.ch -b "" -s base -D "cn=Manager,dc=stoney-cloud,dc=org" -W \* + | grep 1.3.6.1.1.14
The result should look as follows:
supportedFeatures: 1.3.6.1.1.14
Options:
-H ldapuri -b searchbase -D binddn -W Prompt for simple authentication. \* All user attributes are returned. + All operational attributes are returned.
Billing
The sub tree ou=billing,ou=administration,dc=stoney-cloud,dc=org stores all the billing relevant data. Each billable item (bundle, service or service item) is stored in this sub tree.
dn: ou=billing,ou=administration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: billing
The following LDIF extract shows the billing schema for the product "Mail Account".
dn: uid=100001,ou=billing,ou=administration,dc=stoney-cloud,dc=org description: Default pricing schema for the product Mail Account. objectclass: top objectclass: sstBillingPriceSchema sstbaseprice: 0 sstbelongstouid: 1 sstbillingunit: Gigabyte sstfreeunit: 0 sstpriceformula: sstPricePerUnit * sstQuota sstpriceperunit: 4.00 sstproductname: Mail Account uid: 100001 sstBelongsToUID: 1
The finale price is calculated with the help of the stored formula (sstPriceFormula). The customer price for a "Mail Account" with a 2 Gigabyte large mailbox (quota) is calculated as follows: Price = sstPricePerUnit * sstQuota = 4.00 CHF/(Gigabyte * Month) * 2 Gigabyte = 8 CHF/Month
All prices are stored in Swiss Francs (because the company stepping stone GmbH resides in Switzerland). You can decide about the default currency yourself. Once a month a billing run is executed, which scans the whole directory. The billing run is a currently "work in progress". For more information, please contact our Accounting departement.
Group Mapping
Used for the group mapping from the given readable format to the local group UID format.
dn: ou=group mapping,ou=administration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject objectclass: sstLDAPSearchObjectClass ou: group mapping description: This entry describes, how to map a given group name to an UID in the local LDAP directory. sstDisplayName: Group Mapping sstLDAPBaseDn: ou=groups,dc=stoney-cloud,dc=org sstLDAPFilter: (&(objectClass=sstGroupObjectClass)(sstGroupName=%s)(sstBelongsToResellerUID=%sstBelongsToResellerUID)(sstBelongsToCustomerUID=%sstBelongsToCustomerUID)) sstLDAPStaticAttribute: uid
Example Mapping for the Technology Group
The following search maps the group Technology belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 to the uid 4000014:
ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid
# extended LDIF # # LDAPv3 # base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree # filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001)) # requesting: uid # # 4000014, groups, stoney-cloud.org dn: uid=4000014,ou=groups,dc=stoney-cloud,dc=org uid: 4000014 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
Example Mapping for all Groups
The following search lists all the existing Groups to belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 with the corresponding uids:
ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid
# extended LDIF # # LDAPv3 # base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree # filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001)) # requesting: uid # # 4000014, groups, stoney-cloud.org dn: uid=4000014,ou=groups,dc=stoney-cloud,dc=org uid: 4000014 # 4000015, groups, stoney-cloud.org dn: uid=4000015,ou=groups,dc=stoney-cloud,dc=org uid: 4000015 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2
People (Superuser)
The sub tree ou=people,ou=administration,dc=stoney-cloud,dc=org list all users, which have super user richts (users with the attribute sstBelongsToUID=1). This entry uses the functionality of the the dynlist overlay. The attribut labeleduri contains a pre-defined search, which leads to a automatically created list.
dn: ou=people,ou=administration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: people labeleduri: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToUID=1) member: uid=1000000,ou=people,dc=stoney-cloud,dc=org member: uid=1000003,ou=people,dc=stoney-cloud,dc=org member: uid=1000004,ou=people,dc=stoney-cloud,dc=org
As you can see, the OpenLDAP has three people withe Superuser rights.
Services
The sub tree ou=services,ou=administration,dc=stoney-cloud,dc=org contains all the service users. Each service and/or application has its own authentication user. The authentication user is used in the OpenLDAP Directory Access Control Lists (ACLs) to allow or restrict access to the data.
Naming Convention Notification user:
- <SERVICE>-notification
- backup-notification
- cloud-notification
- lbaas-notification
- mail-notification
- storage-notification
Naming Convention Service user:
- <SERVICE>-<DAEMON>
- backup-pam-ldap
- cloud-openstack
- crm-suitecrm
- billing-cyclops
- cm-puppetboard (configuration management - Puppetboard Service)
- dms-alfresco (document management system - Alfresco)
- iac-terraform (infrastructure as code - Terraform)
-
lbaas-haproxy -
lbaas-pam-ldap - monitoring-zabbix
- phabricator
- pm-kanboard
- qos-rally
- storage-nextcloud
- storage-pam_ldap
- timetracking-kimai
- vault-cryptopus (A vault is a place where secrets are stored - in other words a password management system)
- vcs-gitlab (version control system - GitLab Service)
- virtualization-sc-brokerd
- wiki-int
Naming Convention API user:
- <SERVICE>-api
- lbaas-api
Naming Convention Provisioning user:
- prov-<SERVICE>-<TYPE>
- prov-backup-kvm
- prov-backup-zsnapshot
- prov-cloud-openstack
- prov-configuration-management-puppet
-
prov-lbaas-haproxy - prov-mail-ox (Open-Xchange)
- prov-monitoring-zabbix
- prov-storage-nextcloud
backup Service User (stoney backup)
The following LDIF shows the backup service user entry:
dn: cn=backup,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: dhcp
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: backup
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
dhcp (DHCP) Service User (stoney conductor)
The following LDIF shows the dhcp service user entry:
dn: cn=dhcp,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: dhcp
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: dhcp
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
libvirtd Service User (stoney conductor)
The following LDIF shows the libvirtd service user entry:
dn: cn=libvirtd,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: libvirtd
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: dhcp
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
prov-backup-kvm (Provisioning-Backup-KVM Daemon) Service User (stoney conductor)
The following LDIF shows the prov-backup-kvm service user entry:
dn: cn=prov-backup-kvm,ou=services,ou=administration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalPerson objectclass: inetOrgPerson cn: prov-backup-kvm sn: prov-backup-kvm userPassword: <STONEY-CLOUD-PROV-BACKUP-KVM-PASSWORD>
slapd-mirrormode Service User (stoney core)
The following LDIF shows the slapd-mirrormode service user entry:
dn: cn=slapd-mirrormode,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: slapd-mirrormode
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: slapd-mirrormode
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
billing-cyclops Service User (stoney core)
The following LDIF shows the billing service user entry:
dn: cn=billing-cyclops,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: slapd-mirrormode
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: billing-cyclops
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ
Configuration
Configuration management
The sub tree ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org contains the configuration management system relevant entries of the whole stoney cloud installation. They can be extended by the administrator.
# This sub tree contains the configuration management system relevant entries of the whole stoney cloud installation. dn: ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: configuration management description: This sub tree contains the configuration management system relevant entries of the whole stoney cloud installation.
Configuration management - Regions
The sub tree ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org contains the configuration management system region entries of the whole stoney cloud installation. They can be extended by the administrator.
# This sub tree contains the configuration management system region entries of the whole stoney cloud installation. dn: ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: regions description: This sub tree contains the configuration management system region entries of the whole stoney cloud installation.
Configuration management - Regions - Region example
The following LDIF example shows a typical region.
dn: cn=duedingen_production,ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalRole cn: duedingen_production description: This region contains the two data centres located in Düdingen and is used for production systems.
The following table describes the different attributes:
| Attribute | Objectclass | Existance | Mandatory | Description |
|---|---|---|---|---|
| cn | organizationalRole | |
|
The region used by the configuration management system Puppet via enc.
For example: |
| description | organizationalRole | |
|
The human readable description of region.
For example: |
Legend:
- x: Mandatory in all cases.
Configuration management - Roles
The sub tree ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org contains the configuration management system role entries of the whole stoney cloud installation. They can be extended by the administrator.
# This sub tree contains the configuration management system role entries of the whole stoney cloud installation. dn: ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: roles description: This sub tree contains the configuration management system role entries of the whole stoney cloud installation.
Configuration management - Roles - Roles example
The following LDIF example shows a typical role.
dn: cn=base,ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstConfigurationManagementRole cn: base displayName: Base sstProfiles: - base description: This is the base role used by all new servers managed by Puppet, but without a final role decided.
The following table describes the different attributes:
| Attribute | Objectclass | Existance | Mandatory | Description |
|---|---|---|---|---|
| cn | sstConfigurationManagementRole | |
|
The role name used by the configuration management system Puppet via enc.
For example: |
| displayName | sstConfigurationManagementRole | |
|
The role display name (human readable).
For example: |
| sstProfiles | sstConfigurationManagementRole | |
|
The role definition (profile list) used by the configuration management system Puppet via enc. The profiles are listed, one per line. Multiple lines must be base64 endoded:
For example: Encode: cat << EOF | base64 - base - certbot EOF Decode: echo LSBiYXNlCi0gY2VydGJvdAo= | base64 --decode |
| description | organizationalRole | |
|
The human readable description of region.
For example: |
Operating System
The sub tree ou=operating system,ou=configuration,dc=stoney-cloud,dc=org contains the operating system choices for the whole stoney cloud installation. They can be extended by the administrator.
# This sub tree contains the operating system choices for the whole stoney cloud installation. dn: ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: operating system description: This sub tree contains the operating system choices for the whole stoney cloud installation.
Linux
The sub tree uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org contains the Linux based operating system choices for the whole stoney cloud installation.
# This sub tree contains the Linux based operating system choices for the whole stoney cloud installation. dn: uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000019 sstDisplayName: Linux description: This sub tree contains the Linux based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
# This sub tree contains the Debian Linux based operating system choices for the whole stoney cloud installation. dn: uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000020 sstDisplayName: Debian description: This sub tree contains the Debian Linux based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000021,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000021 sstDisplayName: 5 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000022,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000022 sstDisplayName: 6 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000023,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000023 sstDisplayName: 7 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
# This sub tree contains the Fedora Linux based operating system choices for the whole stoney cloud installation. dn: uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000024 sstDisplayName: Fedora description: This sub tree contains the Fedora Linux based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000025,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000025 sstDisplayName: 12 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000026,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000026 sstDisplayName: 13 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000027,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000027 sstDisplayName: 14 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000028,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000028 sstDisplayName: 15 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000029,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000029 sstDisplayName: 16 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000030,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000030 sstDisplayName: 17 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000031,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000031 sstDisplayName: 18 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000032,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000032 sstDisplayName: 19 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
# This sub tree contains the Gentoo Linux based operating system choices for the whole stoney cloud installation. dn: uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000033 sstDisplayName: Gentoo description: This sub tree contains the Gentoo Linux based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000034 sstDisplayName: 2012.0 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000035 sstDisplayName: 2013.0 sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
Windows
The sub tree uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org contains the Windows based operating system choices for the whole stoney cloud installation.
# This sub tree contains the Windows based operating system choices for the whole stoney cloud installation. dn: uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000036 sstDisplayName: Windows description: This sub tree contains the Windows based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
# This sub tree contains the Windows Server 2008 based operating system choices for the whole stoney cloud installation. dn: uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000037 sstDisplayName: Server 2008 description: This sub tree contains the Windows Server 2008 based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000038,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000038 sstDisplayName: Datacenter sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000039,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000039 sstDisplayName: Enterprise sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000040,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000040 sstDisplayName: Foundation sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000041,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000041 sstDisplayName: Standard sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
# This sub tree contains the Windows Server 2008 R2 based operating system choices for the whole stoney cloud installation. dn: uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000042 sstDisplayName: Server 2008 R2 description: This sub tree contains the Windows Server 2008 R2 based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000043,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000043 sstDisplayName: Datacenter sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000044,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000044 sstDisplayName: Enterprise sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000045,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000045 sstDisplayName: Foundation sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000046,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000046 sstDisplayName: Standard sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000047,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000047 sstDisplayName: Web sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
# This sub tree contains the Windows Server 2012 based operating system choices for the whole stoney cloud installation. dn: uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000048 sstDisplayName: Server 2012 description: This sub tree contains the Windows Server 2012 based operating system choices for the whole stoney cloud installation. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000049,uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000049 sstDisplayName: Datacenter sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000050,uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000050 sstDisplayName: Standard sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
Software Stack
The sub tree ou=software stack,ou=configuration,dc=foss-cloud,dc=org contains the software stack choices for the whole stoney cloud installation. They can be extended by the administrator.
# This sub tree contains the software stack choices for the whole stoney cloud installation. dn: ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: software stack description: This sub tree contains the software stack choices for the whole stoney cloud installation.
dn: ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: environments description: This sub tree contains the software stack environment choices for the whole stoney cloud installation. dn: uid=4000054,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000054 sstDisplayName: Test Environment description: This is the environment used for testing (pre-production). sstEnvironmentName: Test sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000055,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000055 sstDisplayName: Development Environment description: This is the environment used for development (sandbox). sstEnvironmentName: Development sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0 dn: uid=4000056,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship uid: 4000056 sstDisplayName: Production Environment description: This is the environment used for production. sstEnvironmentName: Production sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
The multi-valued labeledURI attribute contains the operating system(s) for which a software stack works and therefore can be shown to the customer. The following three attributes tell us, who is allowed to access this leaf:
- sstAllowResellerUID: Stores the reseller UID(s) that are allowed access to this leaf. If set to 0 (zero), all resellers have access.
- sstAllowCustomerUID: Stores the customer UID(s) that are allowed access to this leaf. If set to 0 (zero), all customers belonging to the allowed resellers have access.
- sstAllowPersonUID: Stores the person UID(s) that are allowed access to this leaf. If set to 0 (zero), all people belonging to the allowed resellers and the allowed customers have access.
dn: uid=4000051,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship objectclass: labeledURIObject uid: 4000051 sstDisplayName: Django (Version 1) description: Django Python Web Framework Version 1. labeledURI: ldap://uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org labeledURI: ldap://uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org sstEnvironmentName: Test sstEnvironmentName: Development sstEnvironmentName: Production sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
dn: uid=4000052,ou=software stack,ou=configuration,dc=foss-cloud,dc=org objectclass: top objectclass: sstGroupObjectClass objectclass: sstRelationship objectclass: labeledURIObject uid: 4000052 sstDisplayName: Django (Version 2) description: Django Python Web Framework Version 2. labeledURI: ldap://uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org labeledURI: ldap://uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org sstEnvironmentName: Test sstEnvironmentName: Development sstEnvironmentName: Production sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstAllowResellerUID: 0 sstAllowCustomerUID: 0 sstAllowPersonUID: 0
Customers
The sub tree ou=customers,dc=stoney-cloud,dc=org contains all the customers. Each customer has a unique uid, which is used for later reference.
Customers - Customer
We have two kinds of customers:
- Company customer: This is the normal case, as we target companies.
- Private customer: A private customer does not have a company/organisation name.
The following LDIF examples will show both cases where necessary. The first LDIF shows you the default company customer entry after a fresh stoney cloud installation. All relevant data belonging to this customer is stored below this dn.
dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: sstCustomer objectclass: sstRelationship uid: 4000001 organizationName: Customer Ltd. sstIsCompany: TRUE sstIsActive: TRUE sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001
The following LDIF shows you the private customer entry. All relevant data belonging to this customer are stored below this dn.
dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: sstCustomer objectclass: sstRelationship uid: 4000001 givenName: Name surname: Surname sstIsCompany: FALSE sstIsActive: TRUE sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001
The following table describes the different attributes:
| Attribute | |
|
Description |
| uid | |
|
A unique integer value with 7 digits or more. For example: 4000000. |
| organizationName | |
|
The organisation name of the customer. For example: Customer Ltd.. |
| givenName | |
|
Givenname, example: Hans. |
| surname | |
|
Surname, example: Muster. |
| sstIsCompany | |
|
Is the entry active? Either true (yes) or false (no). |
| sstIsActive | |
|
Is the entry active? Either true (yes) or false (no). |
| sstExternalID | |
|
The ID (or number) of a customer, person or product in an external database (for example: 234567). |
| sstBelongsToResellerUID | |
|
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000. |
| sstBelongsToCustomerUID | |
|
Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001. |
Legend:
- x: Mandatory in all cases.
- x1: If
sstIsCompanyis set toTRUE, theorganizationNamemust be set. OtherwisegivenNameandsurnamemust be set.
Customers - Customer - Billing address
The sub tree ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the billing address for a company customer:
dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstAddress ou: address organizationName: Customer Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: Name Surname <name.surname@example.com> sstMailCc: Info Customer Ltd. <info@example.com> sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org> telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/
The sub tree ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the billing address for a private customer:
dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstAddress ou: address sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: Name Surname <name.surname@example.com> sstMailCc: Info <info@example.com> sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org> telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/
The following table describes the different attributes:
| Attribute Name | |
|
Interface Equivalent | Description |
| organizationName | |
|
Customer Name | Customer name, for example: stepping stone GmbH. |
| sstGender | |
|
Gender | Either 'm' for male or 'f' for female. For example: m. |
| givenName | |
|
Name | Name, for example: Hans. |
| surname | |
|
Surname | Surname, for example: Muster. |
| postalAddress | |
|
Address | Multi-lined address, for example: Neufeldstrasse 9. |
| postOfficeBox | |
|
Post Office Box | Post Office Box, for example: 3456. |
| stateOrProvinceName | |
|
State or Province Name | This pull down menu is only active (appears to the user), if the country is set to Canada or the USA. |
| countryName | |
|
Country | Country code according to ISO 3166-1. The English short name (upper/lower case) is used for the interface and the corresponding ISO 3166-1-alpha-2 code (a two-letter code that represents a country name, recommended as the general purpose code) is used for the LDAP entry). For example: Switzerland in the interface and CH in the LDAP directory. |
| postalCode | |
|
Postal Code | Postal Code without the country code, for example: 3012. |
| localityName | |
|
Location | Location, for example: Berne. |
| preferredLanguage | |
|
Language | Display language of the user according to RFC 1766. For example: de-CH. The following languages are currently supported:
|
| |
|
Mail Address | The customers "To:" billing mail address, for example: Hans Muster <hans.muster@example.com>. This is a multi-valued attribute and it MUST contain at least one "To:" billing mail address. | |
| sstMailCc | |
|
Mail Address | The customers "CC:" billing mail address, for example: Info Customer Ltd. <info@example.com>. This is a multi-valued attribute and can contain zero or more "CC:" billing mail addresses. |
| sstMailBcc | |
|
Mail Address | The customers "BCC:" billing mail address, for example: Accounting Service Provider Ltd. <accounting@example.org>. This is a multi-valued attribute and can contain zero or more "BCC:" billing mail addresses. Here we'd expect the Accounting mail address of the service provider (for accountability reasons). |
| telephoneNumber | |
|
Telephone | Telephone number of the user according to E.164 (international dialling code, |
| mobileTelephoneNumber | |
|
Mobile | Mobile phone number of the user according to E.164 (international dialling code, |
| sstWebsiteURL | |
Website | Website URL according to RFC-3986. For example: http://www.stepping-stone.ch/. |
Legend:
- x1: If the attribute
sstIsCompanyof the parent entry is set toTRUE, theorganizationNamemust be set. - x2: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
- x3: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
- x4: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.
Customers - Customer - Shipping address (optional)
The sub tree ou=shipping,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the shipping address and is optional (it is only needed, if the shipping address differs from the billing Address).
dn: ou=shipping,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstAddress ou: shipping organizationName: Customer Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/
Customers - Customer - Billing
The sub tree ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains billing relevant data. The following example shows a customer, receiving a monthly bill.
dn: ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstBillingCustomer ou: billing sstBillable: TRUE sstBillingCycle: 1 sstCurrency: CHF sstPaymentMethod: invoice sstDeliveryMethod: post sstDiscount: 20 sstCancellationDate: 20181231 sstMailToUID: 4000002 sstMailCcUID: 4000064 sstMailBccUID: 4000066 sstMailBccUID: 4000069
The following example shows a customer, which receives their bill via their reseller (no billing done by us):
dn: ou=billing,uid=4000001,ou=customers,o=stepping-stone,c=ch objectclass: top objectclass: organizationalUnit objectclass: sstBillingCustomer ou: billing sstBillable: TRUE
The following table describes the different attributes:
| Attribute | |
|
Description |
| sstBillable | |
|
All hierarchical levels must have sstBillable: TRUE to actually have an invoice generated and sent. If the attribute sstBillable doesn't exist, the default is TRUE. This way, we are forced to set a reseller, customer or product manually to sstBillable: FALSE if we want to avoid sending them an invoice.
|
| sstBillingCycle | |
|
Billing cycle in months. This attribute sstBillingCycle is only checked (evaluated), if the reseller the customer belongs to, has sstResellerBill set to FALSE (as is the case for the reseller stepping stone GmbH). Possible values:
|
| sstCurrency | |
|
Three-letter currency code according to ISO 4217. Possible values are:
|
| sstPaymentMethod | |
|
Payment method of the invoice. Possible values are:
|
| sstDeliveryMethod | |
|
Delivery method of invoices or access data. Possible values are:
|
| sstDiscount | |
|
An optional customer discount (an integer value between 0 and 100). Default is 0. |
| sstCancellationDate | |
|
The cancellation date of a reseller, customer or service in the form of [YYYY][MM][DD] (ISO 8601). For example: 20181231. The attribute sstCancellationDate is used in a logical AND combination with sstIsActive.
|
| sstMailToUID | |
|
This attribute sstMailToUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Even though this attribute is multi-valued, we expect on recipient only. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via To. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000002.
|
| sstMailCcUID | |
|
This attribute sstMailCcUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via CC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000064.
|
| sstMailBccUID | |
|
This attribute sstMailBccUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via BCC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000066 or 4000069.
|
Legend:
- x: Mandatory in all cases.
- x1: The attribute
sstMailToUIDis mandatory, if the delivery methodsstDeliveryMethodis set toemail. - x2: As the default of the attribute
sstBillableisTRUE, it's not really mandatory. For better readability, please always add the attributesstBillable.
Customers - Customer - Employees
The sub tree ou=employees,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the employees belonging to the reseller Customer Ltd. (all the employees with the the attribute sstBelongsToEmployeeUID=4000001). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of employees belonging to this customer. The number of employees is always the same or smaller than the number of people belonging to a customer (they are a subset).
dn: ou=employees,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: employees labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000001) member: uid=4000002,ou=people,dc=stoney-cloud,dc=org
In this example, the customer Customer Ltd. has one employee (with the uid=4000002).
The following table describes the different attributes:
| Attribute | |
|
Description |
| attribure | |
|
TBD. |
Legend:
- x: Mandatory in all cases.
Customers - Customer - People
The sub tree ou=people,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the all the people belonging to the customer Customer Ltd. (all the people, including the employees, with the the attribute sstBelongsToCustomerUID=4000001). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a reseller.
dn: ou=people,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: people labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToCustomerUID=4000001) member: uid=4000002,ou=people,dc=stoney-cloud,dc=org member: uid=4000064,ou=people,dc=stoney-cloud,dc=org member: uid=4000066,ou=people,dc=stoney-cloud,dc=org member: uid=4000069,ou=people,dc=stoney-cloud,dc=org
In this example, four people the customer Customer Ltd. (including the employee with the uid=4000002).
The following table describes the different attributes:
| Attribute | |
|
Description |
| attribure | |
|
TBD. |
Legend:
- x: Mandatory in all cases.
Customers - Customer (LEGACY)
We have two kinds of customers:
- Company customer: This is the normal case, as we target companies.
- Private customer: A private customer does not have a company/organisation name.
The following LDIF examples will show both cases where necessary. The first LDIF shows you the default company customer entry after a fresh stoney cloud installation. All relevant data belonging to this reseller is stored below this leaf.
dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: sstCustomerCompany uid: 4000001 organizationName: Customer Ltd. sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstIsActive: TRUE
The following table describes the different attributes:
| Attribute | |
|
Description |
| uid | |
|
A unique integer value with 7 digits or more. For example: 4000000. |
| organizationName | |
|
The organisation name of the reseller. For example: Customer Ltd.. |
| sstBelongsToResellerUID | |
|
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000. |
| sstBelongsToCustomerUID | |
|
Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001. |
| sstExternalID | |
|
The ID (or number) of a customer, person or product in an external database (for example: 234567). |
| sstIsActive | |
|
Is the entry active? Either true (yes) or false (no). |
Legend:
- x: Mandatory in all cases.
The following LDIF shows you the private customer entry. All relevant data belonging to this reseller are stored below this leaf.
dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: sstCustomerPerson uid: 4000001 givenName: Name surname: Surname sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstIsActive: TRUE
The following table describes the different attributes:
| Attribute | |
|
Description |
| uid | |
|
A unique integer value with 7 digits or more. For example: 4000000. |
| givenName | |
|
Givenname, example: Hans. |
| surname | |
|
Surname, example: Muster. |
| sstBelongsToResellerUID | |
|
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000000. |
| sstBelongsToCustomerUID | |
|
Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001. |
| sstExternalID | |
|
The ID (or number) of a customer, person or product in an external database (for example: 234567). |
| sstIsActive | |
|
Is the entry active? Either true (yes) or false (no). |
Legend:
- x: Mandatory in all cases.
Customers - Customer (LEGACY) - Billing address
The sub tree ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the billing address for a company customer:
dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstAddressCompany ou: address organizationName: Customer Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/
The following table describes the different attributes:
| Attribute | |
|
Description |
| organizationName | |
|
Company name, example: stepping stone GmbH |
| sstGender | |
|
Either 'm' for male or 'f' for female. |
| givenName | |
|
Givenname, example: Hans. |
| surname | |
|
Surname, example: Muster. |
| postalAddress | |
|
Street Number, example: Neufeldstrasse 9. Multi-lined field. |
| postOfficeBox | |
|
Postbox, example: 3456. |
| stateOrProvinceName | |
|
This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA. |
| countryName | |
|
Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH. |
| postalCode | |
|
Zipcode, example: 3012 |
| localityName | |
|
City, example: Bern. |
| preferredLanguage | |
|
Display language of the user according to RFC 1766, example: de-CH. Currently supported:
|
| |
|
E-mail address of the user, example: hans.muster@example.com. | |
| telephoneNumber | |
|
Fixnet phone number, example: +41 31 222 33 44. |
| mobileTelephoneNumber | |
|
Mobile phone number, example: +41 76 222 33 44. |
| sstWebsiteURL | |
URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/. |
Legend:
- x1: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
- x2: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
- x3: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.
The sub tree ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the billing address for a private customer:
dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstAddressPerson ou: address sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/
The following table describes the different attributes:
| Attribute | |
|
Description |
| sstGender | |
|
Either 'm' for male or 'f' for female. |
| givenName | |
|
Givenname, example: Hans. |
| surname | |
|
Surname, example: Muster. |
| postalAddress | |
|
Street Number, example: Neufeldstrasse 9. Multi-lined field. |
| postOfficeBox | |
|
Postbox, example: 3456. |
| stateOrProvinceName | |
|
This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA. |
| countryName | |
|
Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH. |
| postalCode | |
|
Zipcode, example: 3012 |
| localityName | |
|
City, example: Bern. |
| preferredLanguage | |
|
Display language of the user according to RFC 1766, example: de-CH. Currently supported:
|
| |
|
E-mail address of the user, example: hans.muster@example.com. | |
| telephoneNumber | |
|
Fixnet phone number, example: +41 31 222 33 44. |
| mobileTelephoneNumber | |
|
Mobile phone number, example: +41 76 222 33 44. |
| sstWebsiteURL | |
URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/. |
Legend:
- x1: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
- x2: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
- x3: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.
Groups
People
The sub tree which contains all the people. Each person has a unique identifier (uid):
dn: ou=people,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: people description: The sub tree which contains all the people.
People - Person
Each person hat its own leaf with a unique identifier (uid). The following LDIF shows you a typical person entry. All relevant data belonging to this person is stored below this leaf.
dn: uid=4000002,ou=people,dc=stoney-cloud,dc=org objectclass: top objectclass: sstPerson uid: 4000002 sstGender: m sstTitle: CEO givenName: Name surname: Surname displayName: Name Surname preferredLanguage: en-GB userPassword: {SSHA}UgrBHVhKxFQInWWpzf1ddgEVmSg5vKUm mail: name.surname@example.com cn: admin telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstTimeZoneOffset: UTC+01 sstIsActive: TRUE sstBelongsToResellerUID: 4000000 sstBelongsToCustomerUID: 4000001 sstEmployeeOfUID: 4000000 sstEmployeeOfUID: 4000001
The person Name Surname (with the uid=4000002) belongs to the reseller Reseller Ltd. (with sstBelongsToResellerUID=4000000) and is an employee of the same company (sstEmployeeOfUID=4000000). The person also belongs the customer Customer Ltd. (with sstBelongsToCustomerUID=4000001) and is an employee of the same company (sstEmployeeOfUID=4000001).
The following table describes the different attributes:
| AttributeType | |
|
Interface Equivalent | |
Description |
| uid | |
|
UID | |
Unique Identifier. For example: 4000002. |
| sstGender | |
|
Gender | |
Either 'm' for male or 'f' for female. For example: m. |
| sstTitle | |
|
Title | |
The title of a person as a UTF-8] formatted string. For example: CEO or Technician. |
| givenName | |
|
Name | |
Name, for example: Hans. |
| surname | |
|
Surname | |
Surname, for example: Muster. |
| displayName | |
|
Display name | |
Display name, for example: Hans Muster. |
| preferredLanguage | |
|
Language | |
Display language of the user according to RFC 1766: [ISO 639-1 Code]-[ISO 3166-1-alpha-2 code] . For example: de-CH
|
| userPassword | |
|
Password | |
SSHA user password. {SSHA} is a RFC 2307 password scheme which uses the SHA1 secure hash algorithm. For example: {SSHA}h+qbh3pFWrZxmz02H5tXhOr+0/wrmHFF. |
| |
|
Mail Address | |
The users mail address, for example: hans.muster@example.com. | |
| cn | |
|
Common name of the user, for example: sst-mei. | ||
| telephoneNumber | |
|
Telephone | |
Telephone number of the user according to E.164 (international dialling code, |
| mobileTelephoneNumber | |
|
Mobile | |
Mobile phone number of the user according to E.164 (international dialling code, |
| sstTimeZoneOffset | |
|
Time zone as an offset from UTC. For example: UTC+01 | ||
| sstIsActive | |
|
Is the entry active? Either true (yes) or false (no). | ||
| sstBelongsToUID | |
|
|
If this value is set to 1, the user is the super user of the whole stoney cloud installation. Therefore this user can add and remove resellers. Use with caution. | |
| sstBelongsToResellerUID | |
|
|
Stores the reseller UID the person belongs to. A unique value with 7 digits or more. For example: 4000000. | |
| sstBelongsToCustomerUID | |
|
|
Stores the customer UID the person belongs to. A unique value with 7 digits or more. For example: 4000001. | |
| sstEmployeeOfUID | |
|
Employee of | |
Stores the UID(s) the person is an employee of. The UID(s) can belong to one or more resellers or also to one or more customers. A unique value with 7 digits or more. For example: 4000001.
|
| sstExternalID | |
|
External ID | |
The ID (or number) of a customer, person or product in an external database. For example: 234567. |
Legend:
- x1: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
- x2: Mandatory, if the person belongs to customer that has subscribed a stoney storage service.
People - Person - Session tokens
Using session tokens, when the user logs out, the client sends a logout request to the server. The session token is then removed from LDAP by the server and the client discards the session token.
Special cases:
- If the user's password is changed, all session tokens must be removed from LDAP in order to force the user to re-login.
- If any attributes are changed which control the user's affiliation (reseller, company, etc), all session tokens must be removed from LDAP in order to force the user to re-login.
Specific attributes:- sstBelongsToResellerUID
- sstBelongsToCustomerUID
- sstEmployeeOfUID
- sstEmployeeOfUID
In our case, we store the session tokens in a leaf beneath the person (as these tokens are personal).
People - Person - Session tokens example
Below each person entry, we have a tokens sub tree, which stores the session tokens:
dn: ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit ou: tokens description: The sub tree for the session tokens of the person with the uid '4000002'.
The following table describes the different attributes:
| Attribute | Objectclass | |
|
Description |
| ou | organizationalUnit | |
|
The sub tree containing all the session tokens.
For example: |
| description | organizationalUnit | |
|
The description of the leaf. As this sub tree is created by the stoney API, we don't really need a human readable description.
For example: |
Legend:
- x: Mandatory in all cases.
Each session token receives its own child-entry to store additional meta data, such as the token's create date, last utilisation date, ... In the example below, the session token sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4 was created on the 13th of April 2021 at 08:10:27 UTC (sstCreationDate: 20210413T081027Z) and two clients have used this token (the first with an IPv4 address, the second with an IPv6 address):
dn: sstToken=2e211493-41e6-4c74-9431-b5d990b177a4,ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=org objectclass: top objectclass: sstTokenObjectClass sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4 description: The sub tree for the JSON Web Token with the id '2e211493-41e6-4c74-9431-b5d990b177a4'. sstCreationDate: 20210413T081027Z sstClient: 20210413T081027Z: 194.176.109.13 Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0 sstClient: 20210413T132805Z: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4456.0 Safari/537.36 Edg/91.0.845.2
The API will make sure, that the amount of registered remote IP addresses and requesting User-Agents doesn't exceed a certain configurable limit (for example: 2). If the limit is exceeded, the session will be invalidated.
The following table describes the different attributes:
| Attribute | Objectclass | |
|
Description |
| sstToken | sstTokenObjectClass | |
|
The sub tree containing all the information of a session (creation date, access date, IPv4 or IPv6 address and the clients user agent). The session token has the form of a UUID (Universally Unique Identifier)..
For example: |
| description | sstTokenObjectClass | |
|
The description of the leaf. As this sub tree is created by the stoney API, we don't really need a human readable description.
For example: |
| sstCreationDate | sstTokenObjectClass | |
|
The session token creation time (UTC) in the form of [YYYY][MM][DD]T[hh][mm][ss]Z according to the ISO 8601 definition.
For example: |
| sstClient | sstTokenObjectClass | |
|
The multi-valued attribute containing client information. This attribute contains the following information:
This information is separated by spaces: For example: Please be aware, that the maximal length of a sstClient string is restricted to 256 characters. |
Legend:
- x: Mandatory in all cases.
People - Person - Roles (LEGACY)
dn: sstRole=Monitoring Administrator,uid=4000002,ou=people,dc=stoney-cloud,dc=org objectclass: top objectclass: sstRoles sstProduct: 0 sstRole: Monitoring Administrator
dn: sstRole=User,uid=4000002,ou=people,dc=stoney-cloud,dc=org objectclass: top objectclass: sstRoles sstProduct: 0 sstRole: User
dn: sstRole=Virtualization Administrator,uid=4000002,ou=people,dc=stoney-cloud,dc=org objectclass: top objectclass: sstRoles sstProduct: 0 sstRole: Virtualization Administrator
Reseller
The sub tree ou=reseller,dc=stoney-cloud,dc=org contains all the resellers. Each reseller has a unique uid, which is used for later reference.
Reseller - Reseller
The following LDIF shows a typical reseller entry. All relevant data belonging to this reseller is stored below this leaf.
dn: uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: sstReseller uid: 4000000 organizationName: Reseller Ltd. sstIsCompany: TRUE sstIsActive: TRUE sstBelongsToResellerUID: 4000000
The following table describes the different attributes:
| Attribute | |
|
Description |
| uid | |
|
A unique integer value with 7 digits or more. For example: 4000000. |
| organizationName | |
|
The organisation name of the reseller. For example: Reseller Ltd.. A reseller must be a company (sstIsCompany: TRUE).
|
| description | |
|
The description of the leaf. |
| sstIsCompany | |
|
Is the entry a company? Either true (yes) or false (no). |
| sstIsActive | |
|
Is the entry active? Either true (yes) or false (no). |
| sstExternalID | |
|
The ID (or number) of a customer, person or product in an external database (for example: 234567). |
| sstBelongsToResellerUID | |
|
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000. |
Legend:
- x: Mandatory in all cases.
Reseller - Reseller - Billing address
The sub tree ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the billing address:
dn: ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstAddress ou: address organizationName: Reseller Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: Name Surname <name.surname@example.com> sstMailCc: Info Reseller Ltd. <info@example.com> sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org> telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/
The following table describes the different attributes:
| Attribute Name | |
|
Interface Equivalent | Description |
| organizationName | |
|
Reseller Name | Reseller name, for example: stepping stone GmbH. |
| sstGender | |
|
Gender | Either 'm' for male or 'f' for female. For example: m. |
| givenName | |
|
Name | Name, for example: Hans. |
| surname | |
|
Surname | Surname, for example: Muster. |
| postalAddress | |
|
Address | Multi-lined address, for example: Neufeldstrasse 9. |
| postOfficeBox | |
|
Post Office Box | Post Office Box, for example: 3456. |
| stateOrProvinceName | |
|
State or Province Name | This pull down menu is only active (appears to the user), if the country is set to Canada or the USA. |
| countryName | |
|
Country | Country code according to ISO 3166-1. The English short name (upper/lower case) is used for the interface and the corresponding ISO 3166-1-alpha-2 code (a two-letter code that represents a country name, recommended as the general purpose code) is used for the LDAP entry). For example: Switzerland in the interface and CH in the LDAP directory. |
| postalCode | |
|
Postal Code | Postal Code without the country code, for example: 3012. |
| localityName | |
|
Location | Location, for example: Berne. |
| preferredLanguage | |
|
Language | Display language of the user according to RFC 1766. For example: de-CH. The following languages are currently supported:
|
| |
|
Mail Address | The resellers "To:" billing mail address, for example: Hans Muster <hans.muster@example.com>. This is a multi-valued attribute and it MUST contain at least one "To:" billing mail address. | |
| sstMailCc | |
|
Mail Address | The resellers "CC:" billing mail address, for example: Info Reseller Ltd. <info@example.com>. This is a multi-valued attribute and can contain zero or more "CC:" billing mail addresses. |
| sstMailBcc | |
|
Mail Address | The customers "BCC:" billing mail address, for example: Accounting Service Provider Ltd. <accounting@example.org>. This is a multi-valued attribute and can contain zero or more "BCC:" billing mail addresses. Here we'd expect the Accounting mail address of the service provider (for accountability reasons). |
| telephoneNumber | |
|
Telephone | Telephone number of the user according to E.164 (international dialling code, |
| mobileTelephoneNumber | |
|
Mobile | Mobile phone number of the user according to E.164 (international dialling code, |
| sstWebsiteURL | |
Website | Website URL according to RFC-3986. For example: http://www.stepping-stone.ch/. |
Legend:
- x1: If the attribute
sstIsCompanyof the parent entry is set toTRUE, theorganizationNamemust be set. - x2: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
- x3: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
- x4: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.
Reseller - Reseller - Shipping address (optional)
The sub tree ou=shipping,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the shipping address and is optional (it is only needed, if the shipping address differs from the billing Address).
dn: ou=shipping,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstAddress ou: shipping organizationName: Reseller Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/
Reseller - Reseller - Billing
The sub tree ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains billing relevant data. The following example shows a reseller, receiving a monthly bill.
dn: ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstBillingReseller ou: billing sstResellerBill: TRUE sstBillable: TRUE sstBillingCycle: 1 sstCurrency: CHF sstPaymentMethod: invoice sstDeliveryMethod: post sstDiscount: 32 sstCancellationDate: 20181231 sstMailToUID: 4000002 sstMailCcUID: 4000064 sstMailBccUID: 4000066 sstMailBccUID: 4000069
The following example shows a reseller, where their customers receive a bill directly:
dn: ou=billing,uid=4000000,ou=reseller,o=stepping-stone,c=ch objectclass: top objectclass: organizationalUnit objectclass: sstBillingReseller ou: billing sstResellerBill: FALSE sstBillable: TRUE
The following table describes the different attributes:
| Attribute | |
|
Description |
| sstResellerBill | |
|
Should the the reseller receive a consolidated invoice for all their customers? This can be either TRUE or FALSE. The default value is TRUE, meaning that the resellers receives a consolidated invoice for all their customers.
|
| sstBillable | |
|
All hierarchical levels must have sstBillable: TRUE to actually have an invoice generated and sent. If the attribute sstBillable doesn't exist, the default is TRUE. This way, we are forced to set a reseller, customer or product manually to sstBillable: FALSE if we want to avoid sending them an invoice.
|
| sstBillingCycle | |
|
Billing cycle in months. This attribute sstBillingCycle is only checked (evaluated), if the reseller has sstResellerBill set to TRUE (as is the case for the resellers except for stepping stone GmbH). Possible values:
|
| sstCurrency | |
|
Three-letter currency code according to ISO 4217. Possible values are:
|
| sstPaymentMethod | |
|
Payment method of the invoice. Possible values are:
|
| sstDeliveryMethod | |
|
Delivery method of invoices or access data. Possible values are:
|
| sstDiscount | |
|
An optional customer discount (an integer value between 0 and 100). Default is 0. |
| sstCancellationDate | |
|
The cancellation date of a reseller, customer or service in the form of [YYYY][MM][DD] (ISO 8601). For example: 20181231. The attribute sstCancellationDate is used in a logical AND combination with sstIsActive.
|
| sstMailToUID | |
|
This attribute sstMailToUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Even though this attribute is multi-valued, we expect on recipient only. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via To. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000002.
|
| sstMailCcUID | |
|
This attribute sstMailCcUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via CC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000064.
|
| sstMailBccUID | |
|
This attribute sstMailBccUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via BCC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000066 or 4000069.
|
Legend:
- x: Mandatory in all cases.
- x1: The attribute
sstMailToUIDis mandatory, if the delivery methodsstDeliveryMethodis set toemail. - x2: As the default of the attribute
sstBillableisTRUE, it's not really mandatory. For better readability, please always add the attributesstBillable.
Reseller - Reseller - Customers
The sub tree ou=customers,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the customers belonging to the reseller Reseller Ltd. (all the customers with the the attribute sstBelongsToResellerUID=4000000). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of customers belonging to this reseller.
dn: ou=customers,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: customers labeledURI: ldap:///ou=customers,dc=stoney-cloud,dc=org??one?(sstBelongsToResellerUID=4000000) member: uid=4000001,ou=customers,dc=stoney-cloud,dc=org
In this example, the reseller Reseller Ltd. has one customer (with the uid=4000001).
The following table describes the different attributes:
| Attribute | |
|
Description |
| attribure | |
|
TBD. |
Legend:
- x: Mandatory in all cases.
Reseller - Reseller - Employees
The sub tree ou=employees,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the employees belonging to the reseller Reseller Ltd. (all the employees with the the attribute sstBelongsToEmployeeUID=4000000). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of employees belonging to this reseller. The number of employees is always the same or smaller than the number of people belonging to a reseller (they are a subset).
dn: ou=employees,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: employees labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000000) member: uid=4000002,ou=people,dc=stoney-cloud,dc=org
In this example, the reseller Reseller Ltd. has one employee (with the uid=4000002).
The following table describes the different attributes:
| Attribute | |
|
Description |
| attribure | |
|
TBD. |
Legend:
- x: Mandatory in all cases.
Reseller - Reseller - People
The sub tree ou=people,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the all the people belonging to the reseller Reseller Ltd. (all the people, including the employees, with the the attribute sstBelongsToResellerUID=4000000). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a reseller.
dn: ou=people,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: labeledURIObject ou: employees labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToResellerUID=4000000) member: uid=4000002,ou=people,dc=stoney-cloud,dc=org member: uid=4000064,ou=people,dc=stoney-cloud,dc=org member: uid=4000066,ou=people,dc=stoney-cloud,dc=org member: uid=4000069,ou=people,dc=stoney-cloud,dc=org
In this example, four people the reseller Reseller Ltd. (including the employee with the uid=4000002).
The following table describes the different attributes:
| Attribute | |
|
Description |
| attribure | |
|
TBD. |
Legend:
- x: Mandatory in all cases.
Reseller - Reseller (LEGACY)
The following LDIF shows you the default reseller entry after a fresh stoney cloud installation. All relevant data belonging to this reseller is stored below this leaf.
dn: uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: sstReseller uid: 4000000 organizationName: Reseller Ltd. sstBelongsToResellerUID: 4000000 sstIsActive: TRUE
The following table describes the different attributes:
| Attribute | |
|
Description |
| uid | |
|
A unique integer value with 7 digits or more. For example: 4000000. |
| organizationName | |
|
The organisation name of the reseller. For example: Reseller Ltd.. |
| sstBelongsToResellerUID | |
|
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000000. |
| sstExternalID | |
|
The ID (or number) of a customer, person or product in an external database (for example: 234567). |
| sstIsActive | |
|
Is the entry active? Either true (yes) or false (no). |
Legend:
- x: Mandatory in all cases.
Reseller - Reseller - Billing address (LEGACY)
The sub tree ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the billing address:
dn: ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org objectclass: top objectclass: organizationalUnit objectclass: sstAddressCompany ou: address organizationName: Reseller Ltd. sstGender: m givenName: Name surname: Surname postalAddress: Street Number countryName: CH postalCode: Postal Code localityName: Locality preferredLanguage: en-GB mail: name.surname@example.com telephoneNumber: +41 00 000 00 00 mobileTelephoneNumber: +41 00 000 00 00 sstWebsiteURL: https://www.example.com/
The following table describes the different attributes:
| Attribute | |
|
Description |
| organizationName | |
|
Company name, example: stepping stone GmbH |
| sstGender | |
|
Either 'm' for male or 'f' for female. |
| givenName | |
|
Givenname, example: Hans. |
| surname | |
|
Surname, example: Muster. |
| postalAddress | |
|
Street Number, example: Neufeldstrasse 9. Multi-lined field. |
| postOfficeBox | |
|
Postbox, example: 3456. |
| stateOrProvinceName | |
|
This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA. |
| countryName | |
|
Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH. |
| postalCode | |
|
Zipcode, example: 3012 |
| localityName | |
|
City, example: Bern. |
| preferredLanguage | |
|
Display language of the user according to RFC 1766, example: de-CH. Currently supported:
|
| |
|
E-mail address of the user, example: hans.muster@example.com. | |
| telephoneNumber | |
|
Fixnet phone number, example: +41 31 222 33 44. |
| mobileTelephoneNumber | |
|
Mobile phone number, example: +41 76 222 33 44. |
| sstWebsiteURL | |
URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/. |
Legend:
- x1: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
- x2: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
- x3: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.
