stoney core: OpenLDAP directory data organisation

From stoney cloud
Jump to: navigation, search

Contents

Abstract

This document describes the stoney core relevant OpenLDAP directory data organisation.

Data Organisation

The following chapters explain the data organisation of the stoney cloud OpenLDAP directory. This document describes the stoney core relevant OpenLDAP directory data organisation.

Administration

The subtree ou=administration,dc=stoney-cloud,dc=org contains all the administrative data.

nextfreeuid

The entry cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org stores the next free UID (Unique Identifier). The <uid> is unique over the whole directory and is enforced through the directory and is incremented by one.

dn: cn=nextfreeuid,ou=administration,dc=stoney-cloud,dc=org
objectclass: sstNextFreeUID
cn: nextfreeuid
uid: 3724591
uidNumber: 3724591

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
cn ...
MUST
x
The name of the leaf.

For the next free uid, this is: nextfreeuid.

uid ...
...
x
...

Legend:

  • x: Mandatory in all cases.

Before using this attribute uidNumber, you need to be sure, that your directory server actually supports atomic increments (LDAP Modify-Increment). See Lightweight Directory Access Protocol (LDAP) Parameters and Lightweight Directory Access Protocol (LDAP) Modify-Increment Extension (RFC4525).

The following search should tell you, if you LDAP server supports the LDAP Modify-Increment Object Identifier Descriptor (OID 1.3.6.1.1.14):

ldapsearch -H ldaps://ldapm.stepping-stone.ch -b "" -s base -D "cn=Manager,dc=stoney-cloud,dc=org" -W \* + | grep 1.3.6.1.1.14

The result should look as follows:

supportedFeatures: 1.3.6.1.1.14

Options:

-H ldapuri
-b searchbase
-D binddn
-W Prompt for simple authentication.
\* All user attributes are returned. 
+  All operational attributes are returned.

Billing

The sub tree ou=billing,ou=administration,dc=stoney-cloud,dc=org stores all the billing relevant data. Each billable item (bundle, service or service item) is stored in this sub tree.

dn: ou=billing,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: billing

The following LDIF extract shows the billing schema for the product "Mail Account".

dn: uid=100001,ou=billing,ou=administration,dc=stoney-cloud,dc=org
description: Default pricing schema for the product Mail Account.
objectclass: top
objectclass: sstBillingPriceSchema
sstbaseprice: 0
sstbelongstouid: 1
sstbillingunit: Gigabyte
sstfreeunit: 0
sstpriceformula: sstPricePerUnit * sstQuota
sstpriceperunit: 4.00
sstproductname: Mail Account
uid: 100001
sstBelongsToUID: 1

The finale price is calculated with the help of the stored formula (sstPriceFormula). The customer price for a "Mail Account" with a 2 Gigabyte large mailbox (quota) is calculated as follows: Price = sstPricePerUnit * sstQuota = 4.00 CHF/(Gigabyte * Month) * 2 Gigabyte = 8 CHF/Month

All prices are stored in Swiss Francs (because the company stepping stone GmbH resides in Switzerland). You can decide about the default currency yourself. Once a month a billing run is executed, which scans the whole directory. The billing run is a currently "work in progress". For more information, please contact our Accounting departement.

Group Mapping

Used for the group mapping from the given readable format to the local group UID format.

dn: ou=group mapping,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
objectclass: sstLDAPSearchObjectClass
ou: group mapping
description: This entry describes, how to map a given group name to an UID in the local LDAP directory.
sstDisplayName: Group Mapping
sstLDAPBaseDn: ou=groups,dc=stoney-cloud,dc=org
sstLDAPFilter: (&(objectClass=sstGroupObjectClass)(sstGroupName=%s)(sstBelongsToResellerUID=%sstBelongsToResellerUID)(sstBelongsToCustomerUID=%sstBelongsToCustomerUID))
sstLDAPStaticAttribute: uid

Example Mapping for the Technology Group

The following search maps the group Technology belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 to the uid 4000014:

ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid
# extended LDIF
#
# LDAPv3
# base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree
# filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=Technology)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))
# requesting: uid 
#
# 4000014, groups, stoney-cloud.org
dn: uid=4000014,ou=groups,dc=stoney-cloud,dc=org
uid: 4000014
 
# search result
search: 2
result: 0 Success
 
# numResponses: 2
# numEntries: 1

Example Mapping for all Groups

The following search lists all the existing Groups to belonging to the reseller with the sstBelongsToResellerUID 4000000 and the customer with the sstBelongsToCustomerUID 4000001 with the corresponding uids:

ldapsearch -D "cn=Manager,dc=stoney-cloud,dc=org" -w admin -H "ldap://10.1.130.14:389" -b "ou=groups,dc=stoney-cloud,dc=org" "(&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))" uid
# extended LDIF
#
# LDAPv3
# base <ou=groups,dc=stoney-cloud,dc=org> with scope subtree
# filter: (&(objectClass=sstGroupObjectClass)(sstGroupName=*)(sstBelongsToResellerUID=4000000)(sstBelongsToCustomerUID=4000001))
# requesting: uid 
#
 
# 4000014, groups, stoney-cloud.org
dn: uid=4000014,ou=groups,dc=stoney-cloud,dc=org
uid: 4000014
 
# 4000015, groups, stoney-cloud.org
dn: uid=4000015,ou=groups,dc=stoney-cloud,dc=org
uid: 4000015
 
# search result
search: 2
result: 0 Success
 
# numResponses: 3
# numEntries: 2

People (Superuser)

The sub tree ou=people,ou=administration,dc=stoney-cloud,dc=org list all users, which have super user richts (users with the attribute sstBelongsToUID=1). This entry uses the functionality of the the dynlist overlay. The attribut labeleduri contains a pre-defined search, which leads to a automatically created list.

dn: ou=people,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
ou: people
labeleduri: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToUID=1)
member: uid=1000000,ou=people,dc=stoney-cloud,dc=org
member: uid=1000003,ou=people,dc=stoney-cloud,dc=org
member: uid=1000004,ou=people,dc=stoney-cloud,dc=org

As you can see, the OpenLDAP has three people withe Superuser rights.

Services

The sub tree ou=services,ou=administration,dc=stoney-cloud,dc=org contains all the service users. Each service and/or application has its own authentication user. The authentication user is used in the OpenLDAP Directory Access Control Lists (ACLs) to allow or restrict access to the data.

Naming Convention Notification user:

  • <SERVICE>-notification
    • backup-notification
    • cloud-notification
    • lbaas-notification
    • mail-notification
    • storage-notification

Naming Convention Service user:

  • <SERVICE>-<DAEMON>
    • backup-pam-ldap
    • cloud-openstack
    • crm-suitecrm
    • billing-cyclops
    • billing-reseller-billing-info
    • cm-puppetboard (configuration management - Puppetboard Service)
    • dms-alfresco (document management system - Alfresco)
    • iac-terraform (infrastructure as code - Terraform)
    • lbaas-haproxy
    • lbaas-pam-ldap
    • monitoring-zabbix
    • phabricator
    • pm-kanboard
    • qos-rally
    • storage-nextcloud
    • storage-pam_ldap
    • timetracking-kimai
    • vault-cryptopus (A vault is a place where secrets are stored - in other words a password management system)
    • vcs-gitlab (version control system - GitLab Service)
    • virtualization-sc-brokerd
    • wiki-int

Naming Convention API user:

  • <SERVICE>-api
    • lbaas-api

Naming Convention Provisioning user:

  • prov-<SERVICE>-<TYPE>
    • prov-backup-kvm
    • prov-backup-s3-radosgw (Ceph radosgw admin user).
    • client.prov-backup-s3-ceph (Ceph admin user (to delete the bucket, which has a WORM policy)).
    • prov-backup-zsnapshot
    • prov-cloud-openstack
    • prov-configuration-management-puppet
    • prov-lbaas-haproxy
    • prov-mail-ox (Open-Xchange)
    • prov-monitoring-zabbix
    • prov-storage-nextcloud

backup Service User (stoney backup - Posix account based)

The following LDIF shows the backup service user entry:

dn: cn=backup,ou=services,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: backup
sn: posix
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

backup Service User (stoney backup - S3 bucket account based)

dn: cn=backup-s3,ou=services,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: backup-s3
sn: bucket
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

dhcp (DHCP) Service User (stoney conductor)

The following LDIF shows the dhcp service user entry:

dn: cn=dhcp,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: dhcp
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: dhcp
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

libvirtd Service User (stoney conductor)

The following LDIF shows the libvirtd service user entry:

dn: cn=libvirtd,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: libvirtd
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: dhcp
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

prov-backup-kvm (Provisioning-Backup-KVM Daemon) Service User (stoney conductor)

The following LDIF shows the prov-backup-kvm service user entry:

dn: cn=prov-backup-kvm,ou=services,ou=administration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: prov-backup-kvm
sn: prov-backup-kvm
userPassword: <STONEY-CLOUD-PROV-BACKUP-KVM-PASSWORD>

slapd-mirrormode Service User (stoney core)

The following LDIF shows the slapd-mirrormode service user entry:

dn: cn=slapd-mirrormode,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: slapd-mirrormode
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: slapd-mirrormode
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

billing-cyclops Service User (stoney core)

The following LDIF shows the billing service user entry:

dn: cn=billing-cyclops,ou=services,ou=administration,dc=stoney-cloud,dc=org
cn: slapd-mirrormode
objectclass: top
objectclass: organizationalPerson
objectclass: inetOrgPerson
sn: billing-cyclops
userPassword: {SSHA}pJpqL95nlFi78rnAstmn6VvZCXWTjVHZ

Configuration

Configuration management

The sub tree ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org contains the configuration management system relevant entries of the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the configuration management system relevant entries of the whole stoney cloud installation.
dn: ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: configuration management
description: This sub tree contains the configuration management system relevant entries of the whole stoney cloud installation.

Configuration management - Regions

The sub tree ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org contains the configuration management system region entries of the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the configuration management system region entries of the whole stoney cloud installation.
dn: ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: regions
description: This sub tree contains the configuration management system region entries of the whole stoney cloud installation.
Configuration management - Regions - Region example

The following LDIF example shows a typical region.

dn: cn=duedingen_production,ou=regions,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalRole
cn: duedingen_production
description: This region contains the two data centres located in Düdingen and is used for production systems.

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
cn organizationalRole
MUST
x
The region used by the configuration management system Puppet via enc.

For example: cn: duedingen_production.

description organizationalRole
MAY
x
The human readable description of region.

For example: description: This region contains the two data centres located in Düdingen and is used for production systems..

Legend:

  • x: Mandatory in all cases.

Configuration management - Roles

The sub tree ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org contains the configuration management system role entries of the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the configuration management system role entries of the whole stoney cloud installation.
dn: ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: roles
description: This sub tree contains the configuration management system role entries of the whole stoney cloud installation.


Configuration management - Roles - Roles example

The following LDIF example shows a typical role.

dn: cn=base,ou=roles,ou=configuration management,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstConfigurationManagementRole
cn: base
displayName: Base
sstProfiles: - base
description: This is the base role used by all new servers managed by Puppet, but without a final role decided.

The following table describes the different attributes:

Attribute Objectclass Existance Mandatory Description
cn sstConfigurationManagementRole
MUST
x
The role name used by the configuration management system Puppet via enc.

For example: cn: base.

displayName sstConfigurationManagementRole
MUST
x
The role display name (human readable).

For example: displayName: Base.

sstProfiles sstConfigurationManagementRole
MUST
x
The role definition (profile list) used by the configuration management system Puppet via enc. The profiles are listed, one per line. Multiple lines must be base64 endoded:

For example: sstProfiles: - base or sstProfiles:: LSBiYXNlCi0gY2VydGJvdAo=.

Encode:

cat << EOF | base64
- base
- certbot
EOF

Decode:

echo LSBiYXNlCi0gY2VydGJvdAo= | base64 --decode
description organizationalRole
MAY
The human readable description of region.

For example: description: This region contains the two data centres located in Düdingen and is used for production systems..

Operating System

The sub tree ou=operating system,ou=configuration,dc=stoney-cloud,dc=org contains the operating system choices for the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the operating system choices for the whole stoney cloud installation.
dn: ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: operating system
description: This sub tree contains the operating system choices for the whole stoney cloud installation.

Linux

The sub tree uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org contains the Linux based operating system choices for the whole stoney cloud installation.

# This sub tree contains the Linux based operating system choices for the whole stoney cloud installation.
dn: uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000019
sstDisplayName: Linux
description: This sub tree contains the Linux based operating system choices for the whole stoney cloud installation.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0
# This sub tree contains the Debian Linux based operating system choices for the whole stoney cloud installation.
dn: uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000020
sstDisplayName: Debian
description: This sub tree contains the Debian Linux based operating system choices for the whole stoney cloud installation.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000021,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000021
sstDisplayName: 5
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000022,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000022
sstDisplayName: 6
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000023,uid=4000020,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000023
sstDisplayName: 7
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0
# This sub tree contains the Fedora Linux based operating system choices for the whole stoney cloud installation.
dn: uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000024
sstDisplayName: Fedora
description: This sub tree contains the Fedora Linux based operating system choices for the whole stoney cloud installation.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000025,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000025
sstDisplayName: 12
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000026,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000026
sstDisplayName: 13
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000027,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000027
sstDisplayName: 14
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000028,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000028
sstDisplayName: 15
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000029,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000029
sstDisplayName: 16
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000030,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000030
sstDisplayName: 17
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000031,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000031
sstDisplayName: 18
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000032,uid=4000024,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000032
sstDisplayName: 19
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0
# This sub tree contains the Gentoo Linux based operating system choices for the whole stoney cloud installation.
dn: uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000033
sstDisplayName: Gentoo
description: This sub tree contains the Gentoo Linux based operating system choices for the whole stoney cloud installation.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000034
sstDisplayName: 2012.0
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000035
sstDisplayName: 2013.0
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

Windows

The sub tree uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org contains the Windows based operating system choices for the whole stoney cloud installation.

# This sub tree contains the Windows based operating system choices for the whole stoney cloud installation.
dn: uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000036
sstDisplayName: Windows
description: This sub tree contains the Windows based operating system choices for the whole stoney cloud installation.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0
# This sub tree contains the Windows Server 2008 based operating system choices for the whole stoney cloud installation.
dn: uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000037
sstDisplayName: Server 2008
description: This sub tree contains the Windows Server 2008 based operating system choices for the whole stoney cloud installation.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000038,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000038
sstDisplayName: Datacenter
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000039,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000039
sstDisplayName: Enterprise
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000040,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000040
sstDisplayName: Foundation
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000041,uid=4000037,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000041
sstDisplayName: Standard
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0
# This sub tree contains the Windows Server 2008 R2 based operating system choices for the whole stoney cloud installation.
dn: uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000042
sstDisplayName: Server 2008 R2
description: This sub tree contains the Windows Server 2008 R2 based operating system choices for the whole stoney cloud installation.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000043,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000043
sstDisplayName: Datacenter
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000044,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000044
sstDisplayName: Enterprise
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000045,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000045
sstDisplayName: Foundation
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000046,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000046
sstDisplayName: Standard
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000047,uid=4000042,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000047
sstDisplayName: Web
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0
# This sub tree contains the Windows Server 2012 based operating system choices for the whole stoney cloud installation.
dn: uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000048
sstDisplayName: Server 2012
description: This sub tree contains the Windows Server 2012 based operating system choices for the whole stoney cloud installation.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000049,uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000049
sstDisplayName: Datacenter
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000050,uid=4000048,uid=4000036,ou=operating system,ou=configuration,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000050
sstDisplayName: Standard
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

Software Stack

The sub tree ou=software stack,ou=configuration,dc=foss-cloud,dc=org contains the software stack choices for the whole stoney cloud installation. They can be extended by the administrator.

# This sub tree contains the software stack choices for the whole stoney cloud installation.
dn: ou=software stack,ou=configuration,dc=foss-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: software stack
description: This sub tree contains the software stack choices for the whole stoney cloud installation.
dn: ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: environments
description: This sub tree contains the software stack environment choices for the whole stoney cloud installation.

dn: uid=4000054,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000054
sstDisplayName: Test Environment
description: This is the environment used for testing (pre-production).
sstEnvironmentName: Test
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000055,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000055
sstDisplayName: Development Environment
description: This is the environment used for development (sandbox).
sstEnvironmentName: Development
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

dn: uid=4000056,ou=environments,ou=software stack,ou=configuration,dc=foss-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
uid: 4000056
sstDisplayName: Production Environment
description: This is the environment used for production.
sstEnvironmentName: Production
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

The multi-valued labeledURI attribute contains the operating system(s) for which a software stack works and therefore can be shown to the customer. The following three attributes tell us, who is allowed to access this leaf:

  • sstAllowResellerUID: Stores the reseller UID(s) that are allowed access to this leaf. If set to 0 (zero), all resellers have access.
  • sstAllowCustomerUID: Stores the customer UID(s) that are allowed access to this leaf. If set to 0 (zero), all customers belonging to the allowed resellers have access.
  • sstAllowPersonUID: Stores the person UID(s) that are allowed access to this leaf. If set to 0 (zero), all people belonging to the allowed resellers and the allowed customers have access.
dn: uid=4000051,ou=software stack,ou=configuration,dc=foss-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
objectclass: labeledURIObject
uid: 4000051
sstDisplayName: Django (Version 1)
description: Django Python Web Framework Version 1.
labeledURI: ldap://uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org
labeledURI: ldap://uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org
sstEnvironmentName: Test
sstEnvironmentName: Development
sstEnvironmentName: Production
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0
dn: uid=4000052,ou=software stack,ou=configuration,dc=foss-cloud,dc=org
objectclass: top
objectclass: sstGroupObjectClass
objectclass: sstRelationship
objectclass: labeledURIObject
uid: 4000052
sstDisplayName: Django (Version 2)
description: Django Python Web Framework Version 2.
labeledURI: ldap://uid=4000034,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org
labeledURI: ldap://uid=4000035,uid=4000033,uid=4000019,ou=operating system,ou=configuration,dc=foss-cloud,dc=org
sstEnvironmentName: Test
sstEnvironmentName: Development
sstEnvironmentName: Production
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstAllowResellerUID: 0
sstAllowCustomerUID: 0
sstAllowPersonUID: 0

Customers

The sub tree ou=customers,dc=stoney-cloud,dc=org contains all the customers. Each customer has a unique uid, which is used for later reference.

Customers - Customer

We have two kinds of customers:

  • Company customer: This is the normal case, as we target companies.
  • Private customer: A private customer does not have a company/organisation name.

The following LDIF examples will show both cases where necessary. The first LDIF shows you the default company customer entry after a fresh stoney cloud installation. All relevant data belonging to this customer is stored below this dn.

dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstCustomer
objectclass: sstRelationship
uid: 4000001
organizationName: Customer Ltd.
sstIsCompany: TRUE
sstIsActive: TRUE
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001

The following LDIF shows you the private customer entry. All relevant data belonging to this customer are stored below this dn.

dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstCustomer
objectclass: sstRelationship
uid: 4000001
givenName: Name
surname: Surname
sstIsCompany: FALSE
sstIsActive: TRUE
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
uid
MUST
x
A unique integer value with 7 digits or more. For example: 4000000.
organizationName
MAY
x1
The organisation name of the customer. For example: Customer Ltd..
givenName
MAY
x1
Givenname, example: Hans.
surname
MAY
x1
Surname, example: Muster.
sstIsCompany
MUST
x
Is the entry active? Either true (yes) or false (no).
sstIsActive
MAY
x
Is the entry active? Either true (yes) or false (no).
sstExternalID
MAY
The ID (or number) of a customer, person or product in an external database (for example: 234567).
sstBelongsToResellerUID
MUST
x
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000.
sstBelongsToCustomerUID
MAY
x
Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001.

Legend:

  • x: Mandatory in all cases.
  • x1: If sstIsCompany is set to TRUE, the organizationName must be set. Otherwise givenName and surname must be set.

Customers - Customer - Billing address

The sub tree ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the billing address for a company customer:

dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstAddress
ou: address
organizationName: Customer Ltd.
sstGender: m
givenName: Name
surname: Surname
postalAddress: Street Number
countryName: CH
postalCode: Postal Code
localityName: Locality
preferredLanguage: en-GB
mail: Name Surname <name.surname@example.com>
sstMailCc: Info Customer Ltd. <info@example.com>
sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org>
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstWebsiteURL: https://www.example.com/

The sub tree ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the billing address for a private customer:

dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstAddress
ou: address
sstGender: m
givenName: Name
surname: Surname
postalAddress: Street Number
countryName: CH
postalCode: Postal Code
localityName: Locality
preferredLanguage: en-GB
mail: Name Surname <name.surname@example.com>
sstMailCc: Info <info@example.com>
sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org>
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstWebsiteURL: https://www.example.com/

The following table describes the different attributes:

Attribute Name
Existence
Mandatory
Interface Equivalent Description
organizationName
MAY
x1
Customer Name Customer name, for example: stepping stone GmbH.
sstGender
MUST
x
Gender Either 'm' for male or 'f' for female. For example: m.
givenName
MUST
x
Name Name, for example: Hans.
surname
MUST
x
Surname Surname, for example: Muster.
postalAddress
MAY
x3
Address Multi-lined address, for example: Neufeldstrasse 9.
postOfficeBox
MAY
x3
Post Office Box Post Office Box, for example: 3456.
stateOrProvinceName
MAY
x4
State or Province Name This pull down menu is only active (appears to the user), if the country is set to Canada or the USA.
countryName
MUST
x
Country Country code according to ISO 3166-1. The English short name (upper/lower case) is used for the interface and the corresponding ISO 3166-1-alpha-2 code (a two-letter code that represents a country name, recommended as the general purpose code) is used for the LDAP entry). For example: Switzerland in the interface and CH in the LDAP directory.
postalCode
MUST
x
Postal Code Postal Code without the country code, for example: 3012.
localityName
MUST
x
Location Location, for example: Berne.
preferredLanguage
MUST
x
Language Display language of the user according to RFC 1766. For example: de-CH. The following languages are currently supported:
  • de-CH
  • de-DE
  • en-GB
  • en-US
  • fr-CH
  • fr-FR
mail
MUST
x
Mail Address The customers "To:" billing mail address, for example: Hans Muster <hans.muster@example.com>. This is a multi-valued attribute and it MUST contain at least one "To:" billing mail address.
sstMailCc
MAY
Mail Address The customers "CC:" billing mail address, for example: Info Customer Ltd. <info@example.com>. This is a multi-valued attribute and can contain zero or more "CC:" billing mail addresses.
sstMailBcc
MAY
Mail Address The customers "BCC:" billing mail address, for example: Accounting Service Provider Ltd. <accounting@example.org>. This is a multi-valued attribute and can contain zero or more "BCC:" billing mail addresses. Here we'd expect the Accounting mail address of the service provider (for accountability reasons).
telephoneNumber
MAY
x2
Telephone Telephone number of the user according to E.164 (international dialling code, trunk code, area code, subscriber line). For example: +41 31 222 33 44.
mobileTelephoneNumber
MAY
x2
Mobile Mobile phone number of the user according to E.164 (international dialling code, trunk code, area code, subscriber line). For example: +41 76 222 33 44.
sstWebsiteURL
MAY
Website Website URL according to RFC-3986. For example: http://www.stepping-stone.ch/.

Legend:

  • x1: If the attribute sstIsCompany of the parent entry is set to TRUE, the organizationName must be set.
  • x2: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
  • x3: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
  • x4: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

Customers - Customer - Shipping address (optional)

The sub tree ou=shipping,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the shipping address and is optional (it is only needed, if the shipping address differs from the billing Address).

dn: ou=shipping,uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstAddress
ou: shipping
organizationName: Customer Ltd.
sstGender: m
givenName: Name
surname: Surname
postalAddress: Street Number
countryName: CH
postalCode: Postal Code
localityName: Locality
preferredLanguage: en-GB
mail: name.surname@example.com
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstWebsiteURL: https://www.example.com/

Customers - Customer - Billing

The sub tree ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains billing relevant data. The following example shows a customer, receiving a monthly bill.

dn: ou=billing,uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstBillingCustomer
ou: billing
sstBillable: TRUE
sstBillingCycle: 1
sstCurrency: CHF
sstPaymentMethod: invoice
sstDeliveryMethod: post
sstDiscount: 20
sstCancellationDate: 20181231
sstMailToUID: 4000002
sstMailCcUID: 4000064
sstMailBccUID: 4000066
sstMailBccUID: 4000069

The following example shows a customer, which receives their bill via their reseller (no billing done by us):

dn: ou=billing,uid=4000001,ou=customers,o=stepping-stone,c=ch
objectclass: top
objectclass: organizationalUnit
objectclass: sstBillingCustomer
ou: billing
sstBillable: TRUE

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
sstBillable
MAY
x2
All hierarchical levels must have sstBillable: TRUE to actually have an invoice generated and sent. If the attribute sstBillable doesn't exist, the default is TRUE. This way, we are forced to set a reseller, customer or product manually to sstBillable: FALSE if we want to avoid sending them an invoice.
sstBillingCycle
MAY
Billing cycle in months. This attribute sstBillingCycle is only checked (evaluated), if the reseller the customer belongs to, has sstResellerBill set to FALSE (as is the case for the reseller stepping stone GmbH). Possible values:
  • 1: Monthly invoice.
  • 3: Quarterly invoice.
  • 6: Semi-annually invoice.
  • 12: Yearly invoice (this is the default billing period if no sstBillingCycle is set).
sstCurrency
MAY
Three-letter currency code according to ISO 4217. Possible values are:
  • CHF: Swiss franc (this is the default currency if no sstCurrency is set).
  • EUR: Euro
  • GBP: Pound sterling
  • USD: United States dollar
sstPaymentMethod
MAY
Payment method of the invoice. Possible values are:
  • invoice: Classic invoice, sent according to the delivery method defined in sstDeliveryMethod (this is the default payment method if no sstPaymentMethod is set).
  • postcard: Electronic invoice via PostFinance.
  • creditcard: Credit card payment.
sstDeliveryMethod
MAY
Delivery method of invoices or access data. Possible values are:
  • email: The invoice or access data is sent via email to the recipient.
  • post: The invoice or access data is sent via snail mail to the recipient (this is the default delivery method if no sstDeliveryMethod is set).
sstDiscount
MAY
An optional customer discount (an integer value between 0 and 100). Default is 0.
sstCancellationDate
MAY
The cancellation date of a reseller, customer or service in the form of [YYYY][MM][DD] (ISO 8601). For example: 20181231. The attribute sstCancellationDate is used in a logical AND combination with sstIsActive.
sstMailToUID
MAY
x1
This attribute sstMailToUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Even though this attribute is multi-valued, we expect on recipient only. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via To. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000002.
sstMailCcUID
MAY
This attribute sstMailCcUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via CC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000064.
sstMailBccUID
MAY
This attribute sstMailBccUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via BCC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000066 or 4000069.

Legend:

  • x: Mandatory in all cases.
  • x1: The attribute sstMailToUID is mandatory, if the delivery method sstDeliveryMethod is set to email.
  • x2: As the default of the attribute sstBillable is TRUE, it's not really mandatory. For better readability, please always add the attribute sstBillable.

Customers - Customer - Employees

The sub tree ou=employees,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the employees belonging to the reseller Customer Ltd. (all the employees with the the attribute sstBelongsToEmployeeUID=4000001). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of employees belonging to this customer. The number of employees is always the same or smaller than the number of people belonging to a customer (they are a subset).

dn: ou=employees,uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
ou: employees
labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000001)
member: uid=4000002,ou=people,dc=stoney-cloud,dc=org

In this example, the customer Customer Ltd. has one employee (with the uid=4000002).

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
attribure
MUST
x
TBD.

Legend:

  • x: Mandatory in all cases.

Customers - Customer - People

The sub tree ou=people,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the all the people belonging to the customer Customer Ltd. (all the people, including the employees, with the the attribute sstBelongsToCustomerUID=4000001). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a reseller.

dn: ou=people,uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
ou: people
labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToCustomerUID=4000001)
member: uid=4000002,ou=people,dc=stoney-cloud,dc=org
member: uid=4000064,ou=people,dc=stoney-cloud,dc=org
member: uid=4000066,ou=people,dc=stoney-cloud,dc=org
member: uid=4000069,ou=people,dc=stoney-cloud,dc=org

In this example, four people the customer Customer Ltd. (including the employee with the uid=4000002).

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
attribure
MUST
x
TBD.

Legend:

  • x: Mandatory in all cases.

Customers - Customer (LEGACY)

We have two kinds of customers:

  • Company customer: This is the normal case, as we target companies.
  • Private customer: A private customer does not have a company/organisation name.

The following LDIF examples will show both cases where necessary. The first LDIF shows you the default company customer entry after a fresh stoney cloud installation. All relevant data belonging to this reseller is stored below this leaf.

dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstCustomerCompany
uid: 4000001
organizationName: Customer Ltd.
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstIsActive: TRUE

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
uid
MUST
x
A unique integer value with 7 digits or more. For example: 4000000.
organizationName
MUST
x
The organisation name of the reseller. For example: Customer Ltd..
sstBelongsToResellerUID
MUST
x
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000.
sstBelongsToCustomerUID
MAY
x
Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001.
sstExternalID
MAY
The ID (or number) of a customer, person or product in an external database (for example: 234567).
sstIsActive
MAY
x
Is the entry active? Either true (yes) or false (no).

Legend:

  • x: Mandatory in all cases.

The following LDIF shows you the private customer entry. All relevant data belonging to this reseller are stored below this leaf.

dn: uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstCustomerPerson
uid: 4000001
givenName: Name
surname: Surname
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstIsActive: TRUE

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
uid
MUST
x
A unique integer value with 7 digits or more. For example: 4000000.
givenName
MUST
x
Givenname, example: Hans.
surname
MUST
x
Surname, example: Muster.
sstBelongsToResellerUID
MUST
x
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000000.
sstBelongsToCustomerUID
MAY
x
Stores the customer UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000001.
sstExternalID
MAY
The ID (or number) of a customer, person or product in an external database (for example: 234567).
sstIsActive
MAY
x
Is the entry active? Either true (yes) or false (no).

Legend:

  • x: Mandatory in all cases.

Customers - Customer (LEGACY) - Billing address

The sub tree ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the billing address for a company customer:

dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstAddressCompany
ou: address
organizationName: Customer Ltd.
sstGender: m
givenName: Name
surname: Surname
postalAddress: Street Number
countryName: CH
postalCode: Postal Code
localityName: Locality
preferredLanguage: en-GB
mail: name.surname@example.com
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstWebsiteURL: https://www.example.com/

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
organizationName
MUST
x
Company name, example: stepping stone GmbH
sstGender
MUST
x
Either 'm' for male or 'f' for female.
givenName
MUST
x
Givenname, example: Hans.
surname
MUST
x
Surname, example: Muster.
postalAddress
MAY
x2
Street Number, example: Neufeldstrasse 9. Multi-lined field.
postOfficeBox
MAY
x2
Postbox, example: 3456.
stateOrProvinceName
MAY
x3
This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA.
countryName
MUST
x
Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH.
postalCode
MUST
x
Zipcode, example: 3012
localityName
MUST
x
City, example: Bern.
preferredLanguage
MUST
x
Display language of the user according to RFC 1766, example: de-CH. Currently supported:
  • de-CH
  • en-GB
mail
MUST
x
E-mail address of the user, example: hans.muster@example.com.
telephoneNumber
MAY
x1
Fixnet phone number, example: +41 31 222 33 44.
mobileTelephoneNumber
MAY
x1
Mobile phone number, example: +41 76 222 33 44.
sstWebsiteURL
MAY
URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/.

Legend:

  • x1: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
  • x2: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
  • x3: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

The sub tree ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org contains the billing address for a private customer:

dn: ou=address,uid=4000001,ou=customers,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstAddressPerson
ou: address
sstGender: m
givenName: Name
surname: Surname
postalAddress: Street Number
countryName: CH
postalCode: Postal Code
localityName: Locality
preferredLanguage: en-GB
mail: name.surname@example.com
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstWebsiteURL: https://www.example.com/

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
sstGender
MUST
x
Either 'm' for male or 'f' for female.
givenName
MUST
x
Givenname, example: Hans.
surname
MUST
x
Surname, example: Muster.
postalAddress
MAY
x2
Street Number, example: Neufeldstrasse 9. Multi-lined field.
postOfficeBox
MAY
x2
Postbox, example: 3456.
stateOrProvinceName
MAY
x3
This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA.
countryName
MUST
x
Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH.
postalCode
MUST
x
Zipcode, example: 3012
localityName
MUST
x
City, example: Bern.
preferredLanguage
MUST
x
Display language of the user according to RFC 1766, example: de-CH. Currently supported:
  • de-CH
  • en-GB
mail
MUST
x
E-mail address of the user, example: hans.muster@example.com.
telephoneNumber
MAY
x1
Fixnet phone number, example: +41 31 222 33 44.
mobileTelephoneNumber
MAY
x1
Mobile phone number, example: +41 76 222 33 44.
sstWebsiteURL
MAY
URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/.

Legend:

  • x1: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
  • x2: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
  • x3: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

Groups

People

The sub tree which contains all the people. Each person has a unique identifier (uid):

dn: ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
description: The sub tree which contains all the people.

People - Person

Each person hat its own leaf with a unique identifier (uid). The following LDIF shows you a typical person entry. All relevant data belonging to this person is stored below this leaf.

dn: uid=4000002,ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstPerson
uid: 4000002
sstGender: m
sstTitle: CEO
givenName: Name
surname: Surname
displayName: Name Surname
preferredLanguage: en-GB
userPassword: {SSHA}UgrBHVhKxFQInWWpzf1ddgEVmSg5vKUm
mail: name.surname@example.com
cn: admin
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstTimeZoneOffset: UTC+01
sstIsActive: TRUE
sstBelongsToResellerUID: 4000000
sstBelongsToCustomerUID: 4000001
sstEmployeeOfUID: 4000000
sstEmployeeOfUID: 4000001

The person Name Surname (with the uid=4000002) belongs to the reseller Reseller Ltd. (with sstBelongsToResellerUID=4000000) and is an employee of the same company (sstEmployeeOfUID=4000000). The person also belongs the customer Customer Ltd. (with sstBelongsToCustomerUID=4000001) and is an employee of the same company (sstEmployeeOfUID=4000001).

The following table describes the different attributes:

AttributeType
Existence
Mandatory
Interface Equivalent
User alterable
Description
uid
MUST
x
UID
Unique Identifier. For example: 4000002.
sstGender
MUST
x
Gender
Either 'm' for male or 'f' for female. For example: m.
sstTitle
MAY
x
Title
x
The title of a person as a UTF-8] formatted string. For example: CEO or Technician.
givenName
MUST
x
Name
x
Name, for example: Hans.
surname
MUST
x
Surname
x
Surname, for example: Muster.
displayName
MAY
x2
Display name
Display name, for example: Hans Muster.
preferredLanguage
MUST
x
Language
x
Display language of the user according to RFC 1766: [ISO 639-1 Code]-[ISO 3166-1-alpha-2 code] . For example: de-CH
userPassword
MUST
x
Password
x
SSHA user password. {SSHA} is a RFC 2307 password scheme which uses the SHA1 secure hash algorithm. For example: {SSHA}h+qbh3pFWrZxmz02H5tXhOr+0/wrmHFF.
mail
MUST
x
Mail Address
x
The users mail address, for example: hans.muster@example.com.
cn
MAY
Common name of the user, for example: sst-mei.
telephoneNumber
MAY
x1
Telephone
x1
Telephone number of the user according to E.164 (international dialling code, trunk code, area code, subscriber line). For example: +41 31 222 33 44.
mobileTelephoneNumber
MAY
x1
Mobile
x1
Mobile phone number of the user according to E.164 (international dialling code, trunk code, area code, subscriber line). For example: +41 76 222 33 44.
sstTimeZoneOffset
MUST
x
Time zone as an offset from UTC. For example: UTC+01
sstIsActive
MAY
x
Is the entry active? Either true (yes) or false (no).
sstBelongsToUID
MAY
If this value is set to 1, the user is the super user of the whole stoney cloud installation. Therefore this user can add and remove resellers. Use with caution.
sstBelongsToResellerUID
MAY
x
Stores the reseller UID the person belongs to. A unique value with 7 digits or more. For example: 4000000.
sstBelongsToCustomerUID
MUST
x
Stores the customer UID the person belongs to. A unique value with 7 digits or more. For example: 4000001.
sstEmployeeOfUID
MAY
Employee of
Stores the UID(s) the person is an employee of. The UID(s) can belong to one or more resellers or also to one or more customers. A unique value with 7 digits or more. For example: 4000001.


sstExternalID
MAY
External ID
The ID (or number) of a customer, person or product in an external database. For example: 234567.

Legend:

  • x1: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
  • x2: Mandatory, if the person belongs to customer that has subscribed a stoney storage service.

People - Person - Session tokens

Using session tokens, when the user logs out, the client sends a logout request to the server. The session token is then removed from LDAP by the server and the client discards the session token.

Special cases:

  • If the user's password is changed, all session tokens must be removed from LDAP in order to force the user to re-login.
  • If any attributes are changed which control the user's affiliation (reseller, company, etc), all session tokens must be removed from LDAP in order to force the user to re-login.
    Specific attributes:
    • sstBelongsToResellerUID
    • sstBelongsToCustomerUID
    • sstEmployeeOfUID
    • sstEmployeeOfUID

In our case, we store the session tokens in a leaf beneath the person (as these tokens are personal).

People - Person - Session tokens example

Below each person entry, we have a tokens sub tree, which stores the session tokens:

dn: ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: tokens
description: The sub tree for the session tokens of the person with the uid '4000002'.

The following table describes the different attributes:

Attribute Objectclass
Existence
Mandatory
Description
ou organizationalUnit
MUST
x
The sub tree containing all the session tokens.

For example: ou: tokens.

description organizationalUnit
MAY
The description of the leaf. As this sub tree is created by the stoney API, we don't really need a human readable description.

For example: description: The sub tree for the session tokens of the person with the uid '4000002'.

Legend:

  • x: Mandatory in all cases.

Each session token receives its own child-entry to store additional meta data, such as the token's create date, last utilisation date, ... In the example below, the session token sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4 was created on the 13th of April 2021 at 08:10:27 UTC (sstCreationDate: 20210413T081027Z) and two clients have used this token (the first with an IPv4 address, the second with an IPv6 address):

dn: sstToken=2e211493-41e6-4c74-9431-b5d990b177a4,ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstTokenObjectClass
sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4
description: The sub tree for the JSON Web Token with the id '2e211493-41e6-4c74-9431-b5d990b177a4'.
sstCreationDate: 20210413T081027Z
sstClient: 20210413T081027Z: 194.176.109.13 Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0
sstClient: 20210413T132805Z: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4456.0 Safari/537.36 Edg/91.0.845.2

The API will make sure, that the amount of registered remote IP addresses and requesting User-Agents doesn't exceed a certain configurable limit (for example: 2). If the limit is exceeded, the session will be invalidated.

The following table describes the different attributes:

Attribute Objectclass
Existence
Mandatory
Description
sstToken sstTokenObjectClass
MUST
x
The sub tree containing all the information of a session (creation date, access date, IPv4 or IPv6 address and the clients user agent). The session token has the form of a UUID (Universally Unique Identifier)..

For example: sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4.

description sstTokenObjectClass
MAY
The description of the leaf. As this sub tree is created by the stoney API, we don't really need a human readable description.

For example: description: The sub tree for the JSON Web Token with the id '2e211493-41e6-4c74-9431-b5d990b177a4'.

sstCreationDate sstTokenObjectClass
MUST
x
The session token creation time (UTC) in the form of [YYYY][MM][DD]T[hh][mm][ss]Z according to the ISO 8601 definition.

For example: sstCreationDate: 20210413T081027Z.

sstClient sstTokenObjectClass
MUST
x
The multi-valued attribute containing client information. This attribute contains the following information:
  • The access time (UTC) in the form of [YYYY][MM][DD]T[hh][mm][ss]Z according to the ISO 8601 definition.
  • The IPv4 or IPv6 address, from which the client has accessed the stoney API.
  • The user agent of the client.

This information is separated by spaces: sstClient: [YYYY][MM][DD]T[hh][mm][ss]Z" "IPv4 or IPv6" "User-Agent".

For example: sstClient: 20210413T081027Z 194.176.109.13 Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0.

Please be aware, that the maximal length of a sstClient string is restricted to 256 characters.

Legend:

  • x: Mandatory in all cases.

People - Person - Roles (LEGACY)

dn: sstRole=Monitoring Administrator,uid=4000002,ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstRoles
sstProduct: 0
sstRole: Monitoring Administrator
dn: sstRole=User,uid=4000002,ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstRoles
sstProduct: 0
sstRole: User
dn: sstRole=Virtualization Administrator,uid=4000002,ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstRoles
sstProduct: 0
sstRole: Virtualization Administrator

Reseller

The sub tree ou=reseller,dc=stoney-cloud,dc=org contains all the resellers. Each reseller has a unique uid, which is used for later reference.

Reseller - Reseller

The following LDIF shows a typical reseller entry. All relevant data belonging to this reseller is stored below this leaf.

dn: uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstReseller
uid: 4000000
organizationName: Reseller Ltd.
sstIsCompany: TRUE
sstIsActive: TRUE
sstBelongsToResellerUID: 4000000

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
uid
MUST
x
A unique integer value with 7 digits or more. For example: 4000000.
organizationName
MAY
x
The organisation name of the reseller. For example: Reseller Ltd.. A reseller must be a company (sstIsCompany: TRUE).
description
MAY
The description of the leaf.
sstIsCompany
MUST
x
Is the entry a company? Either true (yes) or false (no).
sstIsActive
MAY
x
Is the entry active? Either true (yes) or false (no).
sstExternalID
MAY
The ID (or number) of a customer, person or product in an external database (for example: 234567).
sstBelongsToResellerUID
MUST
x
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more. For example: 4000000.

Legend:

  • x: Mandatory in all cases.

Reseller - Reseller - Billing address

The sub tree ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the billing address:

dn: ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstAddress
ou: address
organizationName: Reseller Ltd.
sstGender: m
givenName: Name
surname: Surname
postalAddress: Street Number
countryName: CH
postalCode: Postal Code
localityName: Locality
preferredLanguage: en-GB
mail: Name Surname <name.surname@example.com>
sstMailCc: Info Reseller Ltd. <info@example.com>
sstMailBcc: Accounting Service Provider Ltd. <accounting@example.org>
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstWebsiteURL: https://www.example.com/

The following table describes the different attributes:

Attribute Name
Existence
Mandatory
Interface Equivalent Description
organizationName
MAY
x1
Reseller Name Reseller name, for example: stepping stone GmbH.
sstGender
MUST
x
Gender Either 'm' for male or 'f' for female. For example: m.
givenName
MUST
x
Name Name, for example: Hans.
surname
MUST
x
Surname Surname, for example: Muster.
postalAddress
MAY
x3
Address Multi-lined address, for example: Neufeldstrasse 9.
postOfficeBox
MAY
x3
Post Office Box Post Office Box, for example: 3456.
stateOrProvinceName
MAY
x4
State or Province Name This pull down menu is only active (appears to the user), if the country is set to Canada or the USA.
countryName
MUST
x
Country Country code according to ISO 3166-1. The English short name (upper/lower case) is used for the interface and the corresponding ISO 3166-1-alpha-2 code (a two-letter code that represents a country name, recommended as the general purpose code) is used for the LDAP entry). For example: Switzerland in the interface and CH in the LDAP directory.
postalCode
MUST
x
Postal Code Postal Code without the country code, for example: 3012.
localityName
MUST
x
Location Location, for example: Berne.
preferredLanguage
MUST
x
Language Display language of the user according to RFC 1766. For example: de-CH. The following languages are currently supported:
  • de-CH
  • de-DE
  • en-GB
  • en-US
  • fr-CH
  • fr-FR


mail
MUST
x
Mail Address The resellers "To:" billing mail address, for example: Hans Muster <hans.muster@example.com>. This is a multi-valued attribute and it MUST contain at least one "To:" billing mail address.
sstMailCc
MAY
Mail Address The resellers "CC:" billing mail address, for example: Info Reseller Ltd. <info@example.com>. This is a multi-valued attribute and can contain zero or more "CC:" billing mail addresses.
sstMailBcc
MAY
Mail Address The customers "BCC:" billing mail address, for example: Accounting Service Provider Ltd. <accounting@example.org>. This is a multi-valued attribute and can contain zero or more "BCC:" billing mail addresses. Here we'd expect the Accounting mail address of the service provider (for accountability reasons).
telephoneNumber
MAY
x2
Telephone Telephone number of the user according to E.164 (international dialling code, trunk code, area code, subscriber line). For example: +41 31 222 33 44.
mobileTelephoneNumber
MAY
x2
Mobile Mobile phone number of the user according to E.164 (international dialling code, trunk code, area code, subscriber line). For example: +41 76 222 33 44.
sstWebsiteURL
MAY
Website Website URL according to RFC-3986. For example: http://www.stepping-stone.ch/.

Legend:

  • x1: If the attribute sstIsCompany of the parent entry is set to TRUE, the organizationName must be set.
  • x2: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
  • x3: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
  • x4: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.

Reseller - Reseller - Shipping address (optional)

The sub tree ou=shipping,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the shipping address and is optional (it is only needed, if the shipping address differs from the billing Address).

dn: ou=shipping,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstAddress
ou: shipping
organizationName: Reseller Ltd.
sstGender: m
givenName: Name
surname: Surname
postalAddress: Street Number
countryName: CH
postalCode: Postal Code
localityName: Locality
preferredLanguage: en-GB
mail: name.surname@example.com
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstWebsiteURL: https://www.example.com/

Reseller - Reseller - Billing

The sub tree ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains billing relevant data. The following example shows a reseller, receiving a monthly bill.

dn: ou=billing,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstBillingReseller
ou: billing
sstResellerBill: TRUE
sstBillable: TRUE
sstBillingCycle: 1
sstCurrency: CHF
sstPaymentMethod: invoice
sstDeliveryMethod: post
sstDiscount: 32
sstCancellationDate: 20181231
sstMailToUID: 4000002
sstMailCcUID: 4000064
sstMailBccUID: 4000066
sstMailBccUID: 4000069

The following example shows a reseller, where their customers receive a bill directly:

dn: ou=billing,uid=4000000,ou=reseller,o=stepping-stone,c=ch
objectclass: top
objectclass: organizationalUnit
objectclass: sstBillingReseller
ou: billing
sstResellerBill: FALSE 
sstBillable: TRUE

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
sstResellerBill
MUST
x
Should the the reseller receive a consolidated invoice for all their customers? This can be either TRUE or FALSE. The default value is TRUE, meaning that the resellers receives a consolidated invoice for all their customers.
sstBillable
MAY
x2
All hierarchical levels must have sstBillable: TRUE to actually have an invoice generated and sent. If the attribute sstBillable doesn't exist, the default is TRUE. This way, we are forced to set a reseller, customer or product manually to sstBillable: FALSE if we want to avoid sending them an invoice.
sstBillingCycle
MAY
Billing cycle in months. This attribute sstBillingCycle is only checked (evaluated), if the reseller has sstResellerBill set to TRUE (as is the case for the resellers except for stepping stone GmbH). Possible values:
  • 1: Monthly invoice (this is the default billing period if no sstBillingCycle is set).
  • 3: Quarterly invoice.
  • 6: Semi-annually invoice.
  • 12: Yearly invoice.
sstCurrency
MAY
Three-letter currency code according to ISO 4217. Possible values are:
  • CHF: Swiss franc (this is the default currency if no sstCurrency is set).
  • EUR: Euro
  • GBP: Pound sterling
  • USD: United States dollar
sstPaymentMethod
MAY
Payment method of the invoice. Possible values are:
  • invoice: Classic invoice, sent according to the delivery method defined in sstDeliveryMethod (this is the default payment method if no sstPaymentMethod is set).
  • postcard: Electronic invoice via PostFinance.
  • creditcard: Credit card payment.
sstDeliveryMethod
MAY
Delivery method of invoices or access data. Possible values are:
  • email: The invoice or access data is sent via email to the recipient.
  • post: The invoice or access data is sent via snail mail to the recipient (this is the default delivery method if no sstDeliveryMethod is set).
sstDiscount
MAY
An optional customer discount (an integer value between 0 and 100). Default is 0.
sstCancellationDate
MAY
The cancellation date of a reseller, customer or service in the form of [YYYY][MM][DD] (ISO 8601). For example: 20181231. The attribute sstCancellationDate is used in a logical AND combination with sstIsActive.
sstMailToUID
MAY
x1
This attribute sstMailToUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Even though this attribute is multi-valued, we expect on recipient only. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via To. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000002.
sstMailCcUID
MAY
This attribute sstMailCcUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via CC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000064.
sstMailBccUID
MAY
This attribute sstMailBccUID is only checked (evaluated), if the delivery method sstDeliveryMethod is set to email. Please be aware, that this attribure ist multi-valued and multiple recipients are to be expected. Stores the UID (Unique Identifier in the form integer value with 7 digits) of the person an email is sent to via BCC. This UID is used to look up the persons mail address, preferred language, name, surname or other information in the sub tree ou=people,dc=stoney-cloud,dc=org. For example: 4000066 or 4000069.

Legend:

  • x: Mandatory in all cases.
  • x1: The attribute sstMailToUID is mandatory, if the delivery method sstDeliveryMethod is set to email.
  • x2: As the default of the attribute sstBillable is TRUE, it's not really mandatory. For better readability, please always add the attribute sstBillable.

Reseller - Reseller - Customers

The sub tree ou=customers,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the customers belonging to the reseller Reseller Ltd. (all the customers with the the attribute sstBelongsToResellerUID=4000000). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of customers belonging to this reseller.

dn: ou=customers,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
ou: customers
labeledURI: ldap:///ou=customers,dc=stoney-cloud,dc=org??one?(sstBelongsToResellerUID=4000000)
member: uid=4000001,ou=customers,dc=stoney-cloud,dc=org

In this example, the reseller Reseller Ltd. has one customer (with the uid=4000001).

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
attribure
MUST
x
TBD.

Legend:

  • x: Mandatory in all cases.

Reseller - Reseller - Employees

The sub tree ou=employees,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the employees belonging to the reseller Reseller Ltd. (all the employees with the the attribute sstBelongsToEmployeeUID=4000000). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of employees belonging to this reseller. The number of employees is always the same or smaller than the number of people belonging to a reseller (they are a subset).

dn: ou=employees,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
ou: employees
labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstEmployeeOfUID=4000000)
member: uid=4000002,ou=people,dc=stoney-cloud,dc=org

In this example, the reseller Reseller Ltd. has one employee (with the uid=4000002).

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
attribure
MUST
x
TBD.

Legend:

  • x: Mandatory in all cases.

Reseller - Reseller - People

The sub tree ou=people,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the all the people belonging to the reseller Reseller Ltd. (all the people, including the employees, with the the attribute sstBelongsToResellerUID=4000000). With the attribute labeledURI we use the functionality of the dynamic lists overlay to automatically give us a list of employees belonging to this reseller. The number of people is always the same or larger than the number of employees belonging to a reseller.

dn: ou=people,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: labeledURIObject
ou: employees
labeledURI: ldap:///ou=people,dc=stoney-cloud,dc=org??one?(sstBelongsToResellerUID=4000000)
member: uid=4000002,ou=people,dc=stoney-cloud,dc=org
member: uid=4000064,ou=people,dc=stoney-cloud,dc=org
member: uid=4000066,ou=people,dc=stoney-cloud,dc=org
member: uid=4000069,ou=people,dc=stoney-cloud,dc=org

In this example, four people the reseller Reseller Ltd. (including the employee with the uid=4000002).

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
attribure
MUST
x
TBD.

Legend:

  • x: Mandatory in all cases.

Reseller - Reseller (LEGACY)

The following LDIF shows you the default reseller entry after a fresh stoney cloud installation. All relevant data belonging to this reseller is stored below this leaf.

dn: uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstReseller
uid: 4000000
organizationName: Reseller Ltd.
sstBelongsToResellerUID: 4000000
sstIsActive: TRUE

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
uid
MUST
x
A unique integer value with 7 digits or more. For example: 4000000.
organizationName
MUST
x
The organisation name of the reseller. For example: Reseller Ltd..
sstBelongsToResellerUID
MAY
x
Stores the reseller UID the leaf belongs to. A unique value with 7 digits or more, must correspond with the uid entry. For example: 4000000.
sstExternalID
MAY
The ID (or number) of a customer, person or product in an external database (for example: 234567).
sstIsActive
MAY
x
Is the entry active? Either true (yes) or false (no).

Legend:

  • x: Mandatory in all cases.

Reseller - Reseller - Billing address (LEGACY)

The sub tree ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org contains the billing address:

dn: ou=address,uid=4000000,ou=reseller,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
objectclass: sstAddressCompany
ou: address
organizationName: Reseller Ltd.
sstGender: m
givenName: Name
surname: Surname
postalAddress: Street Number
countryName: CH
postalCode: Postal Code
localityName: Locality
preferredLanguage: en-GB
mail: name.surname@example.com
telephoneNumber: +41 00 000 00 00
mobileTelephoneNumber: +41 00 000 00 00
sstWebsiteURL: https://www.example.com/

The following table describes the different attributes:

Attribute
Existence
Mandatory
Description
organizationName
MUST
x
Company name, example: stepping stone GmbH
sstGender
MUST
x
Either 'm' for male or 'f' for female.
givenName
MUST
x
Givenname, example: Hans.
surname
MUST
x
Surname, example: Muster.
postalAddress
MAY
x2
Street Number, example: Neufeldstrasse 9. Multi-lined field.
postOfficeBox
MAY
x2
Postbox, example: 3456.
stateOrProvinceName
MAY
x3
This pulldown menu is only active (appears to the user), if the country is set to Canada or the USA.
countryName
MUST
x
Country code according to ISO 3166-1 (for the web interface) and the corresponding ISO 3166-1-alpha-2 code (as the LDAP entry). Example: For Switzerland the value is CH.
postalCode
MUST
x
Zipcode, example: 3012
localityName
MUST
x
City, example: Bern.
preferredLanguage
MUST
x
Display language of the user according to RFC 1766, example: de-CH. Currently supported:
  • de-CH
  • en-GB
mail
MUST
x
E-mail address of the user, example: hans.muster@example.com.
telephoneNumber
MAY
x1
Fixnet phone number, example: +41 31 222 33 44.
mobileTelephoneNumber
MAY
x1
Mobile phone number, example: +41 76 222 33 44.
sstWebsiteURL
MAY
URL gemäss RFC-3986 http://tools.ietf.org/html/rfc3986. For example http://www.stepping-stone.ch/.

Legend:

  • x1: Either telephoneNumber or mobileTelephoneNumber need to be present. Both attributes can exist together.
  • x2: Either postalAddress or postOfficeBox need to be present. Both attributes can exist together.
  • x3: If the countryName is either Canada or the USA, the stateOrProvinceName needs to be present.