Configuration
Setting up a SSHLDAP instance consists of defining your LDAP schema according to a predefined set of variables in a file that is sourced before running the install script. These variables are as follows:
| Variable | Description | Recommended Value |
|---|---|---|
| SSHLDAP_BASE_DN | This defines the base location to search for Users, Groups, and Hosts. | dc=${ziD},dc=com, where zID is the ziNet ID |
| SSHLDAP_BASE_TENANT_DN | This is the location of the tenant container. This allows SSHLDAP to support multi-tenant applications. | dc=tenants,${SSHLDAP_BASE_DN} |
| SSHLDAP_BASE_OPS_DN | This is the location of the base LDAP container that holds SSH-specific LDAP Groups (for example a Host is an LDAP group). | dc=ops,${SSHLDAP_BASE_DN} |
| SSHLDAP_USERS_TENANT_DN | This is the location of the User accounts for a specific tenant. | ou=People,ou=${localTenantId},${SSHLDAP_BASE_TENANT_DN}, where localTenantId is the current tenantID. |
| SSHLDAP_GROUPS_TENANT_DN | This is the location of Groups for a specific tenant. | ou=Groups,ou=${localTenantId},${SSHLDAP_BASE_TENANT_DN} |
| SSHLDAP_GROUPS_OPS_DN | This is the location of SSHLDAP Groups entities. | ou=Groups,${SSHLDAP_BASE_OPS_DN} |
| SSHLDAP_LAYERS_OPS_DN | This is the location of SSHLDAP Layer entities. | ou=Layers,${SSHLDAP_BASE_OPS_DN} |
| SSHLDAP_HOSTS_OPS_DN | This is the location of SSHLDAP Host entities. | ou=Hosts,${SSHLDAP_BASE_OPS_DN} |
| SSHLDAP_SVCS_OPS_DN | This is the location that the SSHLDAP admin service account should be placed. | ou=ServiceAccounts,${SSHLDAP_BASE_OPS_DN} |
| SSHLDAP_SUDO_OPS_DN | This is the location of SSHLDAP Sudo entities. This provides sudo access to a server. | ou=Sudoers,${SSHLDAP_BASE_OPS_DN} |
| SSHLDAP_VARS_OPS_DN | This is the location of SSHLDAP variables for keeping track of the next available posixGroup or posixAccount counters. This helps to keep unique IDs. | ou=Variables,${SSHLDAP_BASE_OPS_DN} |
| SSHLDAP_POSIX_UID_UPPER | This is the upper limit that local Linux accounts are assigned. As new SSHLDAP entities are created this counter will be the first available ID to be assigned to that entity. | Must be a unique number greater than the highest uidNumber for all servers that will be setup using SSHLDAP. Normally 2000 is sufficient. But this depends on your specific environment. |
| SSHLDAP_POSIX_GUID_UPPER | This is the upper limit that local Linux groups are assigned. As new SSHLDAP entities are created this counter will be the first available ID to be assigned to that entity. | Must be a unique number greater than the highest gidNumber for all servers that will be setup using SSHLDAP. Normally 2000 is sufficient. But this depends on your specific environment. |
Scripts