canaille-globuzma/doc/backends.rst

Backends
#############

Canaille can read and save data in different databases.
This page presents the different database backends and their specificities:

.. contents::
   :local:

Memory
======

Canaille comes with a lightweight inmemory backend by default.
This backend is only for test purpose and should not be used in production environments.

It is used when the ``BACKENDS`` configuration parameter is unset or empty.

SQL
===

Canaille can use any database supported by `SQLAlchemy <https://www.sqlalchemy.org/>`_, such as
sqlite, postgresql or mariadb.

It is used when the ``BACKENDS.SQL`` configuration parameter is defined.

LDAP
====

Canaille can use OpenLDAP as its main database.
It is used when the ``BACKENDS.SQL`` configuration parameter is defined.

.. note ::
   Currently, only the ``inetOrgPerson`` and ``groupOfNames`` schemas have been tested.
   If you want to use different schemas or LDAP servers, adaptations may be needed.
   Patches are welcome.

Canaille can integrate with several OpenLDAP overlays:

memberof / refint
-----------------

*memberof* and *refint* overlays are needed for the Canaille group membership to work correctly.

Here is a configuration example compatible with canaille:

.. literalinclude :: ../demo/ldif/memberof-config.ldif
   :language: ldif

.. literalinclude :: ../demo/ldif/refint-config.ldif
   :language: ldif

ppolicy
-------

If `ppolicy <https://www.ietf.org/archive/id/draft-behera-ldap-password-policy-11.html>`_ is configured and the ``pwdEndTime`` attribute is available (since OpenLDAP 2.6), then account locking support will be enabled in canaille. To allow users to manage account expiration, they need to have a *write* permission on the ``lock_date`` attribute.

Here is a configuration example compatible with canaille:

.. literalinclude :: ../demo/ldif/ppolicy-config.ldif
   :language: ldif

.. literalinclude :: ../demo/ldif/ppolicy.ldif
   :language: ldif
LDAP backends documentation 2023-06-03 10:25:47 +00:00			`Backends`
			`#############`

doc: split installation page 2023-12-24 14:59:39 +00:00			`Canaille can read and save data in different databases.`
			`This page presents the different database backends and their specificities:`

LDAP backends documentation 2023-06-03 10:25:47 +00:00			`.. contents::`
			`:local:`

Implement a dummy inmemory backend 2023-04-15 11:00:02 +00:00			`Memory`
			`======`

			`Canaille comes with a lightweight inmemory backend by default.`
			`This backend is only for test purpose and should not be used in production environments.`

doc: memory backend 2023-08-23 12:38:38 +00:00			It is used when the ``BACKENDS`` configuration parameter is unset or empty.

feat: implement sqlalchemy backend Co-authored-by: Loan Robert <loan@yaal.coop> 2023-11-15 15:37:06 +00:00			`SQL`
			`===`

			Canaille can use any database supported by `SQLAlchemy <https://www.sqlalchemy.org/>`_, such as
			`sqlite, postgresql or mariadb.`

			It is used when the ``BACKENDS.SQL`` configuration parameter is defined.

LDAP backends documentation 2023-06-03 10:25:47 +00:00			`LDAP`
			`====`

feat: implement sqlalchemy backend Co-authored-by: Loan Robert <loan@yaal.coop> 2023-11-15 15:37:06 +00:00			`Canaille can use OpenLDAP as its main database.`
			It is used when the ``BACKENDS.SQL`` configuration parameter is defined.

			`.. note ::`
			Currently, only the ``inetOrgPerson`` and ``groupOfNames`` schemas have been tested.
			`If you want to use different schemas or LDAP servers, adaptations may be needed.`
			`Patches are welcome.`

LDAP backends documentation 2023-06-03 10:25:47 +00:00			`Canaille can integrate with several OpenLDAP overlays:`

			`memberof / refint`
			`-----------------`

			`memberof and refint overlays are needed for the Canaille group membership to work correctly.`

			`Here is a configuration example compatible with canaille:`

			`.. literalinclude :: ../demo/ldif/memberof-config.ldif`
			`:language: ldif`

			`.. literalinclude :: ../demo/ldif/refint-config.ldif`
			`:language: ldif`

			`ppolicy`
			`-------`

doc: link to the LDAP ppolicy draft 2023-11-30 15:52:03 +00:00			If `ppolicy <https://www.ietf.org/archive/id/draft-behera-ldap-password-policy-11.html>`_ is configured and the ``pwdEndTime`` attribute is available (since OpenLDAP 2.6), then account locking support will be enabled in canaille. To allow users to manage account expiration, they need to have a write permission on the ``lock_date`` attribute.
LDAP backends documentation 2023-06-03 10:25:47 +00:00
			`Here is a configuration example compatible with canaille:`

			`.. literalinclude :: ../demo/ldif/ppolicy-config.ldif`
			`:language: ldif`

			`.. literalinclude :: ../demo/ldif/ppolicy.ldif`
			`:language: ldif`