Backends ############# Canaille can read and save data in different databases. This page presents the different database backends and their specificities: .. contents:: :local: Memory ====== Canaille comes with a lightweight inmemory backend by default. This backend is only for test purpose and should not be used in production environments. It is used when the ``BACKENDS`` configuration parameter is unset or empty. SQL === Canaille can use any database supported by `SQLAlchemy `_, such as sqlite, postgresql or mariadb. It is used when the ``BACKENDS.SQL`` configuration parameter is defined. LDAP ==== Canaille can use OpenLDAP as its main database. It is used when the ``BACKENDS.SQL`` configuration parameter is defined. .. note :: Currently, only the ``inetOrgPerson`` and ``groupOfNames`` schemas have been tested. If you want to use different schemas or LDAP servers, adaptations may be needed. Patches are welcome. Canaille can integrate with several OpenLDAP overlays: memberof / refint ----------------- *memberof* and *refint* overlays are needed for the Canaille group membership to work correctly. Here is a configuration example compatible with canaille: .. literalinclude :: ../demo/ldif/memberof-config.ldif :language: ldif .. literalinclude :: ../demo/ldif/refint-config.ldif :language: ldif ppolicy ------- If `ppolicy `_ is configured and the ``pwdEndTime`` attribute is available (since OpenLDAP 2.6), then account locking support will be enabled in canaille. To allow users to manage account expiration, they need to have a *write* permission on the ``lock_date`` attribute. Here is a configuration example compatible with canaille: .. literalinclude :: ../demo/ldif/ppolicy-config.ldif :language: ldif .. literalinclude :: ../demo/ldif/ppolicy.ldif :language: ldif