Administration ============== In the following chapter we explain the inner workings of Æther including monitoring and usermanagement. Managing User accounts ---------------------- User management is done through a centralized `LDAP server`_ which is connected to: - Nextcloud - Postfix (MTA, through dovecot) - Dovecot (MDA) - Mailman (Malinglists) - Grafana (Monitoring) Users can be added to groups which grant access to different services: +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | ``admin`` | Users in this group are granted administrative rights to mailman and can login to the monitoring system. | +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | ``lldap_admin`` | Users in this group can create other users and groups in lldap. | +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | ``lldap_password_manager`` | This group is only meant for services that need to query information from the LDAP server. | +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | ``lldap_strict_readonly`` | Same as above. | +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | ``mail`` | Users in this group have an standard email address. | +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | ``mailman`` | Users in this group have access to mailman. | +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | ``nextcloud`` | This group grants access to nextcloud. | +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ | ``staff`` | This group is meant to give access to user management or mailinglist management without being able to change system settings. | +----------------------------+-------------------------------------------------------------------------------------------------------------------------------+ Creating New Accounts ^^^^^^^^^^^^^^^^^^^^^ New user accounts can be created via the webinterface at |ae_lldap_domain|. Don't set a password during creation, instead use the password reset form to generate an email that gets sent to the users address. After creation, groups can be added at the bottom of the user detail page. Deleting Accounts ^^^^^^^^^^^^^^^^^ Accounts can be deleted via the user overview page. Once deleted only the account on the lldap server is gone. Mailboxes and files in Nextcloud still exist on disk and have to be deleted manually if desired. Monitoring ---------- In order to make sure all services are operating smoothly, Æther collects non user specific metrics about the system. E.g. CPU and memory usage, list and status of all processes, number of sent emails, number of requests to the webserver. These metrics can be accessed at: |ae_grafana_domain|. Via alerts it is possible to receive emails if certain parameters are outside of specified limits. .. _LDAP server: https://github.com/lldap/lldap