update ldap conf

ejabberd/ejabberd.yml

@@ -26,9 +26,9 @@ host_config:
     ldap_port: 389
     ldap_rootdn: "cn=admin,dc=ldap,dc=sharix,dc=ru"
     ldap_password: "secret"
-    ldap_filter: "(objectClass=inetOrgPerson)"
+    ldap_filter: "(|(objectClass=handlerAccount)(objectClass=sharixAccount))"
     ldap_encrypt: none
-    ldap_base: "ou=users,dc=ldap,dc=sharix,dc=ru"
+    ldap_base: "dc=ldap,dc=sharix,dc=ru"
 
 certfiles:
   - /etc/ejabberd/ssl/fullchain.pem

ldap/init.ldif

@@ -33,172 +33,367 @@ objectClass: organizationalUnit
 ou: handlers
 
 #UID FOR HANDLERS
-dn: uid=platform_access_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_access_request_pending
-cn: platform_access_request_pending
+dn: uid=open_access_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_access_request_pending
+cn: open_access_request_pending
+displayName: ACCREQ pending
 sn: handler
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_access_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_access_request_accepted
-cn: platform_access_request_accepted
+dn: uid=open_access_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_access_request_accepted
+cn: open_access_request_accepted
 sn: handler
+displayName: ACCREQ accepted
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_access_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_access_request_declined
-cn: platform_access_request_declined
+dn: uid=open_access_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_access_request_declined
+cn: open_access_request_declined
 sn: handler
+displayName: ACCREQ declined
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_neg_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_neg_request_pending
-cn: platform_neg_request_pending
+dn: uid=open_neg_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_neg_request_pending
+cn: open_neg_request_pending
 sn: handler
+displayName: NEGREQ pending
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_neg_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_neg_request_accepted
-cn: platform_neg_request_accepted
+dn: uid=open_neg_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_neg_request_accepted
+cn: open_neg_request_accepted
 sn: handler
+displayName: NEGERQ accepted
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_neg_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_neg_request_declined
-cn: platform_neg_request_declined
+dn: uid=open_neg_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_neg_request_declined
+cn: open_neg_request_declined
 sn: handler
+displayName: NEGREQ declined
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_new,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_new
-cn: platform_st_request_new
+dn: uid=open_st_request_new,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_new
+cn: open_st_request_new
 sn: handler
+displayName: STREQ new
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_reopened,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_reopened
-cn: platform_st_request_reopened
+dn: uid=open_st_request_reopened,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_reopened
+cn: open_st_request_reopened
 sn: handler
+displayName: STREQ reopened
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_assigned,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_assigned
-cn: platform_st_request_assigned
+dn: uid=open_st_request_assigned,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_assigned
+cn: open_st_request_assigned
 sn: handler
+displayName: STREQ assigned
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_inprocess,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_inprocess
-cn: platform_st_request_inprocess
+dn: uid=open_st_request_inprocess,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_inprocess
+cn: open_st_request_inprocess
 sn: handler
+displayName: STREQ inprocess
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_wontfix,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_wontfix
-cn: platform_st_request_wontfix
+dn: uid=open_st_request_wontfix,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_wontfix
+cn: open_st_request_wontfix
 sn: handler
+displayName: STREQ wontfix
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_done,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_done
-cn: platform_st_request_done
+dn: uid=open_st_request_done,ou=handlers,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_done
+cn: open_st_request_done
 sn: handler
+displayName: STREQ done
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
 
 #UID FOR OU=USERS
+dn: uid=1101,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1101
+cn: Open
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Admin
+displayName: Open Admin I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1101
+
+dn: uid=1201,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1201
+cn: Open
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Open Supervisor I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1201
+
+dn: uid=1202,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1202
+cn: Open
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Open Supervisor II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1202
+
+dn: uid=1203,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1203
+cn: Open
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Open Supervisor III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1203
+
+dn: uid=1301,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1301
+cn: Open
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Open Support I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1301
+
+dn: uid=1302,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1302
+cn: Open
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Open Support II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1302
+
+dn: uid=1303,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1303
+cn: Open
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Open Support III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1303
+
+dn: uid=1401,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1401
+cn: Open
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Open TechSupport I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1401
+
+dn: uid=1402,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1402
+cn: Open
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Open TechSupport II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1402
+
+dn: uid=1403,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 1403
+cn: Open
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Open TechSupport III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 1403
+
+dn: uid=2101,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2101
+cn: Metaservice
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Admin
+displayName: Metaservice Admin I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2101
+
+dn: uid=2102,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2102
+cn: Metaservice
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Admin
+displayName: Metaservice Admin II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2102
+
+dn: uid=2103,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2103
+cn: Metaservice
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Admin
+displayName: Metaservice Admin III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2103
+
 dn: uid=5101,ou=users,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
 objectClass: sharixAccount
-#objectClass: posixAccount
-#objectClass: shadowAccount
 uid: 5101
-cn: User One
-sn: One
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
-#uidNumber: 1003
-#gidNumber: 103
-#homeDirectory: /home/ldaptest1
-givenName: Test
-displayName: Test
+cn: Open
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Client
+displayName: Open Client I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 5101
+
+dn: uid=5102,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 5102
+cn: Open
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Client
+displayName: Open Client II
 mail: test@sharix-app.org
 jpegPhoto: 0
 telephoneNumber: 5102
 
+dn: uid=5103,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 5103
+cn: Open
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Client
+displayName: Open Client III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 5103
+
 dn: uid=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
 objectClass: sharixAccount
 uid: 11111111111
 cn: Django Admin
 sn: First
 #maybe set the same for all for the beggining? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$85j887FtSxU4NRVTLx2Tiw$AE/HdQ9y446Vl9zdiKMXgDLID3D43pYC+ZleNiy/bMs
 givenName: Admin
 displayName: Django Admin
-mail: admin@sharix-app.org
+mail: test@sharix-app.org
 jpegPhoto: 0
-telephoneNumber: 11111111112
+telephoneNumber: 11111111111
 
 #CN FOR OU=GROUP
-dn: cn=platform_admin,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=PLATFORM-ADMIN,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: platform_admin
-description: Group for Platform Admins
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: PLATFORM-ADMIN
+description: Group for Open Admins
+member: uid=1101,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=platform_supervisor,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=PLATFORM-SUPERVISOR,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: platform_supervisor
-description: Group for Platform Supervisors
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: PLATFORM-SUPERVISOR
+description: Group for Open Supervisors
+member: uid=1201,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=1202,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=1203,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=platform_support,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=PLATFORM-SUPPORT,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: platform_support
-description: Group for Platform Support
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: PLATFORM_SUPPORT
+description: Group for Open Support
+member: uid=1301,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=1302,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=1303,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=platform_techsupport,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=PLATFORM-TECHSUPPORT,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: platform_techsupport
-description: Group for Platform Techsupport
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: open_techsupport
+description: Group for Open Techsupport
+member: uid=1401,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=1402,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=1403,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=metaservice_admin,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=METASERVICE-ADMIN,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: metaservice_admin
 description: Group for Metaservice Admins
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+member: uid=2101,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=2102,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=2103,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=client,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=CLIENT,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: client
+cn: CLIENT
 description: Group for Clients
 member: uid=5101,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=5102,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=5103,ou=users,dc=ldap,dc=sharix,dc=ru
 
 dn: cn=django_admin,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
@@ -212,53 +407,38 @@ objectClass: groupOfNames
 cn: django
 description: Group for Django users
 member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=5101,ou=users,dc=ldap,dc=sharix,dc=ru
 
 dn: cn=handlers,ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: handlers
 description: Group for Handlers
-member: cn=platform_access_request_pending,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_access_request_accepted,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_access_request_declined,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_pending,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_accepted,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_declined,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_new,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_reopened,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_assigned,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_inprocess,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_wontfix,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_done,ou=users,dc=ldap,dc=sharix,dc=ru
+member: cn=open_access_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_access_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_access_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_neg_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_neg_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_neg_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_new,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_reopened,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_assigned,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_inprocess,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_wontfix,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_done,ou=handlers,dc=ldap,dc=sharix,dc=ru
 
 dn: cn=ejabberd,ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: ejabberd
 description: Group for Ejabberd users
-member: cn=platform_access_request_pending,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_access_request_accepted,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_access_request_declined,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_pending,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_accepted,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_declined,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_new,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_reopened,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_assigned,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_inprocess,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_wontfix,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_done,ou=users,dc=ldap,dc=sharix,dc=ru
 member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=5101,ou=users,dc=ldap,dc=sharix,dc=ru
 
 dn: cn=local,ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: local
 description: Group for Local users
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
 member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
 
 dn: cn=mail,ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: mail
 description: Group for Mail users
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru

ldap/sharix.schema

@@ -7,4 +7,12 @@ objectClass ( 1.3.6.1.4.1.9998.2.1.1 NAME 'sharixAccount'
 	SUP inetOrgPerson
 		DESC 'Пользователь с дополнительными атрибутами'
 	STRUCTURAL
-		MUST ( uid $ userPassword $ givenName $ displayName $ mail $ jpegPhoto $ telephoneNumber ) )
+		MUST ( uid $ givenName $ displayName $ mail $ telephoneNumber )
+		MAY ( jpegPhoto $ initials $ userPassword ) )
+
+
+objectClass ( 1.3.6.1.4.1.9998.2.1.2 NAME 'handlerAccount'
+	SUP inetOrgPerson
+		DESC 'Пользователь для обработчиков'
+	STRUCTURAL
+		MUST ( uid $ userPassword $ displayName ) )

ldap/slapd.conf

@@ -37,10 +37,10 @@ include		/etc/openldap/schema/nis.schema
 #include		/etc/openldap/schema/netscape-profile.schema
 # Local schema
 #include		/etc/openldap/schema/local.schema
-
+moduleload argon2 m=65536 t=3 p=1
+password-hash {ARGON2}
 # Specify  a  set  of features (separated by white space) to allow.
 allow bind_v2
-
 # Do not enable referrals until AFTER you have a working directory
 # service AND an understanding of referrals.
 #referral ldap://root.openldap.org
@@ -171,7 +171,7 @@ rootDSE /etc/openldap/rootdse.ldif
 database mdb
 suffix "dc=ldap,dc=sharix,dc=ru"
 rootdn "cn=admin,dc=ldap,dc=sharix,dc=ru"
-rootpw {SSHA}3gVsX+hkaayGbHHL7BKJep9JNL2NL02k
+rootpw {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$3Xq4p8n2Fb0NOggjyrbPxw$XyS0sQy1djoTxzenj2T9uDnXKhfC6+oixUO3psyu2Nc
 directory /var/lib/ldap/bases/ldap.sharix.ru
 
 index objectClass eq