Merge branch 'unstable'

.gitignore

@@ -2,3 +2,9 @@
 .DS_Store
 sharix_main.service
 handler@.service
+
+# Other
+*.sqlite3
+*.*~
+*.*.swp
+.DS_Store

README.md

@@ -0,0 +1,3 @@
+# Config repo
+
+replace with awk REPLACE_HOST_SERVICE to host service

ejabberd/README.md

@@ -8,12 +8,17 @@ For ALT Linux
 https://www.altlinux.org/%D0%A1%D0%BE%D0%B7%D0%B4%D0%B0%D0%BD%D0%B8%D0%B5_%D1%81%D0%B0%D0%BC%D0%BE%D0%BF%D0%BE%D0%B4%D0%BF%D0%B8%D1%81%D0%B0%D0%BD%D0%BD%D1%8B%D1%85_%D1%81%D0%B5%D1%80%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%82%D0%BE%D0%B2
 
 ```bash
-apt-get install ejabberd
-cp @@@/conf/ejabberrd/ejabberd.yml /etc/ejabberd/
+apt-get install ejabberd openssl
+cp conf/ejabberd/ejabberd.yml /etc/ejabberd/ejabberd.yml
+
+sed -i "s|REPLACE_HOST_SERVICE|ej.testopen.sharix-app.org|g" /etc/ejabberd/ejabberd.yml
 
 mkdir -p /var/www/webapps/jabber_data
 
+mkdir /etc/ejabberd/ssl
+
 (
+cd /etc/ejabberd/ssl
 openssl genrsa -out rootCA.key 2048
 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
 )

ejabberd/ejabberd.yml

@@ -15,20 +15,20 @@
 ###
 
 hosts:
-  - "msg.sharix-app.org"
+  - "REPLACE_HOST_SERVICE"
   - "10.0.2.10"
   - localhost
 
 host_config:
-  msg.sharix-app.org:
+  REPLACE_HOST_SERVICE:
     auth_method: [ldap]
     ldap_servers: ["ldap.sharix.ru"]
     ldap_port: 389
     ldap_rootdn: "cn=admin,dc=ldap,dc=sharix,dc=ru"
     ldap_password: "secret"
-    ldap_filter: "(objectClass=inetOrgPerson)"
+    ldap_filter: "(|(objectClass=handlerAccount)(objectClass=sharixAccount))"
     ldap_encrypt: none
-    ldap_base: "ou=users,dc=ldap,dc=sharix,dc=ru"
+    ldap_base: "dc=ldap,dc=sharix,dc=ru"
 
 certfiles:
   - /etc/ejabberd/ssl/fullchain.pem
@@ -79,6 +79,10 @@ listen:
     request_handlers:
       /bosh: mod_bosh
       /admin: ejabberd_web_admin
+      /api: mod_http_api
+      /upload: mod_http_upload
+      /ws: ejabberd_http_ws
+      /pub/content: mod_http_fileserver
       /.well-known/acme-challenge: ejabberd_acme
   -
     port: 3478
@@ -104,7 +108,8 @@ acme:
 
 acl:
   admin:
-    user: "admin@msg.sharix-app.org"
+    user: "django_tickets@REPLACE_HOST_SERVICE"
+    #user: "admin@REPLACE_HOST_SERVICE"
   users:
     user: all
 
@@ -113,9 +118,12 @@ acl:
   loopback:
     ip:
       - 127.0.0.0/8
+      - 10.0.2.10/24
       - ::1/128
 
 access_rules:
+  api_access:
+    allow: user
   local:
     allow: local
   c2s:
@@ -130,7 +138,8 @@ access_rules:
   pubsub_createnode:
     allow: local
   trusted_network:
-    allow: loopback
+#    allow: loopback
+    allow: all
 
 api_permissions:
   "console commands":
@@ -139,31 +148,35 @@ api_permissions:
     who: all
     what: "*"
   "admin access":
-    who:
-      access:
-        allow:
-          - acl: loopback
-          - acl: admin
-      oauth:
-        scope: "ejabberd:admin"
-        access:
-          allow:
-            - acl: loopback
-            - acl: admin
+    who: all
+#      access:
+#        allow:
+#          - acl: loopback
+#          - acl: admin
+#          - acl: all
+#      oauth:
+#        scope: "ejabberd:admin"
+#        access:
+#          allow:
+#            - acl: loopback
+#            - acl: admin
+#            - acl: all
     what:
       - "*"
       - "!stop"
       - "!start"
+      - send_message
   "public commands":
-    who:
-      ip: 127.0.0.1/8
-      ip: 10.0.2.10/24
+    who: all
+#      ip: 127.0.0.1/8
+#      ip: 10.0.2.10/24
     what:
       - "*"
       - "!stop"
       - "!start"
       - status
       - connected_users_number
+      - send_message
 
 shaper:
   normal:
@@ -193,10 +206,7 @@ modules:
   mod_carboncopy: {}
   mod_client_state: {}
   mod_configure: {}
-  mod_disco:
-    extra_domains:
-      - ej.sharix-app.org
-    name: SXPlatform
+  mod_disco: {}
   mod_fail2ban: {}
   mod_http_api: {}
   mod_http_upload:
@@ -219,7 +229,7 @@ modules:
   mod_muc:
     # Service name    
     hosts:
-      - "chat.msg.sharix-app.org"
+      - "chat.REPLACE_HOST_SERVICE"
     access:
       - allow
     access_admin:

generate_init_ldif.py

@@ -0,0 +1,360 @@
+#DATA
+
+main_init = """# init.ldif
+
+##########
+#
+# Table of Content
+#
+##########
+
+
+# Корневая запись (базовый DN)
+## ROOT DN
+# All ou
+## UID FOR HANDLERS
+## UID FOR OU=USERS
+# All cn
+## CN FOR OU=GROUP
+# Все пользователи
+
+
+##########
+#
+# ROOT-DB
+#
+##########
+
+dn: dc=ldap,dc=sharix,dc=ru
+objectClass: dcObject
+objectClass: organization
+dc: ldap
+o: Sharix LDAP Server
+"""
+
+extra_test_users = """
+dn: uid=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 11111111111
+cn: Django Admin
+sn: First
+#maybe set the same for all for the beggining? Now for testing - let's make it like Django main admin password
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$85j887FtSxU4NRVTLx2Tiw$AE/HdQ9y446Vl9zdiKMXgDLID3D43pYC+ZleNiy/bMs
+givenName: Admin
+displayName: Django Admin
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 11111111111
+"""
+
+uid_django_user="""
+dn: uid=django_tickets,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: django_tickets
+cn: django_tickets
+displayName: Django Tickets
+sn: notificator
+#maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+"""
+
+extra_groups = """
+dn: cn=django_admin,ou=groups,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: django_admin
+description: Group for Django Admins
+member: uid=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
+"""
+
+extra_apps = """
+dn: cn=django,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: django
+description: Group for Django users
+member: cn=django_tickets,ou=apps,dc=ldap,dc=sharix,dc=ru
+
+dn: cn=ejabberd,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: ejabberd
+description: Group for Ejabberd users
+member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
+
+dn: cn=local,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: local
+description: Group for Local users
+member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
+
+dn: cn=mail,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: mail
+description: Group for Mail users
+member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
+"""
+
+
+handlers = [
+    ("open_access_request_pending",  "ACCREQ pending"),
+    ("open_access_request_accepted", "ACCREQ accepted"),
+    ("open_access_request_declined", "ACCREQ declined"),
+    ("open_neg_request_pending",     "NEGREQ pending"),
+    ("open_neg_request_accepted",    "NEGERQ accepted"),
+    ("open_neg_request_declined",    "NEGREQ declined"),
+    ("open_st_request_new",          "STREQ new"),
+    ("open_st_request_reopened",     "STREQ reopened"),
+    ("open_st_request_assigned",     "STREQ assigned"),
+    ("open_st_request_inprocess",    "STREQ inprocess"),
+    ("open_st_request_wontfix",      "STREQ wontfix"),
+    ("open_st_request_done",         "STREQ done"),
+]
+
+
+groups = [
+    ('METASERVICE-ADMIN'      , 21),
+    ('METASERVICE-SUPERVISOR' , 22),
+    ('METASERVICE-SUPPORT'    , 23),
+    ('METASERVICE-TECHSUPPORT', 24),
+
+    ('PARTNER-ADMIN'          , 31),
+    ('PARTNER-SUPERVISOR'     , 32),
+    ('PARTNER-SUPPORT'        , 33),
+    ('PARTNER-TECHSUPPORT'    , 34),
+
+    ('METASERVICE-PROVIDER'   , 41),
+
+    ('METASERVICE-CLIENT'     , 51),
+
+    ('METASERVICE-GUEST'      , 61),
+]
+
+
+groups_dict = dict(groups)
+
+
+test_users = [
+    ('METASERVICE-ADMIN'      , 'Metaservice', 'Admin'      , 1),
+    ('METASERVICE-SUPERVISOR' , 'Metaservice', 'Supervisor' , 3),
+    ('METASERVICE-SUPPORT'    , 'Metaservice', 'Support'    , 3),
+    ('METASERVICE-TECHSUPPORT', 'Metaservice', 'TechSupport', 3),
+
+    ('PARTNER-ADMIN'          , 'Parter'     , 'Admin'      , 1),
+    ('PARTNER-SUPERVISOR'     , 'Parter'     , 'Supervisor' , 3),
+    ('PARTNER-SUPPORT'        , 'Parter'     , 'Support'    , 3),
+    ('PARTNER-TECHSUPPORT'    , 'Parter'     , 'TechSupport', 3),
+
+    ('METASERVICE-PROVIDER'   , 'Metaservice', 'Provider'   , 3),
+
+    ('METASERVICE-CLIENT'     , 'Metaservice', 'Client'     , 3),
+
+    ('METASERVICE-GUEST'      , 'Metaservice', 'Guest'      , 3),
+]
+
+test_users_dict = {user[0]: user[3] for user in test_users}
+
+ous = [
+    ("users"    , "Подразделение для пользователей"),
+    ("groups"   , "Подразделение для групп (опционально)"),
+    ("apps"     , "Подразделение для классификации обработчиков и приложений (опционально)"),
+    ("appgroups", "Подразделение с аккаунтами приложений с их описанием и может быть apikey"),
+]
+
+# SUPPORT FUNCTIONS
+
+def int_to_roman(num):
+    val = [
+        1000, 900, 500, 400,
+        100, 90, 50, 40,
+        10, 9, 5, 4,
+        1
+    ]
+    syms = [
+        "M", "CM", "D", "CD",
+        "C", "XC", "L", "XL",
+        "X", "IX", "V", "IV",
+        "I"
+    ]
+    roman_num = ""
+    i = 0
+    while num > 0:
+        for _ in range(num // val[i]):
+            roman_num += syms[i]
+            num -= val[i]
+        i += 1
+    return roman_num
+
+
+def get_handlers_txt():
+    txt = ""
+    for name, display_name in handlers:
+        HANDLERS_PASSWORD = "{ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew"
+        txt +=f"""dn: uid={name},ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: {name}
+cn: {name}
+sn: handler
+displayName: {display_name}
+#maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
+userPassword: {HANDLERS_PASSWORD}
+
+"""
+    return txt
+
+
+def get_users_txt():
+    USERS_PASSWORD = "{ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew"
+
+    txt = ""
+
+    for group_name, place, role, count in test_users:
+        for i in range(1, count + 1):
+            phone_number=f"{groups_dict[group_name]}0{i}"
+
+            uid = phone_number
+            cn = place
+            sn = f"{int_to_roman(i)}"
+            givenName = role
+            displayName = f"{place} {role} {int_to_roman(i)}"
+
+            # TODO: Почта для разных пользователей
+            # mail = f"test-{group_name.lower()}-{i}@domain.org"
+            mail = "test@sharix-app.org" 
+            
+            telephoneNumber = phone_number
+
+            user_entry = f"""
+dn: uid={uid},ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: {uid}
+cn: {cn}
+sn: {sn}
+userPassword: {USERS_PASSWORD}
+givenName: {givenName}
+displayName: {displayName}
+mail: {mail}
+jpegPhoto: 0
+telephoneNumber: {telephoneNumber}
+"""
+            txt += user_entry
+
+    return txt
+
+
+def get_groups_txt():
+
+    txt = ""
+    for group, uid in groups:
+        txt += f"""
+dn: cn={group},ou=groups,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: {group}
+description: Group for {group.replace("-", " ").title()}
+"""
+        count = test_users_dict[group]
+        for i in range(1, count + 1):
+            user_id=f"{uid}0{i}"
+            txt += f"member: uid={user_id},ou=users,dc=ldap,dc=sharix,dc=ru\n"
+            
+    return txt
+
+
+def get_ou_txt():
+    return "\n".join(
+        f"""# {desc}
+dn: ou={name},dc=ldap,dc=sharix,dc=ru
+objectClass: organizationalUnit
+ou: {name}
+""" for name, desc in ous
+    )
+
+
+def get_group_handlers():
+    return """
+dn: cn=handlers,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: handlers
+description: Group for Handlers
+""" + "\n".join([
+        f"member: cn={name},ou=handlers,dc=ldap,dc=sharix,dc=ru"
+        for name, _ in handlers
+    ])
+
+
+# OUTPUT ldiff file
+
+
+print(main_init)
+
+print("""
+##########
+#
+# OU
+#
+##########
+""")
+
+print(get_ou_txt())
+
+print("""
+##########
+#
+# UID FOR Django tickets module app user
+#
+##########
+""")
+
+print(uid_django_user)
+
+print("""
+##########
+#
+# UID FOR HANDLERS
+#
+##########
+""")
+
+print(get_handlers_txt())
+
+print("""
+##########
+#
+# UID FOR OU=USERS
+#
+##########
+""")
+
+print(get_users_txt())
+
+print("""
+##########
+#
+# Extra UID FOR OU=USERS
+#
+##########
+""")
+
+print(extra_test_users)
+
+print("""
+##########
+#
+# CN FOR OU=GROUP
+#
+##########
+""")
+
+print(get_groups_txt())
+
+print(extra_groups)
+
+print(
+"""
+##########
+#
+# CN FOR OU=APPS
+#
+##########
+""")
+
+print(get_group_handlers())
+
+print(extra_apps)

ldap/README.md

@@ -41,4 +41,4 @@ path ldap database: /var/lib/ldap/bases/TREE_NAME
 apt-get install openldap-servers -y
 
 
-```
+```

ldap/init.ldif

@@ -1,17 +1,41 @@
 # init.ldif
 
+##########
+#
+# Table of Content
+#
+##########
+
+
 # Корневая запись (базовый DN)
+## ROOT DN
+# All ou
+## UID FOR HANDLERS
+## UID FOR OU=USERS
+# All cn
+## CN FOR OU=GROUP
+# Все пользователи
+
+
+##########
+#
+# ROOT-DB
+#
+##########
+
 dn: dc=ldap,dc=sharix,dc=ru
 objectClass: dcObject
 objectClass: organization
 dc: ldap
 o: Sharix LDAP Server
 
-#дальше все ou
-#после все cn
-#после все пользователи
 
-#OU
+##########
+#
+# OU
+#
+##########
+
 # Подразделение для пользователей
 dn: ou=users,dc=ldap,dc=sharix,dc=ru
 objectClass: organizationalUnit
@@ -22,183 +46,618 @@ dn: ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: organizationalUnit
 ou: groups
 
-# Подразделение для обработчиков и приложений (опционально)
+# Подразделение для классификации обработчиков и приложений (опционально)
 dn: ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: organizationalUnit
 ou: apps
 
-#Подразделение с обработчиками с их описанием и может быть apikey
-dn: ou=handlers,dc=ldap,dc=sharix,dc=ru
+# Подразделение с аккаунтами приложений с их описанием и может быть apikey
+dn: ou=appgroups,dc=ldap,dc=sharix,dc=ru
 objectClass: organizationalUnit
-ou: handlers
+ou: appgroups
+
+
+##########
+#
+# UID FOR Django tickets module app user
+#
+##########
+
+
+dn: uid=django_tickets,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: django_tickets
+cn: django_tickets
+displayName: Django Tickets
+sn: notificator
+#maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-#UID FOR HANDLERS
-dn: uid=platform_access_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_access_request_pending
-cn: platform_access_request_pending
+
+##########
+#
+# UID FOR HANDLERS
+#
+##########
+
+dn: uid=open_access_request_pending,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_access_request_pending
+cn: open_access_request_pending
 sn: handler
+displayName: ACCREQ pending
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_access_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_access_request_accepted
-cn: platform_access_request_accepted
+dn: uid=open_access_request_accepted,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_access_request_accepted
+cn: open_access_request_accepted
 sn: handler
+displayName: ACCREQ accepted
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_access_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_access_request_declined
-cn: platform_access_request_declined
+dn: uid=open_access_request_declined,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_access_request_declined
+cn: open_access_request_declined
 sn: handler
+displayName: ACCREQ declined
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_neg_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_neg_request_pending
-cn: platform_neg_request_pending
+dn: uid=open_neg_request_pending,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_neg_request_pending
+cn: open_neg_request_pending
 sn: handler
+displayName: NEGREQ pending
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_neg_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_neg_request_accepted
-cn: platform_neg_request_accepted
+dn: uid=open_neg_request_accepted,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_neg_request_accepted
+cn: open_neg_request_accepted
 sn: handler
+displayName: NEGERQ accepted
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_neg_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_neg_request_declined
-cn: platform_neg_request_declined
+dn: uid=open_neg_request_declined,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_neg_request_declined
+cn: open_neg_request_declined
 sn: handler
+displayName: NEGREQ declined
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_new,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_new
-cn: platform_st_request_new
+dn: uid=open_st_request_new,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_new
+cn: open_st_request_new
 sn: handler
+displayName: STREQ new
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_reopened,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_reopened
-cn: platform_st_request_reopened
+dn: uid=open_st_request_reopened,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_reopened
+cn: open_st_request_reopened
 sn: handler
+displayName: STREQ reopened
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_assigned,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_assigned
-cn: platform_st_request_assigned
+dn: uid=open_st_request_assigned,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_assigned
+cn: open_st_request_assigned
 sn: handler
+displayName: STREQ assigned
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_inprocess,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_inprocess
-cn: platform_st_request_inprocess
+dn: uid=open_st_request_inprocess,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_inprocess
+cn: open_st_request_inprocess
 sn: handler
+displayName: STREQ inprocess
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_wontfix,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_wontfix
-cn: platform_st_request_wontfix
+dn: uid=open_st_request_wontfix,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_wontfix
+cn: open_st_request_wontfix
 sn: handler
+displayName: STREQ wontfix
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
 
-dn: uid=platform_st_request_done,ou=handlers,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
-uid: platform_st_request_done
-cn: platform_st_request_done
+dn: uid=open_st_request_done,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: handlerAccount
+uid: open_st_request_done
+cn: open_st_request_done
 sn: handler
+displayName: STREQ done
 #maybe set the same for all for the beggining? Or make it like apikey? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+
+
+
+##########
+#
+# UID FOR OU=USERS
+#
+##########
+
+
+dn: uid=2101,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2101
+cn: Metaservice
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Admin
+displayName: Metaservice Admin I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2101
+
+dn: uid=2201,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2201
+cn: Metaservice
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Metaservice Supervisor I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2201
+
+dn: uid=2202,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2202
+cn: Metaservice
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Metaservice Supervisor II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2202
+
+dn: uid=2203,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2203
+cn: Metaservice
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Metaservice Supervisor III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2203
+
+dn: uid=2301,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2301
+cn: Metaservice
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Metaservice Support I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2301
+
+dn: uid=2302,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2302
+cn: Metaservice
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Metaservice Support II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2302
+
+dn: uid=2303,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2303
+cn: Metaservice
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Metaservice Support III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2303
+
+dn: uid=2401,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2401
+cn: Metaservice
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Metaservice TechSupport I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2401
+
+dn: uid=2402,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2402
+cn: Metaservice
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Metaservice TechSupport II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2402
+
+dn: uid=2403,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 2403
+cn: Metaservice
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Metaservice TechSupport III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 2403
+
+dn: uid=3101,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3101
+cn: Parter
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Admin
+displayName: Parter Admin I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3101
+
+dn: uid=3201,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3201
+cn: Parter
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Parter Supervisor I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3201
+
+dn: uid=3202,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3202
+cn: Parter
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Parter Supervisor II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3202
+
+dn: uid=3203,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3203
+cn: Parter
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Supervisor
+displayName: Parter Supervisor III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3203
+
+dn: uid=3301,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3301
+cn: Parter
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Parter Support I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3301
+
+dn: uid=3302,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3302
+cn: Parter
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Parter Support II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3302
+
+dn: uid=3303,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3303
+cn: Parter
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Support
+displayName: Parter Support III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3303
 
+dn: uid=3401,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3401
+cn: Parter
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Parter TechSupport I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3401
+
+dn: uid=3402,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3402
+cn: Parter
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Parter TechSupport II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3402
+
+dn: uid=3403,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 3403
+cn: Parter
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: TechSupport
+displayName: Parter TechSupport III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 3403
+
+dn: uid=4101,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 4101
+cn: Metaservice
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Provider
+displayName: Metaservice Provider I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 4101
+
+dn: uid=4102,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 4102
+cn: Metaservice
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Provider
+displayName: Metaservice Provider II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 4102
+
+dn: uid=4103,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 4103
+cn: Metaservice
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Provider
+displayName: Metaservice Provider III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 4103
 
-#UID FOR OU=USERS
 dn: uid=5101,ou=users,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
 objectClass: sharixAccount
-#objectClass: posixAccount
-#objectClass: shadowAccount
 uid: 5101
-cn: User One
-sn: One
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
-#uidNumber: 1003
-#gidNumber: 103
-#homeDirectory: /home/ldaptest1
-givenName: Test
-displayName: Test
+cn: Metaservice
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Client
+displayName: Metaservice Client I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 5101
+
+dn: uid=5102,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 5102
+cn: Metaservice
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Client
+displayName: Metaservice Client II
 mail: test@sharix-app.org
 jpegPhoto: 0
 telephoneNumber: 5102
 
+dn: uid=5103,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 5103
+cn: Metaservice
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Client
+displayName: Metaservice Client III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 5103
+
+dn: uid=6101,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 6101
+cn: Metaservice
+sn: I
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Guest
+displayName: Metaservice Guest I
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 6101
+
+dn: uid=6102,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 6102
+cn: Metaservice
+sn: II
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Guest
+displayName: Metaservice Guest II
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 6102
+
+dn: uid=6103,ou=users,dc=ldap,dc=sharix,dc=ru
+objectClass: sharixAccount
+uid: 6103
+cn: Metaservice
+sn: III
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$8kx90bsuQRoLoQ3F4Uh+Pw$PboqW5EPEfzQlFh3uDeWoXP8rXs7v510fwQgtoA2Lew
+givenName: Guest
+displayName: Metaservice Guest III
+mail: test@sharix-app.org
+jpegPhoto: 0
+telephoneNumber: 6103
+
+
+##########
+#
+# Extra UID FOR OU=USERS
+#
+##########
+
+
 dn: uid=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
-objectClass: inetOrgPerson
 objectClass: sharixAccount
 uid: 11111111111
 cn: Django Admin
 sn: First
 #maybe set the same for all for the beggining? Now for testing - let's make it like Django main admin password
-userPassword: {SSHA}A7+gYVdJggPPyC4htCqk5N9hFzjQcLkT
+userPassword: {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$85j887FtSxU4NRVTLx2Tiw$AE/HdQ9y446Vl9zdiKMXgDLID3D43pYC+ZleNiy/bMs
 givenName: Admin
 displayName: Django Admin
-mail: admin@sharix-app.org
+mail: test@sharix-app.org
 jpegPhoto: 0
-telephoneNumber: 11111111112
+telephoneNumber: 11111111111
+
+
+##########
+#
+# CN FOR OU=GROUP
+#
+##########
+
+
+dn: cn=METASERVICE-ADMIN,ou=groups,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: METASERVICE-ADMIN
+description: Group for Metaservice Admin
+member: uid=2101,ou=users,dc=ldap,dc=sharix,dc=ru
+
+dn: cn=METASERVICE-SUPERVISOR,ou=groups,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: METASERVICE-SUPERVISOR
+description: Group for Metaservice Supervisor
+member: uid=2201,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=2202,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=2203,ou=users,dc=ldap,dc=sharix,dc=ru
+
+dn: cn=METASERVICE-SUPPORT,ou=groups,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: METASERVICE-SUPPORT
+description: Group for Metaservice Support
+member: uid=2301,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=2302,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=2303,ou=users,dc=ldap,dc=sharix,dc=ru
+
+dn: cn=METASERVICE-TECHSUPPORT,ou=groups,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: METASERVICE-TECHSUPPORT
+description: Group for Metaservice Techsupport
+member: uid=2401,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=2402,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=2403,ou=users,dc=ldap,dc=sharix,dc=ru
 
-#CN FOR OU=GROUP
-dn: cn=platform_admin,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=PARTNER-ADMIN,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: platform_admin
-description: Group for Platform Admins
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: PARTNER-ADMIN
+description: Group for Partner Admin
+member: uid=3101,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=platform_supervisor,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=PARTNER-SUPERVISOR,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: platform_supervisor
-description: Group for Platform Supervisors
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: PARTNER-SUPERVISOR
+description: Group for Partner Supervisor
+member: uid=3201,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=3202,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=3203,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=platform_support,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=PARTNER-SUPPORT,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: platform_support
-description: Group for Platform Support
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: PARTNER-SUPPORT
+description: Group for Partner Support
+member: uid=3301,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=3302,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=3303,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=platform_techsupport,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=PARTNER-TECHSUPPORT,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: platform_techsupport
-description: Group for Platform Techsupport
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: PARTNER-TECHSUPPORT
+description: Group for Partner Techsupport
+member: uid=3401,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=3402,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=3403,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=metaservice_admin,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=METASERVICE-PROVIDER,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: metaservice_admin
-description: Group for Metaservice Admins
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+cn: METASERVICE-PROVIDER
+description: Group for Metaservice Provider
+member: uid=4101,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=4102,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=4103,ou=users,dc=ldap,dc=sharix,dc=ru
 
-dn: cn=client,ou=groups,dc=ldap,dc=sharix,dc=ru
+dn: cn=METASERVICE-CLIENT,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
-cn: client
-description: Group for Clients
+cn: METASERVICE-CLIENT
+description: Group for Metaservice Client
 member: uid=5101,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=5102,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=5103,ou=users,dc=ldap,dc=sharix,dc=ru
+
+dn: cn=METASERVICE-GUEST,ou=groups,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: METASERVICE-GUEST
+description: Group for Metaservice Guest
+member: uid=6101,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=6102,ou=users,dc=ldap,dc=sharix,dc=ru
+member: uid=6103,ou=users,dc=ldap,dc=sharix,dc=ru
+
 
 dn: cn=django_admin,ou=groups,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
@@ -206,59 +665,52 @@ cn: django_admin
 description: Group for Django Admins
 member: uid=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
 
-#CN FOR OU=APPS
-dn: cn=django,ou=apps,dc=ldap,dc=sharix,dc=ru
-objectClass: groupOfNames
-cn: django
-description: Group for Django users
-member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=5101,ou=users,dc=ldap,dc=sharix,dc=ru
+
+##########
+#
+# CN FOR OU=APPS
+#
+##########
+
 
 dn: cn=handlers,ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: handlers
 description: Group for Handlers
-member: cn=platform_access_request_pending,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_access_request_accepted,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_access_request_declined,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_pending,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_accepted,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_declined,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_new,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_reopened,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_assigned,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_inprocess,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_wontfix,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_done,ou=users,dc=ldap,dc=sharix,dc=ru
+member: cn=open_access_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_access_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_access_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_neg_request_pending,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_neg_request_accepted,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_neg_request_declined,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_new,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_reopened,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_assigned,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_inprocess,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_wontfix,ou=handlers,dc=ldap,dc=sharix,dc=ru
+member: cn=open_st_request_done,ou=handlers,dc=ldap,dc=sharix,dc=ru
+
+dn: cn=django,ou=apps,dc=ldap,dc=sharix,dc=ru
+objectClass: groupOfNames
+cn: django
+description: Group for Django users
+member: cn=django_tickets,ou=apps,dc=ldap,dc=sharix,dc=ru
 
 dn: cn=ejabberd,ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: ejabberd
 description: Group for Ejabberd users
-member: cn=platform_access_request_pending,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_access_request_accepted,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_access_request_declined,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_pending,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_accepted,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_neg_request_declined,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_new,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_reopened,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_assigned,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_inprocess,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_wontfix,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=platform_st_request_done,ou=users,dc=ldap,dc=sharix,dc=ru
 member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
-member: cn=5101,ou=users,dc=ldap,dc=sharix,dc=ru
 
 dn: cn=local,ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: local
 description: Group for Local users
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
 member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
 
 dn: cn=mail,ou=apps,dc=ldap,dc=sharix,dc=ru
 objectClass: groupOfNames
 cn: mail
 description: Group for Mail users
-member: cn=admin,dc=ldap,dc=sharix,dc=ru
+member: cn=11111111111,ou=users,dc=ldap,dc=sharix,dc=ru
+

ldap/sharix.schema

@@ -7,4 +7,12 @@ objectClass ( 1.3.6.1.4.1.9998.2.1.1 NAME 'sharixAccount'
 	SUP inetOrgPerson
 		DESC 'Пользователь с дополнительными атрибутами'
 	STRUCTURAL
-		MUST ( uid $ userPassword $ givenName $ displayName $ mail $ jpegPhoto $ telephoneNumber ) )
+		MUST ( uid $ givenName $ displayName $ mail $ telephoneNumber )
+		MAY ( jpegPhoto $ initials $ userPassword ) )
+
+
+objectClass ( 1.3.6.1.4.1.9998.2.1.2 NAME 'handlerAccount'
+	SUP inetOrgPerson
+		DESC 'Пользователь для обработчиков'
+	STRUCTURAL
+		MUST ( uid $ userPassword $ displayName ) )

ldap/slapd.conf

@@ -37,10 +37,10 @@ include		/etc/openldap/schema/nis.schema
 #include		/etc/openldap/schema/netscape-profile.schema
 # Local schema
 #include		/etc/openldap/schema/local.schema
-
+moduleload argon2 m=65536 t=3 p=1
+password-hash {ARGON2}
 # Specify  a  set  of features (separated by white space) to allow.
 allow bind_v2
-
 # Do not enable referrals until AFTER you have a working directory
 # service AND an understanding of referrals.
 #referral ldap://root.openldap.org
@@ -171,7 +171,7 @@ rootDSE /etc/openldap/rootdse.ldif
 database mdb
 suffix "dc=ldap,dc=sharix,dc=ru"
 rootdn "cn=admin,dc=ldap,dc=sharix,dc=ru"
-rootpw {SSHA}3gVsX+hkaayGbHHL7BKJep9JNL2NL02k
+rootpw {ARGON2}$argon2id$v=19$m=65536,t=3,p=1$3Xq4p8n2Fb0NOggjyrbPxw$XyS0sQy1djoTxzenj2T9uDnXKhfC6+oixUO3psyu2Nc
 directory /var/lib/ldap/bases/ldap.sharix.ru
 
 index objectClass eq