Добавлен сервис Proxy в файлы профилей

git-svn-id: http://svn.calculate.ru/calculate2/calculate-server/trunk@1665 c91db197-33c1-4113-bf15-f8a5c547ca64

profile/ftp/etc/openldap/slapd.conf

@@ -42,6 +42,9 @@ access to attrs=userPassword
 #?sr_ftp_set==on||cl_pass_service==ftp#
     by dn="#-ld_ftp_dn-#" read
 #sr_ftp_set#
+#?sr_proxy_set==on||cl_pass_service==proxy#
+    by dn="#-ld_proxy_dn-#" read
+#sr_proxy_set#
 #Доступ к аттрибуту password репликатора
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
     by dn="#-ld_repl_dn-#" write
@@ -138,6 +141,14 @@ access to dn.regex=".*#-ld_ldap_dn-#$"
     by * none
 #pkg#
 
+# Доступ к ветке Proxy
+#?sr_proxy_set==on||cl_pass_service==proxy#
+access to dn.regex=".*#-ld_proxy_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_proxy_dn-#" read
+    by * none
+#sr_proxy_set#
+
 # Доступ к ветке Replication
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
 access to dn.regex=".*#-ld_repl_dn-#$"

profile/jabber/etc/openldap/slapd.conf

@@ -42,6 +42,9 @@ access to attrs=userPassword
 #?sr_ftp_set==on||cl_pass_service==ftp#
     by dn="#-ld_ftp_dn-#" read
 #sr_ftp_set#
+#?sr_proxy_set==on||cl_pass_service==proxy#
+    by dn="#-ld_proxy_dn-#" read
+#sr_proxy_set#
 #Доступ к аттрибуту password репликатора
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
     by dn="#-ld_repl_dn-#" write
@@ -138,6 +141,14 @@ access to dn.regex=".*#-ld_ldap_dn-#$"
     by * none
 #pkg#
 
+# Доступ к ветке Proxy
+#?sr_proxy_set==on||cl_pass_service==proxy#
+access to dn.regex=".*#-ld_proxy_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_proxy_dn-#" read
+    by * none
+#sr_proxy_set#
+
 # Доступ к ветке Replication
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
 access to dn.regex=".*#-ld_repl_dn-#$"

profile/mail/etc/openldap/slapd.conf

@@ -42,6 +42,9 @@ access to attrs=userPassword
 #?sr_ftp_set==on||cl_pass_service==ftp#
     by dn="#-ld_ftp_dn-#" read
 #sr_ftp_set#
+#?sr_proxy_set==on||cl_pass_service==proxy#
+    by dn="#-ld_proxy_dn-#" read
+#sr_proxy_set#
 #Доступ к аттрибуту password репликатора
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
     by dn="#-ld_repl_dn-#" write
@@ -138,6 +141,14 @@ access to dn.regex=".*#-ld_ldap_dn-#$"
     by * none
 #pkg#
 
+# Доступ к ветке Proxy
+#?sr_proxy_set==on||cl_pass_service==proxy#
+access to dn.regex=".*#-ld_proxy_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_proxy_dn-#" read
+    by * none
+#sr_proxy_set#
+
 # Доступ к ветке Replication
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
 access to dn.regex=".*#-ld_repl_dn-#$"

profile/proxy/etc/openldap/slapd.conf

@@ -0,0 +1,212 @@
+# Calculate format=ldap\
+chmod=0640\
+chown=root:ldap\
+append=replace
+include		/etc/openldap/schema/core.schema
+include		/etc/openldap/schema/cosine.schema
+include		/etc/openldap/schema/nis.schema
+include		/etc/openldap/schema/inetorgperson.schema
+include		/etc/openldap/schema/misc.schema
+#?sr_samba_set==on||cl_pass_service==samba#
+include		/etc/openldap/schema/samba.schema
+#sr_samba_set#
+#?sr_mail_set==on||cl_pass_service==mail#
+include		/etc/openldap/schema/mail.schema
+#sr_mail_set#
+#?pkg(openldap)<2.4#schemacheck on#pkg#
+
+pidfile		/var/run/openldap/slapd.pid
+argsfile	/var/run/openldap/slapd.arg
+
+# Уровень отладочных сообщений
+loglevel	0
+allow		bind_v2
+modulepath	/usr/lib/openldap/openldap
+
+# Доступ к аттрибуту userPassword
+access to attrs=userPassword
+    by self write
+    by dn="#-ld_admin_dn-#" write
+#?sr_samba_set==on||cl_pass_service==samba#
+    by dn="#-ld_samba_dn-#" write
+#sr_samba_set#
+#?sr_unix_set==on||cl_pass_service==unix#
+    by dn="#-ld_unix_dn-#" write
+#sr_unix_set#
+#?sr_mail_set==on||cl_pass_service==mail#
+    by dn="#-ld_mail_dn-#" read
+#sr_mail_set#
+#?sr_jabber_set==on||cl_pass_service==jabber#
+    by dn="#-ld_jabber_dn-#" read
+#sr_jabber_set#
+#?sr_ftp_set==on||cl_pass_service==ftp#
+    by dn="#-ld_ftp_dn-#" read
+#sr_ftp_set#
+#?sr_proxy_set==on||cl_pass_service==proxy#
+    by dn="#-ld_proxy_dn-#" read
+#sr_proxy_set#
+#Доступ к аттрибуту password репликатора
+#?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
+    by dn="#-ld_repl_dn-#" write
+#pkg#
+    by * auth
+
+# Доступ к аттрибутам Samba
+#?sr_samba_set==on||cl_pass_service==samba#
+access to attrs=sambaLMPassword,sambaNTPassword
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_samba_dn-#" write
+#sr_samba_set#
+#Доступ к аттрибутам Samba репликатора
+#?pkg(openldap)>2.4&ld_repl_set==on&sr_samba_set==on&ld_repl_id!=||pkg(openldap)>2.4&ld_repl_set==on&cl_pass_service==samba&ld_repl_id!=#
+    by dn="#-ld_repl_dn-#" write
+#pkg#
+#?sr_samba_set==on||cl_pass_service==samba#
+    by * none
+#sr_samba_set#
+
+# Доступ к пользователю только для просмотра
+access to dn.base="#-ld_bind_dn-#"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_bind_dn-#" read
+    by * none
+
+# Доступ к администратору сервера LDAP
+access to dn.base="#-ld_admin_dn-#"
+    by dn="#-ld_admin_dn-#" write
+    by * none
+
+# Доступ к ветке Samba
+#?sr_samba_set==on||cl_pass_service==samba#
+access to dn.regex=".*#-ld_samba_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_samba_dn-#" write
+    by dn="#-ld_unix_dn-#" write
+#sr_samba_set#
+#Доступ к ветке Samba репликатора
+#?pkg(openldap)>2.4&ld_repl_set==on&sr_samba_set==on&ld_repl_id!=||pkg(openldap)>2.4&ld_repl_set==on&cl_pass_service==samba&ld_repl_id!=#
+    by dn="#-ld_repl_dn-#" write
+#pkg#
+#?sr_samba_set==on||cl_pass_service==samba#
+    by dn="#-ld_bind_dn-#" read
+    by * none
+#sr_samba_set#
+
+# Доступ к ветке Unix
+#?sr_unix_set==on||cl_pass_service==unix#
+access to dn.regex=".*#-ld_unix_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_samba_dn-#" write
+    by dn="#-ld_unix_dn-#" write
+# Доступ к ветке Unix репликатора
+#?pkg(openldap)>2.4&ld_repl_set==on&sr_unix_set==on&ld_repl_id!=||pkg(openldap)>2.4&ld_repl_set==on&cl_pass_service==unix&ld_repl_id!=#
+    by dn="#-ld_repl_dn-#" write
+#pkg#
+#?sr_unix_set==on||cl_pass_service==unix#
+    by dn="#-ld_bind_dn-#" read
+    by * none
+#sr_unix_set#
+
+# Доступ к ветке Mail
+#?sr_mail_set==on||cl_pass_service==mail#
+access to dn.regex=".*#-ld_mail_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_mail_dn-#" read
+    by * none
+#sr_mail_set#
+
+# Доступ к ветке Jabber
+#?sr_jabber_set==on||cl_pass_service==jabber#
+access to dn.regex=".*#-ld_jabber_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_jabber_dn-#" read
+    by * none
+#sr_jabber_set#
+
+# Доступ к ветке FTP
+#?sr_ftp_set==on||cl_pass_service==ftp#
+access to dn.regex=".*#-ld_ftp_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_ftp_dn-#" read
+    by * none
+#sr_ftp_set#
+
+# Доступ к ветке LDAP
+#?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
+access to dn.regex=".*#-ld_ldap_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_repl_dn-#" read
+    by dn="#-ld_bind_dn-#" read
+    by dn="#-ld_mail_dn-#" read
+    by * none
+#pkg#
+
+# Доступ к ветке Proxy
+#?sr_proxy_set==on||cl_pass_service==proxy#
+access to dn.regex=".*#-ld_proxy_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_proxy_dn-#" read
+    by * none
+#sr_proxy_set#
+
+# Доступ к ветке Replication
+#?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
+access to dn.regex=".*#-ld_repl_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_repl_dn-#" write
+    by dn="#-ld_bind_dn-#" read
+    by dn="#-ld_mail_dn-#" read
+    by * none
+#pkg#
+
+# Доступ к остальным веткам сервисов
+access to dn.regex=".*ou=([^,]+),#-ld_services_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn.regex="ou=$1,#-ld_services_dn-#" write
+    by * none
+
+# Закрываем доступ к веткам
+access to dn.regex=".*,#-ld_services_dn-#"
+    by dn="#-ld_admin_dn-#" write
+    by * none
+
+# Доступ ко всем аттрибутам
+access to *
+    by dn="#-ld_admin_dn-#" write
+    by self write
+    by * read
+# Доступ по умолчанию только для чтения
+#?pkg(openldap)<2.4#defaultaccess read#pkg#
+
+# Тип базы данных
+#?pkg(openldap)<2.4#database	ldbm#pkg#
+#?pkg(openldap)>2.4#database	bdb#pkg#
+suffix		"#-ld_base_dn-#"
+checkpoint	1024	5
+cachesize	10000
+directory	/var/lib/openldap-data
+
+# Параметры для репликации
+#?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
+rootdn "cn=ldaproot,#-ld_base_dn-#"
+
+#-ld_repl_servers_info-#
+
+#-ld_repl_servers_ref-#
+
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
+
+
+mirrormode on
+serverID #-ld_repl_id-#
+#pkg#
+
+index	objectClass	eq
+index	cn		pres,sub,eq
+index	sn		pres,sub,eq
+index	uid		pres,sub,eq
+index	uidNumber	eq
+index	gidNumber	eq
+index	default		sub

profile/proxy/etc/squid/squid.conf

@@ -0,0 +1,33 @@
+# Calculate format=squid  append=replace
+auth_param basic program /usr/libexec/squid/squid_ldap_auth -b "ou=Users,#-ld_proxy_dn-#" -f "(&(uid=%s)(initials=Yes))" -D "#-ld_proxy_dn-#" -W /etc/squid/squid.ldap -h localhost
+auth_param basic credentialsttl 5 minute
+external_acl_type ldap_users ttl=300 %LOGIN %PORT /usr/bin/proxy -s "#-ld_proxy_dn-#" -b "#-ld_base_dn-#" -P /etc/squid/squid.ldap
+acl manager proto cache_object
+acl localhost src 127.0.0.1/32
+#-sr_proxy_net_allow_pass-#
+acl access_port external ldap_users
+acl purge method PURGE
+acl CONNECT method CONNECT
+http_access allow manager localhost
+http_access deny manager
+http_access allow purge localhost
+http_access deny purge
+http_access deny !access_port
+http_access allow localnet
+http_access allow localhost
+http_access deny all
+icp_access allow localnet
+icp_access deny all
+htcp_access allow localnet
+htcp_access deny all
+http_port #-sr_proxy_port-#
+hierarchy_stoplist cgi-bin ?
+logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %ul %ui %Sh/%<A %mt %et
+access_log /var/log/squid/access.log squid
+refresh_pattern ^ftp:           1440    20%     10080
+refresh_pattern ^gopher:        1440    0%      1440
+refresh_pattern (cgi-bin|\?)    0       0%      0
+refresh_pattern .               0       20%     4320
+icp_port 3130
+forwarded_for off
+coredump_dir /var/cache/squid

profile/proxy/etc/squid/squid.ldap

@@ -0,0 +1,2 @@
+# Calculate chmod=0600 chown=squid:squid append=replace
+#-ld_proxy_pw-#

profile/samba/etc/openldap/slapd.conf

@@ -42,6 +42,9 @@ access to attrs=userPassword
 #?sr_ftp_set==on||cl_pass_service==ftp#
     by dn="#-ld_ftp_dn-#" read
 #sr_ftp_set#
+#?sr_proxy_set==on||cl_pass_service==proxy#
+    by dn="#-ld_proxy_dn-#" read
+#sr_proxy_set#
 #Доступ к аттрибуту password репликатора
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
     by dn="#-ld_repl_dn-#" write
@@ -138,6 +141,14 @@ access to dn.regex=".*#-ld_ldap_dn-#$"
     by * none
 #pkg#
 
+# Доступ к ветке Proxy
+#?sr_proxy_set==on||cl_pass_service==proxy#
+access to dn.regex=".*#-ld_proxy_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_proxy_dn-#" read
+    by * none
+#sr_proxy_set#
+
 # Доступ к ветке Replication
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
 access to dn.regex=".*#-ld_repl_dn-#$"

profile/unix/etc/openldap/slapd.conf

@@ -42,6 +42,9 @@ access to attrs=userPassword
 #?sr_ftp_set==on||cl_pass_service==ftp#
     by dn="#-ld_ftp_dn-#" read
 #sr_ftp_set#
+#?sr_proxy_set==on||cl_pass_service==proxy#
+    by dn="#-ld_proxy_dn-#" read
+#sr_proxy_set#
 #Доступ к аттрибуту password репликатора
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
     by dn="#-ld_repl_dn-#" write
@@ -138,6 +141,14 @@ access to dn.regex=".*#-ld_ldap_dn-#$"
     by * none
 #pkg#
 
+# Доступ к ветке Proxy
+#?sr_proxy_set==on||cl_pass_service==proxy#
+access to dn.regex=".*#-ld_proxy_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_proxy_dn-#" read
+    by * none
+#sr_proxy_set#
+
 # Доступ к ветке Replication
 #?pkg(openldap)>2.4&ld_repl_set==on&ld_repl_id!=#
 access to dn.regex=".*#-ld_repl_dn-#$"