fvanderbiest/georchestra_1512_to_1806_ldap.diff

## georchestra_1512_to_1806_ldap.diff
diff --git a/ldap/georchestra.ldif b/ldap/georchestra.ldif
index 6eedd24..2dc73f9 100644
--- a/ldap/georchestra.ldif
+++ b/ldap/georchestra.ldif
@@ -9,6 +9,7 @@ dn: uid=testuser,ou=users,dc=georchestra,dc=org
 objectClass: organizationalPerson
 objectClass: person
 objectClass: inetOrgPerson
+objectClass: shadowAccount
 objectClass: top
 mail: psc+testuser@georchestra.org
 o: geOrchestra
@@ -26,6 +27,7 @@ dn: uid=testreviewer,ou=users,dc=georchestra,dc=org
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
+objectClass: shadowAccount
 objectClass: top
 uid: testreviewer
 givenName: Test
@@ -42,6 +44,7 @@ dn: uid=testeditor,ou=users,dc=georchestra,dc=org
 objectClass: inetOrgPerson
 objectClass: organizationalPerson
 objectClass: person
+objectClass: shadowAccount
 objectClass: top
 uid: testeditor
 givenName: Test
@@ -58,6 +61,7 @@ dn: uid=testadmin,ou=users,dc=georchestra,dc=org
 objectClass: organizationalPerson
 objectClass: person
 objectClass: inetOrgPerson
+objectClass: shadowAccount
 objectClass: top
 uid: testadmin
 givenName: Test
@@ -75,6 +79,7 @@ sn: geoserver_privileged_user
 objectClass: organizationalPerson
 objectClass: person
 objectClass: inetOrgPerson
+objectClass: shadowAccount
 objectClass: top
 mail: psc+geoserver_privileged_user@georchestra.org
 uid: geoserver_privileged_user
@@ -83,15 +88,15 @@ employeeNumber: 5
 description: Do not modify.  This is a required user for extractorapp, geofence, mapfishapp...
 userPassword:: e1NIQX1XMlY4d2UrOFdNanpma28rMUtZVDFZcWZFVDQ9

-# groups, georchestra.org
-dn: ou=groups,dc=georchestra,dc=org
+# roles, georchestra.org
+dn: ou=roles,dc=georchestra,dc=org
 objectClass: organizationalUnit
 objectClass: top
-ou: groups
+ou: roles


-# ADMINISTRATOR, groups, georchestra.org
-dn: cn=ADMINISTRATOR,ou=groups,dc=georchestra,dc=org
+# ADMINISTRATOR, roles, georchestra.org
+dn: cn=ADMINISTRATOR,ou=roles,dc=georchestra,dc=org
 objectClass: top
 objectClass: groupOfMembers
 cn: ADMINISTRATOR
@@ -101,77 +106,140 @@ member: uid=geoserver_privileged_user,ou=users,dc=georchestra,dc=org
 member: uid=testadmin,ou=users,dc=georchestra,dc=org


-# PENDING, groups, georchestra.org
-dn: cn=PENDING,ou=groups,dc=georchestra,dc=org
+# PENDING, roles, georchestra.org
+dn: cn=PENDING,ou=roles,dc=georchestra,dc=org
 objectClass: top
 objectClass: groupOfMembers
 cn: PENDING
 ou: 2
 description: This group does not grant any right inside the SDI. Users in this group are requesting a fully fledged account.

-
-# MOD_LDAPADMIN, groups, georchestra.org
-dn: cn=MOD_LDAPADMIN,ou=groups,dc=georchestra,dc=org
+# SUPERUSER, roles, georchestra.org
+dn: cn=SUPERUSER,ou=roles,dc=georchestra,dc=org
 objectClass: top
 objectClass: groupOfMembers
-cn: MOD_LDAPADMIN
+cn: SUPERUSER
 ou: 10
 description: This group grants access to the LDAPadmin private User Interface
 member: uid=testadmin,ou=users,dc=georchestra,dc=org

-# MOD_ANALYTICS, groups, georchestra.org
-dn: cn=MOD_ANALYTICS,ou=groups,dc=georchestra,dc=org
+# EXTRACTORAPP, roles, georchestra.org
+dn: cn=EXTRACTORAPP,ou=roles,dc=georchestra,dc=org
 objectClass: top
 objectClass: groupOfMembers
-cn: MOD_ANALYTICS
+cn: EXTRACTORAPP
 ou: 11
-description: This group grants access to the Analytics application
-member: uid=testadmin,ou=users,dc=georchestra,dc=org
-
-# MOD_EXTRACTORAPP, groups, georchestra.org
-dn: cn=MOD_EXTRACTORAPP,ou=groups,dc=georchestra,dc=org
-objectClass: top
-objectClass: groupOfMembers
-cn: MOD_EXTRACTORAPP
-ou: 12
 description: This group grants access to the Extractorapp application
 member: uid=testadmin,ou=users,dc=georchestra,dc=org


-# SV_ADMIN, groups, georchestra.org
-dn: cn=SV_ADMIN,ou=groups,dc=georchestra,dc=org
+# GN_ADMIN, roles, georchestra.org
+dn: cn=GN_ADMIN,ou=roles,dc=georchestra,dc=org
 objectClass: top
 objectClass: groupOfMembers
-cn: SV_ADMIN
+cn: GN_ADMIN
 ou: 20
 description: This group grants admin access to GeoNetwork
 member: uid=testadmin,ou=users,dc=georchestra,dc=org

-# SV_EDITOR, groups, georchestra.org
-dn: cn=SV_EDITOR,ou=groups,dc=georchestra,dc=org
+# GN_EDITOR, roles, georchestra.org
+dn: cn=GN_EDITOR,ou=roles,dc=georchestra,dc=org
 objectClass: top
 objectClass: groupOfMembers
-cn: SV_EDITOR
+cn: GN_EDITOR
 ou: 21
-description: This group grants edit rights in GeoNetwork and Mapfishapp
+description: This group grants edit rights in GeoNetwork
 member: uid=testeditor,ou=users,dc=georchestra,dc=org

-# SV_REVIEWER, groups, georchestra.org
-dn: cn=SV_REVIEWER,ou=groups,dc=georchestra,dc=org
+# GN_REVIEWER, roles, georchestra.org
+dn: cn=GN_REVIEWER,ou=roles,dc=georchestra,dc=org
 objectClass: top
 objectClass: groupOfMembers
-cn: SV_REVIEWER
+cn: GN_REVIEWER
 ou: 22
-description: This group grants reviewer rights in GeoNetwork
+description: This group grants reviewer (publish) rights in GeoNetwork
 member: uid=testreviewer,ou=users,dc=georchestra,dc=org

-# SV_USER, groups, georchestra.org
-dn: cn=SV_USER,ou=groups,dc=georchestra,dc=org
+# USER, roles, georchestra.org
+dn: cn=USER,ou=roles,dc=georchestra,dc=org
 objectClass: top
 objectClass: groupOfMembers
-cn: SV_USER
+cn: USER
 ou: 23
 description: This group grants basic, authenticated access to the whole SDI
 member: uid=testuser,ou=users,dc=georchestra,dc=org
+member: uid=testeditor,ou=users,dc=georchestra,dc=org
+member: uid=testreviewer,ou=users,dc=georchestra,dc=org
+member: uid=testadmin,ou=users,dc=georchestra,dc=org
+
+# ORGADMIN, roles, georchestra.org
+dn: cn=ORGADMIN,ou=roles,dc=georchestra,dc=org
+objectClass: top
+objectClass: groupOfMembers
+cn: ORGADMIN
+ou: 24
+description: This role is automatically granted to all users holding an admin delegation
+member: uid=testuser,ou=users,dc=georchestra,dc=org
+member: uid=testeditor,ou=users,dc=georchestra,dc=org
+
+# orgs, georchestra.org
+dn: ou=orgs,dc=georchestra,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: orgs
+
+dn: o=psc,ou=orgs,dc=georchestra,dc=org
+objectClass: organization
+objectClass: top
+o: psc
+businessCategory: ASSOCIATION
+postalAddress: 127 rue georchestra, 73590 Chamblille
+
+dn: cn=psc,ou=orgs,dc=georchestra,dc=org
+objectClass: groupOfMembers
+objectClass: top
+cn: psc
+businessCategory: REGISTERED
+description: 4184,684,9849,7987,797898,5797,579,97,49,797,97
+member: uid=testadmin,ou=users,dc=georchestra,dc=org
+member: uid=testuser,ou=users,dc=georchestra,dc=org
+o: Project Steering Committee
+ou: PSC
+seeAlso: o=psc,ou=orgs,dc=georchestra,dc=org
+

+dn: o=c2c,ou=orgs,dc=georchestra,dc=org
+objectClass: organization
+objectClass: top
+o: c2c
+businessCategory: COMPANY
+postalAddress: 18 Rue du lac Saint André, 73000 Chambéry

+dn: cn=c2c,ou=orgs,dc=georchestra,dc=org
+objectClass: groupOfMembers
+objectClass: top
+cn: c2c
+businessCategory: REGISTERED
+description: 4184
+member: uid=testeditor,ou=users,dc=georchestra,dc=org
+o: Camptocamp
+ou: C2C
+seeAlso: o=c2c,ou=orgs,dc=georchestra,dc=org
+
+dn: o=cra,ou=orgs,dc=georchestra,dc=org
+objectClass: organization
+objectClass: top
+o: cra
+businessCategory: COMPANY
+postalAddress: Rue Jean Wenger - Valentin, 67000 Strasbourg
+
+dn: cn=cra,ou=orgs,dc=georchestra,dc=org
+objectClass: groupOfMembers
+objectClass: top
+cn: cra
+businessCategory: REGISTERED
+description: 4184
+member: uid=testreviewer,ou=users,dc=georchestra,dc=org
+o: Conseil régional d'Alsace
+ou: CRA
+seeAlso: o=cra,ou=orgs,dc=georchestra,dc=org
	diff --git a/ldap/georchestra.ldif b/ldap/georchestra.ldif
	index 6eedd24..2dc73f9 100644
	--- a/ldap/georchestra.ldif
	+++ b/ldap/georchestra.ldif
	@@ -9,6 +9,7 @@ dn: uid=testuser,ou=users,dc=georchestra,dc=org
	objectClass: organizationalPerson
	objectClass: person
	objectClass: inetOrgPerson
	+objectClass: shadowAccount
	objectClass: top
	mail: psc+testuser@georchestra.org
	o: geOrchestra
	@@ -26,6 +27,7 @@ dn: uid=testreviewer,ou=users,dc=georchestra,dc=org
	objectClass: inetOrgPerson
	objectClass: organizationalPerson
	objectClass: person
	+objectClass: shadowAccount
	objectClass: top
	uid: testreviewer
	givenName: Test
	@@ -42,6 +44,7 @@ dn: uid=testeditor,ou=users,dc=georchestra,dc=org
	objectClass: inetOrgPerson
	objectClass: organizationalPerson
	objectClass: person
	+objectClass: shadowAccount
	objectClass: top
	uid: testeditor
	givenName: Test
	@@ -58,6 +61,7 @@ dn: uid=testadmin,ou=users,dc=georchestra,dc=org
	objectClass: organizationalPerson
	objectClass: person
	objectClass: inetOrgPerson
	+objectClass: shadowAccount
	objectClass: top
	uid: testadmin
	givenName: Test
	@@ -75,6 +79,7 @@ sn: geoserver_privileged_user
	objectClass: organizationalPerson
	objectClass: person
	objectClass: inetOrgPerson
	+objectClass: shadowAccount
	objectClass: top
	mail: psc+geoserver_privileged_user@georchestra.org
	uid: geoserver_privileged_user
	@@ -83,15 +88,15 @@ employeeNumber: 5
	description: Do not modify. This is a required user for extractorapp, geofence, mapfishapp...
	userPassword:: e1NIQX1XMlY4d2UrOFdNanpma28rMUtZVDFZcWZFVDQ9

	-# groups, georchestra.org
	-dn: ou=groups,dc=georchestra,dc=org
	+# roles, georchestra.org
	+dn: ou=roles,dc=georchestra,dc=org
	objectClass: organizationalUnit
	objectClass: top
	-ou: groups
	+ou: roles


	-# ADMINISTRATOR, groups, georchestra.org
	-dn: cn=ADMINISTRATOR,ou=groups,dc=georchestra,dc=org
	+# ADMINISTRATOR, roles, georchestra.org
	+dn: cn=ADMINISTRATOR,ou=roles,dc=georchestra,dc=org
	objectClass: top
	objectClass: groupOfMembers
	cn: ADMINISTRATOR
	@@ -101,77 +106,140 @@ member: uid=geoserver_privileged_user,ou=users,dc=georchestra,dc=org
	member: uid=testadmin,ou=users,dc=georchestra,dc=org


	-# PENDING, groups, georchestra.org
	-dn: cn=PENDING,ou=groups,dc=georchestra,dc=org
	+# PENDING, roles, georchestra.org
	+dn: cn=PENDING,ou=roles,dc=georchestra,dc=org
	objectClass: top
	objectClass: groupOfMembers
	cn: PENDING
	ou: 2
	description: This group does not grant any right inside the SDI. Users in this group are requesting a fully fledged account.

	-
	-# MOD_LDAPADMIN, groups, georchestra.org
	-dn: cn=MOD_LDAPADMIN,ou=groups,dc=georchestra,dc=org
	+# SUPERUSER, roles, georchestra.org
	+dn: cn=SUPERUSER,ou=roles,dc=georchestra,dc=org
	objectClass: top
	objectClass: groupOfMembers
	-cn: MOD_LDAPADMIN
	+cn: SUPERUSER
	ou: 10
	description: This group grants access to the LDAPadmin private User Interface
	member: uid=testadmin,ou=users,dc=georchestra,dc=org

	-# MOD_ANALYTICS, groups, georchestra.org
	-dn: cn=MOD_ANALYTICS,ou=groups,dc=georchestra,dc=org
	+# EXTRACTORAPP, roles, georchestra.org
	+dn: cn=EXTRACTORAPP,ou=roles,dc=georchestra,dc=org
	objectClass: top
	objectClass: groupOfMembers
	-cn: MOD_ANALYTICS
	+cn: EXTRACTORAPP
	ou: 11
	-description: This group grants access to the Analytics application
	-member: uid=testadmin,ou=users,dc=georchestra,dc=org
	-
	-# MOD_EXTRACTORAPP, groups, georchestra.org
	-dn: cn=MOD_EXTRACTORAPP,ou=groups,dc=georchestra,dc=org
	-objectClass: top
	-objectClass: groupOfMembers
	-cn: MOD_EXTRACTORAPP
	-ou: 12
	description: This group grants access to the Extractorapp application
	member: uid=testadmin,ou=users,dc=georchestra,dc=org


	-# SV_ADMIN, groups, georchestra.org
	-dn: cn=SV_ADMIN,ou=groups,dc=georchestra,dc=org
	+# GN_ADMIN, roles, georchestra.org
	+dn: cn=GN_ADMIN,ou=roles,dc=georchestra,dc=org
	objectClass: top
	objectClass: groupOfMembers
	-cn: SV_ADMIN
	+cn: GN_ADMIN
	ou: 20
	description: This group grants admin access to GeoNetwork
	member: uid=testadmin,ou=users,dc=georchestra,dc=org

	-# SV_EDITOR, groups, georchestra.org
	-dn: cn=SV_EDITOR,ou=groups,dc=georchestra,dc=org
	+# GN_EDITOR, roles, georchestra.org
	+dn: cn=GN_EDITOR,ou=roles,dc=georchestra,dc=org
	objectClass: top
	objectClass: groupOfMembers
	-cn: SV_EDITOR
	+cn: GN_EDITOR
	ou: 21
	-description: This group grants edit rights in GeoNetwork and Mapfishapp
	+description: This group grants edit rights in GeoNetwork
	member: uid=testeditor,ou=users,dc=georchestra,dc=org

	-# SV_REVIEWER, groups, georchestra.org
	-dn: cn=SV_REVIEWER,ou=groups,dc=georchestra,dc=org
	+# GN_REVIEWER, roles, georchestra.org
	+dn: cn=GN_REVIEWER,ou=roles,dc=georchestra,dc=org
	objectClass: top
	objectClass: groupOfMembers
	-cn: SV_REVIEWER
	+cn: GN_REVIEWER
	ou: 22
	-description: This group grants reviewer rights in GeoNetwork
	+description: This group grants reviewer (publish) rights in GeoNetwork
	member: uid=testreviewer,ou=users,dc=georchestra,dc=org

	-# SV_USER, groups, georchestra.org
	-dn: cn=SV_USER,ou=groups,dc=georchestra,dc=org
	+# USER, roles, georchestra.org
	+dn: cn=USER,ou=roles,dc=georchestra,dc=org
	objectClass: top
	objectClass: groupOfMembers
	-cn: SV_USER
	+cn: USER
	ou: 23
	description: This group grants basic, authenticated access to the whole SDI
	member: uid=testuser,ou=users,dc=georchestra,dc=org
	+member: uid=testeditor,ou=users,dc=georchestra,dc=org
	+member: uid=testreviewer,ou=users,dc=georchestra,dc=org
	+member: uid=testadmin,ou=users,dc=georchestra,dc=org
	+
	+# ORGADMIN, roles, georchestra.org
	+dn: cn=ORGADMIN,ou=roles,dc=georchestra,dc=org
	+objectClass: top
	+objectClass: groupOfMembers
	+cn: ORGADMIN
	+ou: 24
	+description: This role is automatically granted to all users holding an admin delegation
	+member: uid=testuser,ou=users,dc=georchestra,dc=org
	+member: uid=testeditor,ou=users,dc=georchestra,dc=org
	+
	+# orgs, georchestra.org
	+dn: ou=orgs,dc=georchestra,dc=org
	+objectClass: organizationalUnit
	+objectClass: top
	+ou: orgs
	+
	+dn: o=psc,ou=orgs,dc=georchestra,dc=org
	+objectClass: organization
	+objectClass: top
	+o: psc
	+businessCategory: ASSOCIATION
	+postalAddress: 127 rue georchestra, 73590 Chamblille
	+
	+dn: cn=psc,ou=orgs,dc=georchestra,dc=org
	+objectClass: groupOfMembers
	+objectClass: top
	+cn: psc
	+businessCategory: REGISTERED
	+description: 4184,684,9849,7987,797898,5797,579,97,49,797,97
	+member: uid=testadmin,ou=users,dc=georchestra,dc=org
	+member: uid=testuser,ou=users,dc=georchestra,dc=org
	+o: Project Steering Committee
	+ou: PSC
	+seeAlso: o=psc,ou=orgs,dc=georchestra,dc=org
	+

	+dn: o=c2c,ou=orgs,dc=georchestra,dc=org
	+objectClass: organization
	+objectClass: top
	+o: c2c
	+businessCategory: COMPANY
	+postalAddress: 18 Rue du lac Saint André, 73000 Chambéry

	+dn: cn=c2c,ou=orgs,dc=georchestra,dc=org
	+objectClass: groupOfMembers
	+objectClass: top
	+cn: c2c
	+businessCategory: REGISTERED
	+description: 4184
	+member: uid=testeditor,ou=users,dc=georchestra,dc=org
	+o: Camptocamp
	+ou: C2C
	+seeAlso: o=c2c,ou=orgs,dc=georchestra,dc=org
	+
	+dn: o=cra,ou=orgs,dc=georchestra,dc=org
	+objectClass: organization
	+objectClass: top
	+o: cra
	+businessCategory: COMPANY
	+postalAddress: Rue Jean Wenger - Valentin, 67000 Strasbourg
	+
	+dn: cn=cra,ou=orgs,dc=georchestra,dc=org
	+objectClass: groupOfMembers
	+objectClass: top
	+cn: cra
	+businessCategory: REGISTERED
	+description: 4184
	+member: uid=testreviewer,ou=users,dc=georchestra,dc=org
	+o: Conseil régional d'Alsace
	+ou: CRA
	+seeAlso: o=cra,ou=orgs,dc=georchestra,dc=org