From 3ca8ab45da5649b334c8add5a0e99b285f25f640 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Mon, 20 Apr 2020 18:58:30 +0200
Subject: [PATCH] Fix the invalid ACIs on initial creation

This is only executed on initial creation of the instance, the
production one is using these fixed ACIs, this was only an issue with
the setup

The issue was the ACI was set at the wrong level
---
 site-cookbooks/kosmos-dirsrv/files/users.ldif | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/site-cookbooks/kosmos-dirsrv/files/users.ldif b/site-cookbooks/kosmos-dirsrv/files/users.ldif
index 136fd00..3ae1306 100644
--- a/site-cookbooks/kosmos-dirsrv/files/users.ldif
+++ b/site-cookbooks/kosmos-dirsrv/files/users.ldif
@@ -1,6 +1,12 @@
+# kosmos.org
+dn: dc=kosmos,dc=org
+objectClass: top
+objectClass: domain
+dc: kosmos
+aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
+aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)
+
 dn: ou=users,dc=kosmos,dc=org
 objectClass: top
 objectClass: organizationalUnit
 ou: users
-aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
-aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)