kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 3 Projects 2 Activity

Fix the invalid ACIs on initial creation

Browse Source 
This is only executed on initial creation of the instance, the
production one is using these fixed ACIs, this was only an issue with
the setup

The issue was the ACI was set at the wrong level
This commit is contained in:
Greg Karékinian 2020-04-20 18:58:30 +02:00
parent a3b95463fa
commit 3ca8ab45da
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
site-cookbooks/kosmos-dirsrv/files/users.ldif
View File

@ -1,6 +1,12 @@
# kosmos.org
dn: dc=kosmos,dc=org
objectClass: top
objectClass: domain
dc: kosmos
aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)
dn: ou=users,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
ou: users
aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)