diff --git a/nodes/andromeda.kosmos.org.json b/nodes/andromeda.kosmos.org.json
index 7affd98..f233f14 100644
--- a/nodes/andromeda.kosmos.org.json
+++ b/nodes/andromeda.kosmos.org.json
@@ -19,7 +19,7 @@
   "automatic": {
     "fqdn": "andromeda.kosmos.org",
     "os": "linux",
-    "os_version": "4.15.0-50-generic",
+    "os_version": "4.15.0-74-generic",
     "hostname": "andromeda",
     "ipaddress": "46.4.18.160",
     "roles": [
diff --git a/site-cookbooks/kosmos-dirsrv/files/users.ldif b/site-cookbooks/kosmos-dirsrv/files/users.ldif
index 5055e99..136fd00 100644
--- a/site-cookbooks/kosmos-dirsrv/files/users.ldif
+++ b/site-cookbooks/kosmos-dirsrv/files/users.ldif
@@ -2,3 +2,5 @@ dn: ou=users,dc=kosmos,dc=org
 objectClass: top
 objectClass: organizationalUnit
 ou: users
+aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
+aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)
diff --git a/site-cookbooks/kosmos-dirsrv/metadata.rb b/site-cookbooks/kosmos-dirsrv/metadata.rb
index 74140a1..b022a52 100644
--- a/site-cookbooks/kosmos-dirsrv/metadata.rb
+++ b/site-cookbooks/kosmos-dirsrv/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license 'MIT'
 description 'Installs/Configures 389 Directory Server'
 long_description 'Installs/Configures 389 Directory Server'
-version '0.1.1'
+version '0.1.2'
 chef_version '>= 14.0'
 
 depends "firewall"