Switch the mediawiki LDAP setup to a new application account
Needs the new directory structure: ``` dn: cn=applications,dc=kosmos,dc=org objectClass: top objectClass: organizationalRole cn: users dn: ou=kosmos.org,cn=applications,dc=kosmos,dc=org objectClass: top objectClass: organizationalUnit ou: kosmos.org dn: ou=5apps.com,cn=applications,dc=kosmos,dc=org objectClass: top objectClass: organizationalUnit description: 5apps ou: 5apps.com dn: uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org objectClass: simpleSecurityObject objectClass: account uid: wiki userPassword: [snip] dn: uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org objectClass: simpleSecurityObject objectClass: account uid: xmpp userPassword: [snip] dn: uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org objectClass: simpleSecurityObject objectClass: account uid: xmpp userPassword: [snip] ``` And the new ACIs: ``` dn: ou=5apps.com,cn=users,dc=kosmos,dc=org changetype: modify replace: aci aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole") (version 3.0; acl "xmpp-5apps-read-search"; allow (read,search) userdn="ldap:///cn=xmpp,ou=5apps.com,cn=users,dc=kosmos,dc=org";) aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-5apps-change-password"; allow (write) userdn="ldap:///cn=xmpp,ou=5apps.com,cn=users,dc=kosmos,dc=org";) aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-5apps-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org";) aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-5apps-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org";) dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org changetype: modify replace: aci aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///cn=xmpp,ou=kosmos.org,cn=users,dc=kosmos,dc=org";) aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///cn=wiki,ou=kosmos.org,cn=users,dc=kosmos,dc=org";) aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///cn=xmpp,ou=kosmos.org,cn=users,dc=kosmos,dc=org";) aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";) aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";) aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";) ``` Refs #140
This commit is contained in:
parent
6fa89b3c25
commit
d7ad95fb3f
|
@ -1,23 +1,23 @@
|
|||
{
|
||||
"id": "mediawiki",
|
||||
"db_pass": {
|
||||
"encrypted_data": "KfJnSZ5/8WBYXik5TE1SOZTZMhMObSzZpXX17Mygwx0eGqo29sBIQwbAI0+A\nKfe1N4DuyyQpBjNDpmi+yiIjBuG4RfUj\n",
|
||||
"iv": "zGkF0xLeyjXA1aUc\n",
|
||||
"auth_tag": "7U/g32H1SfJHdZSECmgU1A==\n",
|
||||
"encrypted_data": "bkvlD9N8a2EAoBDRcJ5Yhio7vQPnc5qMxH3Of/A/epieJZXBudkYrDaQZmbu\nSwYseFveqEleys4IbI+zTOaBN5LejDpH\n",
|
||||
"iv": "OPbDsQjNBP7Yabsx\n",
|
||||
"auth_tag": "0cl2nkL0V07cWC5SZjNXBA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"ldap_user": {
|
||||
"encrypted_data": "CerXTmZNO3mbzevNFn/qbtdeOWx37qFOyCuKznRw9I+nSl+hZ3dP6PUJ+iIg\nSAM2ebvwHyXC1Jz+Aah0AFjw+D+7\n",
|
||||
"iv": "wi5xB/lUm3AQtkTZ\n",
|
||||
"auth_tag": "WhdFRt/rlkfmBb9pb9tkvw==\n",
|
||||
"encrypted_data": "+iKtv/pB8rU0kJYlhr/KNUM63uG5RpDUCduW9sakxwaMs7V5JetSdaUmabIk\np8EiF5FDvYLUWqq5SOblTfPELMY3C0j5XwgxDKo=\n",
|
||||
"iv": "ynjajkZHawmcE81H\n",
|
||||
"auth_tag": "cxcsojaQW8dFZHR50QnZjw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"ldap_password": {
|
||||
"encrypted_data": "RZmfQbctKnPGJm97ZMMrtDFGYx8sPzlJIy3saeUXugEEL3HtE39s\n",
|
||||
"iv": "taEQ/4xRIrQCIkR9\n",
|
||||
"auth_tag": "2mdevdW0Oh/l/cKCyePW3Q==\n",
|
||||
"encrypted_data": "Kb5/RiGyXEf0X4KAgprCrZU+lFaWYuu6gjSXanujWxXx5YUdQLzZ\n",
|
||||
"iv": "U1JBexbrnmJ4HNSZ\n",
|
||||
"auth_tag": "LDeG8mOM5iLxy/VslTakSg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue