Set the ACIs on the base DN
Allow users to change their own password, but nothing else (no search, no read, no write) This will only run when setting up the 389-dirsrv instance for the first time, this has been applied on barnard by editing the dn (see #128 (comment)) Closes #128
This commit is contained in:
parent
396cc344fb
commit
e56faab5b1
|
@ -2,3 +2,5 @@ dn: ou=users,dc=kosmos,dc=org
|
|||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: users
|
||||
aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
|
||||
aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)
|
||||
|
|
|
@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
|
|||
license 'MIT'
|
||||
description 'Installs/Configures 389 Directory Server'
|
||||
long_description 'Installs/Configures 389 Directory Server'
|
||||
version '0.1.1'
|
||||
version '0.1.2'
|
||||
chef_version '>= 14.0'
|
||||
|
||||
depends "firewall"
|
||||
|
|
Loading…
Reference in New Issue