Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							bf60f9fca8 
							
						 
					 
					
						
						
							
							Add the Chef client public keys for andromeda and barnard  
						
						
						
						
					 
					
						2020-05-14 15:34:10 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							773aa3ddee 
							
						 
					 
					
						
						
							
							Update node configs  
						
						
						
						
					 
					
						2020-05-14 15:29:25 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							3c905dd51e 
							
						 
					 
					
						
						
							
							Merge branch 'feature/160-postgres_replication' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-14 13:10:34 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							da278822f6 
							
						 
					 
					
						
						
							
							Use the new postgresql_primary role on andromeda  
						
						
						
						
					 
					
						2020-05-14 15:09:33 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							18973fe4f6 
							
						 
					 
					
						
						
							
							Remove the deleted tls property from the resources  
						
						
						
						
					 
					
						2020-05-14 15:09:15 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							fbf610a643 
							
						 
					 
					
						
						
							
							Merge branch 'master' into feature/160-postgres_replication  
						
						
						
						
					 
					
						2020-05-14 15:06:00 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							069090bf44 
							
						 
					 
					
						
						
							
							Remove TODOs  
						
						... 
						
						
						
						Access rules will not be part of this cookbook, they need to be added to
the cookbooks that use a PostgreSQL database 
						
						
					 
					
						2020-05-14 13:15:47 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							dd92d6cdb7 
							
						 
					 
					
						
						
							
							Remove deploying the root cert to clients from the README  
						
						... 
						
						
						
						We do not want to verify the root cert so this is not needed 
						
						
					 
					
						2020-05-14 13:14:42 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							124ee5e6f3 
							
						 
					 
					
						
						
							
							Update the README  
						
						
						
						
					 
					
						2020-05-14 12:36:20 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							0063776297 
							
						 
					 
					
						
						
							
							Remove unused dependencies  
						
						
						
						
					 
					
						2020-05-13 19:11:00 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							8d2ab785fc 
							
						 
					 
					
						
						
							
							Use a self-signed TLS certificate for PostgreSQL  
						
						
						
						
					 
					
						2020-05-13 19:10:14 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							84cb3de4a0 
							
						 
					 
					
						
						
							
							Remove outdated comment  
						
						... 
						
						
						
						This was the case when the code lived inside of the custom resource 
						
						
					 
					
						2020-05-13 19:04:12 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							f3f8e47cce 
							
						 
					 
					
						
						
							
							Add replication_password to the postgresql credentials  
						
						
						
						
					 
					
						2020-05-13 15:35:34 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							51b23c2f47 
							
						 
					 
					
						
						
							
							Add postgresql roles  
						
						
						
						
					 
					
						2020-05-13 15:35:15 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							eb98aa1bac 
							
						 
					 
					
						
						
							
							Clarify the firewall and client authentication rules  
						
						
						
						
					 
					
						2020-05-12 16:04:58 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							0180da1aa6 
							
						 
					 
					
						
						
							
							Fix a typo in the README  
						
						
						
						
					 
					
						2020-05-12 15:59:55 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							254f9020ae 
							
						 
					 
					
						
						
							
							Enable firewall rules to allow primary/replica to connect  
						
						
						
						
					 
					
						2020-05-12 12:10:10 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							80c7263a72 
							
						 
					 
					
						
						
							
							Upgrade PostgreSQL from 10 to 12  
						
						... 
						
						
						
						Refs #160  
						
						
					 
					
						2020-05-11 18:26:57 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							b22a7e3c0f 
							
						 
					 
					
						
						
							
							Update the postgresql upstream cookbook  
						
						
						
						
					 
					
						2020-05-11 18:26:35 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							21119fff08 
							
						 
					 
					
						
						
							
							Add a custom resource to set up PostgreSQL 12  
						
						... 
						
						
						
						Supports both primary and replica. The access rules and firewall have to
be set up outside of the custom resource, so they are part of the
recipes instead
Refs #160  
						
						
					 
					
						2020-05-11 18:23:11 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							0aae86b545 
							
						 
					 
					
						
						
							
							Merge branch 'feature/turn_ip_config' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-02 12:43:38 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							4448ec2173 
							
						 
					 
					
						
						
							
							Configure TURN properly  
						
						... 
						
						
						
						Was missing a couple of necessary properties, and is now using an
explicit port range for TURN, and opening those ports in UFW. 
						
						
					 
					
						2020-05-02 14:07:14 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							0bcb2597e8 
							
						 
					 
					
						
						
							
							Update node info  
						
						
						
						
					 
					
						2020-05-02 12:41:30 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							136fc84c4f 
							
						 
					 
					
						
						
							
							Merge branch 'feature/159-ejabberd_stun_turn' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-05-02 10:01:15 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							ef2fa2da72 
							
						 
					 
					
						
						
							
							Configure STUN/TURN  
						
						... 
						
						
						
						Configures built-in STUN/TURN support, and adds the new service discovery
module for it. 
						
						
					 
					
						2020-05-01 16:25:38 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							35a56aa221 
							
						 
					 
					
						
						
							
							Update version to 20.04  
						
						
						
						
					 
					
						2020-05-01 14:55:13 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							53d53f2375 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/152-remove_encryption_keys_tls' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-30 15:50:26 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							ee13c3cbe9 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/153-update_ejabberd_20.03' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-21 13:38:53 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							4c1879b84e 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/ldap_invalid_aci' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-21 11:22:50 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							1c920a8cb2 
							
						 
					 
					
						
						
							
							Remove the encryption keys after TLS cert renewal  
						
						... 
						
						
						
						This is done with awk, this was the best way I found to perform the
multi-line deletion. It deletes both the AES AND 3DES sections
The keys will be recreated on service restart
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/ssl-and-attr-encryption 
Closes  #152  
						
						
					 
					
						2020-04-20 19:11:34 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							5e3c8066f9 
							
						 
					 
					
						
						
							
							Add the missing certbot command to generate the LDAP TLS cert  
						
						... 
						
						
						
						This had been done manually on barnard. This will not be executed on
barnard again since the cert exists 
						
						
					 
					
						2020-04-20 19:10:15 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							d01c9a4d0a 
							
						 
					 
					
						
						
							
							Fix the name of the deploy certbot hook  
						
						
						
						
					 
					
						2020-04-20 19:09:43 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							3ca8ab45da 
							
						 
					 
					
						
						
							
							Fix the invalid ACIs on initial creation  
						
						... 
						
						
						
						This is only executed on initial creation of the instance, the
production one is using these fixed ACIs, this was only an issue with
the setup
The issue was the ACI was set at the wrong level 
						
						
					 
					
						2020-04-20 19:00:28 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							db8bb44c8b 
							
						 
					 
					
						
						
							
							Update ejabberd to 20.03  
						
						... 
						
						
						
						The download URL has changed, they removed a prefix
Closes  #153  
						
						
					 
					
						2020-04-20 14:53:08 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							f5dd2c7de9 
							
						 
					 
					
						
						
							
							Fix the command importing the schema on db creation  
						
						... 
						
						
						
						It had an extra }, but this only fails when creating the databases 
						
						
					 
					
						2020-04-20 14:52:11 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							f5bdc3e892 
							
						 
					 
					
						
						
							
							Merge branch 'doc/ldap' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-20 09:29:34 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							73e87f8f45 
							
						 
					 
					
						
						
							
							Improve LDAP example command  
						
						... 
						
						
						
						We should not log passwords in bash history files. This change will
prompt the user for the password instead. 
						
						
					 
					
						2020-04-19 13:01:39 +02:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							4f1bf768ee 
							
						 
					 
					
						
						
							
							Merge branch 'feature/hal8000_zoom' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-04-16 20:19:30 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
						
						
						
							
						
						
							cc4c8fb903 
							
						 
					 
					
						
						
							
							Add hubot-kredits Zoom config  
						
						
						
						
					 
					
						2020-04-16 17:52:28 +02:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							43736cd8e9 
							
						 
					 
					
						
						
							
							Move the debug logs env variable to an attribute  
						
						... 
						
						
						
						Set it to 'sockethub*' for now as Nick advised, see
#91  
						
						
					 
					
						2020-03-25 17:51:28 +01:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							29a5947d18 
							
						 
					 
					
						
						
							
							Deploy Sockethub from the npm package  
						
						... 
						
						
						
						This is currently 3.1.4 and is set as an attribute. The recipe is very
simple now, it installs the npm package, and the systemd service runs
/usr/bin/sockethub and sets the environment variables
Closes  #145  
						
						
					 
					
						2020-03-25 12:43:39 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							a3b95463fa 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/mediawiki_extensions_deleted_releases' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-03-04 15:07:22 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							d7363d662b 
							
						 
					 
					
						
						
							
							Switch the Mediawiki extensions to GitHub zips  
						
						... 
						
						
						
						This fixes the annoying issue of Mediawiki only keeping one revision of
each branch 
						
						
					 
					
						2020-03-04 16:03:12 +01:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							7fa11089b1 
							
						 
					 
					
						
						
							
							Merge branch 'bugfix/ejabberd_restart_config_vhost_change' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-03-04 13:45:10 +00:00 
						 
				 
			
				
					
						
					 
					
						
						
						
						
							
						
						
							970a1b6a3a 
							
						 
					 
					
						
						
							
							Merge branch 'feature/136-ejabberd_20.02' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-03-04 13:33:52 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							a68ae78689 
							
						 
					 
					
						
						
							
							Update ejabberd to 20.02  
						
						... 
						
						
						
						It includes a fix to the reload_config command that prevented us from
running a version newer than 19.05
Closes  #136  
						
						
					 
					
						2020-03-04 13:28:13 +01:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							6cd0fa039e 
							
						 
					 
					
						
						
							
							Restart ejabberd service when changing a vhost config  
						
						... 
						
						
						
						I have ran into an issue, changes to the LDAP config for a host are
currently only loaded on startup, not on reload
https://github.com/processone/ejabberd/issues/3181 
This should be fixed once
b39a1e2d74 
						
						
					 
					
						2020-03-04 13:23:54 +01:00 
						 
				 
			
				
					
						
							
							
								gregkare 
							
						 
					 
					
						
						
						
						
							
						
						
							081222b75c 
							
						 
					 
					
						
						
							
							Merge branch 'feature/140-ldap_application_accounts' of kosmos/chef into master  
						
						
						
						
					 
					
						2020-02-27 10:45:46 +00:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							d7ad95fb3f 
							
						 
					 
					
						
						
							
							Switch the mediawiki LDAP setup to a new application account  
						
						... 
						
						
						
						Needs the new directory structure:
```
dn: cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users
dn: ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
ou: kosmos.org
dn: ou=5apps.com,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: 5apps
ou: 5apps.com
dn: uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: wiki
userPassword: [snip]
dn: uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: [snip]
dn: uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: [snip]
```
And the new ACIs:
```
dn: ou=5apps.com,cn=users,dc=kosmos,dc=org
changetype: modify
replace: aci
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole") (version 3.0; acl "xmpp-5apps-read-search"; allow (read,search) userdn="ldap:///cn=xmpp,ou=5apps.com,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-5apps-change-password"; allow (write) userdn="ldap:///cn=xmpp,ou=5apps.com,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-5apps-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-5apps-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org";)
dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
changetype: modify
replace: aci
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///cn=xmpp,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///cn=wiki,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///cn=xmpp,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
```
Refs #140  
						
						
					 
					
						2020-02-21 18:04:48 +01:00 
						 
				 
			
				
					
						
							
							
								Greg Karékinian 
							
						 
					 
					
						
						
						
						
							
						
						
							6fa89b3c25 
							
						 
					 
					
						
						
							
							Switch the ejabberd LDAP setup to a new application account  
						
						... 
						
						
						
						Needs the new directory structure:
```
dn: cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalRole
cn: users
dn: ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
ou: kosmos.org
dn: ou=5apps.com,cn=applications,dc=kosmos,dc=org
objectClass: top
objectClass: organizationalUnit
description: 5apps
ou: 5apps.com
dn: uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: wiki
userPassword: [snip]
dn: uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: [snip]
dn: uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org
objectClass: simpleSecurityObject
objectClass: account
uid: xmpp
userPassword: [snip]
```
And the new ACIs:
```
dn: ou=5apps.com,cn=users,dc=kosmos,dc=org
changetype: modify
replace: aci
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole") (version 3.0; acl "xmpp-5apps-read-search"; allow (read,search) userdn="ldap:///cn=xmpp,ou=5apps.com,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-5apps-change-password"; allow (write) userdn="ldap:///cn=xmpp,ou=5apps.com,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-5apps-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-5apps-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=5apps.com,cn=applications,dc=kosmos,dc=org";)
dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
changetype: modify
replace: aci
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///cn=xmpp,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///cn=wiki,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///cn=xmpp,ou=kosmos.org,cn=users,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || objectClass") (version 3.0; acl "xmpp-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=wiki,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "xmpp-kosmos-change-password"; allow (write) userdn="ldap:///uid=xmpp,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
```
Refs #140  
						
						
					 
					
						2020-02-21 18:03:58 +01:00