Follow-up to #156
I found another issue with the initial ACI creation, while creating a
fresh VM. I thought I had fixed it in #156 but I was wrong. This time
the ACIs are really set and the code runs successfully.
The ACIs are set on the suffix, so modifying it is needed
This won't be executed on a server that is already running, this is only
done on the initial setup
Supports both primary and replica. The access rules and firewall have to
be set up outside of the custom resource, so they are part of the
recipes instead
Refs #160
This is only executed on initial creation of the instance, the
production one is using these fixed ACIs, this was only an issue with
the setup
The issue was the ACI was set at the wrong level
* Use a new read-only account instead of the admin LDAP account
* Disable the LDAPAuthorization plugin. The LDAPAuthentication2 plugin
is still used to authenticate users, but every kosmos.org user has
access to the wiki. See
https://www.mediawiki.org/wiki/Extension:PluggableAuth for the
distinction between authentication and authorization
Refs #127