* Use a new read-only account instead of the admin LDAP account
* Disable the LDAPAuthorization plugin. The LDAPAuthentication2 plugin
is still used to authenticate users, but every kosmos.org user has
access to the wiki. See
https://www.mediawiki.org/wiki/Extension:PluggableAuth for the
distinction between authentication and authorization
Refs #127
Allow users to change their own password, but nothing else (no search,
no read, no write)
This will only run when setting up the 389-dirsrv instance for the first
time, this has been applied on barnard by editing the dn (see
#128 (comment))
Closes#128
Users can log in using their LDAP account (in the
ou=users,dc=kosmos,dc=org group and with the wiki attribute set to
enabled)
Add an attribute for the ldap master server, so it can be overridden in
the development environment
Refs #107
Change the notifies property to :immediately in nginx_certbot_site. This
way the vhost template is recreated and then triggers a reload of the
nginx service. The previous code resulted in nginx not being reloaded,
as the action had already been queued earlier.
It sets up 389 Directory Server, including a TLS cert acquired using
Let's Encrypt in production (that requires ldap.kosmos.org pointing to
the server's IP)
Because of the wormhole feature between XMPP and IRC, any links to
tweets will be read by the hal8000 bots on both platforms.
This change removes the Tweet reading extension from the XMPP version of
the bot.
Because of the wormhole feature between XMPP and IRC, any links to
tweets will be read by the hal8000 bots on both platforms.
This change removes the Tweet reading extension from the IRC version of
the bot.
