aboutsummaryrefslogtreecommitdiffstats
path: root/modules/openldap/templates
Commit message (Collapse)AuthorAgeFilesLines
* Give group owner access (read - including search - and write) to owner attributeBuchan Milne2011-02-201-1/+1
|
* Index owner attributeBuchan Milne2011-02-201-1/+1
|
* - add right to users to do a CMP against group member,Michael Scherer2011-02-191-1/+1
| | | | | as the django plugin to auth against ldap ( used by transifex ) use this to determine group membership and fail if the access is not sufficient
* Let users modify their namesBuchan Milne2011-02-161-1/+1
|
* add a secondary ldap tree for testing purpose, requested by maatMichael Scherer2011-01-231-0/+10
|
* Change ACL for non-privileged users to not work on reset model, instead allowBuchan Milne2011-01-221-2/+2
| | | | | registrars to change unprivileged passwords directly
* ensure that email are unique at ldap levelMichael Scherer2010-12-171-0/+3
|
* - do not let user change their own memberOf attribute, ( even if the overlay ↵Michael Scherer2010-12-161-1/+6
| | | | may prevent it )
* let users see who is in another group ( needed for sympa )Michael Scherer2010-12-141-1/+1
|
* allow users to read memberof, and use overlay to keep the changes in syncMichael Scherer2010-12-102-1/+4
|
* Allow users to write their own sshPublicKey, and all users to read itBuchan Milne2010-11-231-1/+1
|
* Fix host access to posixAccount attrsBuchan Milne2010-11-221-1/+1
|
* - add proper access to nss_ldap user so pam_ldap auth can workMichael Scherer2010-11-221-0/+7
|
* - do not hardcode mageia.org in aclMichael Scherer2010-11-221-57/+57
|
* - do not let file with passwords to be world readable Michael Scherer2010-11-201-7/+1
| | | | | | | | ( even if being readable by apache is not good either, but needed as the password is used by apache ) - use ldaps for sympa - use the 2 new facter macro and remove the version copied everywhere - remove hardcoded domain in bugzilla and others
* Close more anon access, and open up read access to some inetOrgPerson attrs ↵Buchan Milne2010-11-091-11/+13
| | | | to users
* - replace hardcoded domain by a variable, to ease reuse of the module Michael Scherer2010-11-091-11/+13
|
* Allow a bit more access to groupsBuchan Milne2010-11-051-1/+1
|
* Try and allow users to identify the groups another user is inBuchan Milne2010-11-051-1/+5
|
* Give registrar group read access to some attributes again, and reduce users ↵Buchan Milne2010-11-051-2/+2
| | | | | | | access added in previous commit
* Open read access for users to contact-type details for nowBuchan Milne2010-11-051-1/+1
|
* Catdap needs some search access as wellBuchan Milne2010-11-051-3/+3
| | | | | Also allow catdap to write preferredLanguage
* Finalise registration ACLsBuchan Milne2010-11-053-12/+23
| | | | | | | | | Restrict anonymous access (to none) Add some additional ACLs to put back some access that previously relied on anonymous Listen on all IP addresses, and ldapi Assign localSSF matching ssf requirement, so we allow ldapi,ldaps,ldap+start_tls
* ACLs:Buchan Milne2010-11-042-4/+23
| | | | | | | | | | Add ACLs required for self-registration application to registrar system group Allow Account admins to unlock accounts (write to pwdAccountLockedTime) Allow users to update their email address and preferredLanguage Schema: Switch to rfc2307bis (replacing nis.schema and autofs.schema) Add LPK
* - add ldap config file, with ldap restricted to localhost (until we set a ↵Michael Scherer2010-10-291-0/+37
| | | | firewall or stricter acl)
* - fix the config file so it work on x86_64 and x86Michael Scherer2010-10-291-1/+5
|
* - deploy ldap with puppet on valstarMichael Scherer2010-10-282-0/+252