aboutsummaryrefslogtreecommitdiffstats
path: root/modules/openldap
Commit message (Collapse)AuthorAgeFilesLines
* Fix host access to posixAccount attrsBuchan Milne2010-11-221-1/+1
|
* - add proper access to nss_ldap user so pam_ldap auth can workMichael Scherer2010-11-221-0/+7
|
* - do not hardcode mageia.org in aclMichael Scherer2010-11-221-57/+57
|
* - use new class for openssl certsMichael Scherer2010-11-211-4/+2
|
* - create a self signed certificate if not present ( for test vm )Michael Scherer2010-11-211-0/+13
|
* - do not let file with passwords to be world readable Michael Scherer2010-11-201-7/+1
| | | | | | | | ( even if being readable by apache is not good either, but needed as the password is used by apache ) - use ldaps for sympa - use the 2 new facter macro and remove the version copied everywhere - remove hardcoded domain in bugzilla and others
* Close more anon access, and open up read access to some inetOrgPerson attrs ↵Buchan Milne2010-11-091-11/+13
| | | | to users
* - replace hardcoded domain by a variable, to ease reuse of the module Michael Scherer2010-11-091-11/+13
|
* Allow a bit more access to groupsBuchan Milne2010-11-051-1/+1
|
* Try and allow users to identify the groups another user is inBuchan Milne2010-11-051-1/+5
|
* Give registrar group read access to some attributes again, and reduce users ↵Buchan Milne2010-11-051-2/+2
| | | | | | | access added in previous commit
* Open read access for users to contact-type details for nowBuchan Milne2010-11-051-1/+1
|
* Catdap needs some search access as wellBuchan Milne2010-11-051-3/+3
| | | | | Also allow catdap to write preferredLanguage
* Finalise registration ACLsBuchan Milne2010-11-053-12/+23
| | | | | | | | | Restrict anonymous access (to none) Add some additional ACLs to put back some access that previously relied on anonymous Listen on all IP addresses, and ldapi Assign localSSF matching ssf requirement, so we allow ldapi,ldaps,ldap+start_tls
* ACLs:Buchan Milne2010-11-042-4/+23
| | | | | | | | | | Add ACLs required for self-registration application to registrar system group Allow Account admins to unlock accounts (write to pwdAccountLockedTime) Allow users to update their email address and preferredLanguage Schema: Switch to rfc2307bis (replacing nis.schema and autofs.schema) Add LPK
* - add ldap config file, with ldap restricted to localhost (until we set a ↵Michael Scherer2010-10-292-0/+51
| | | | firewall or stricter acl)
* - fix the config file so it work on x86_64 and x86Michael Scherer2010-10-291-1/+5
|
* -fix templates namingMichael Scherer2010-10-281-1/+1
|
* - deploy ldap with puppet on valstarMichael Scherer2010-10-283-0/+298