Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | - deploy dynlist overlay, so we can create dynamic group ( needed for i18n ↵ | Michael Scherer | 2011-04-21 | 1 | -0/+4 |
| | | | | svn access ) | ||||
* | Give group owner access (read - including search - and write) to owner attribute | Buchan Milne | 2011-02-20 | 1 | -1/+1 |
| | |||||
* | Index owner attribute | Buchan Milne | 2011-02-20 | 1 | -1/+1 |
| | |||||
* | - add right to users to do a CMP against group member, | Michael Scherer | 2011-02-19 | 1 | -1/+1 |
| | | | | | as the django plugin to auth against ldap ( used by transifex ) use this to determine group membership and fail if the access is not sufficient | ||||
* | Let users modify their names | Buchan Milne | 2011-02-16 | 1 | -1/+1 |
| | |||||
* | add a secondary ldap tree for testing purpose, requested by maat | Michael Scherer | 2011-01-23 | 2 | -0/+19 |
| | |||||
* | Change ACL for non-privileged users to not work on reset model, instead allow | Buchan Milne | 2011-01-22 | 1 | -2/+2 |
| | | | | | registrars to change unprivileged passwords directly | ||||
* | - rename base class, more consistent | Michael Scherer | 2011-01-06 | 1 | -2/+2 |
| | |||||
* | ensure that email are unique at ldap level | Michael Scherer | 2010-12-17 | 1 | -0/+3 |
| | |||||
* | - do not let user change their own memberOf attribute, ( even if the overlay ↵ | Michael Scherer | 2010-12-16 | 1 | -1/+6 |
| | | | | may prevent it ) | ||||
* | let users see who is in another group ( needed for sympa ) | Michael Scherer | 2010-12-14 | 1 | -1/+1 |
| | |||||
* | allow users to read memberof, and use overlay to keep the changes in sync | Michael Scherer | 2010-12-10 | 2 | -1/+4 |
| | |||||
* | since the domain name is not added automatically by openssl module, add | Michael Scherer | 2010-11-30 | 1 | -1/+1 |
| | | | | it here | ||||
* | Allow users to write their own sshPublicKey, and all users to read it | Buchan Milne | 2010-11-23 | 1 | -1/+1 |
| | |||||
* | Fix host access to posixAccount attrs | Buchan Milne | 2010-11-22 | 1 | -1/+1 |
| | |||||
* | - add proper access to nss_ldap user so pam_ldap auth can work | Michael Scherer | 2010-11-22 | 1 | -0/+7 |
| | |||||
* | - do not hardcode mageia.org in acl | Michael Scherer | 2010-11-22 | 1 | -57/+57 |
| | |||||
* | - use new class for openssl certs | Michael Scherer | 2010-11-21 | 1 | -4/+2 |
| | |||||
* | - create a self signed certificate if not present ( for test vm ) | Michael Scherer | 2010-11-21 | 1 | -0/+13 |
| | |||||
* | - do not let file with passwords to be world readable | Michael Scherer | 2010-11-20 | 1 | -7/+1 |
| | | | | | | | | ( even if being readable by apache is not good either, but needed as the password is used by apache ) - use ldaps for sympa - use the 2 new facter macro and remove the version copied everywhere - remove hardcoded domain in bugzilla and others | ||||
* | Close more anon access, and open up read access to some inetOrgPerson attrs ↵ | Buchan Milne | 2010-11-09 | 1 | -11/+13 |
| | | | | to users | ||||
* | - replace hardcoded domain by a variable, to ease reuse of the module | Michael Scherer | 2010-11-09 | 1 | -11/+13 |
| | |||||
* | Allow a bit more access to groups | Buchan Milne | 2010-11-05 | 1 | -1/+1 |
| | |||||
* | Try and allow users to identify the groups another user is in | Buchan Milne | 2010-11-05 | 1 | -1/+5 |
| | |||||
* | Give registrar group read access to some attributes again, and reduce users ↵ | Buchan Milne | 2010-11-05 | 1 | -2/+2 |
| | | | | | | | access added in previous commit | ||||
* | Open read access for users to contact-type details for now | Buchan Milne | 2010-11-05 | 1 | -1/+1 |
| | |||||
* | Catdap needs some search access as well | Buchan Milne | 2010-11-05 | 1 | -3/+3 |
| | | | | | Also allow catdap to write preferredLanguage | ||||
* | Finalise registration ACLs | Buchan Milne | 2010-11-05 | 3 | -12/+23 |
| | | | | | | | | | Restrict anonymous access (to none) Add some additional ACLs to put back some access that previously relied on anonymous Listen on all IP addresses, and ldapi Assign localSSF matching ssf requirement, so we allow ldapi,ldaps,ldap+start_tls | ||||
* | ACLs: | Buchan Milne | 2010-11-04 | 2 | -4/+23 |
| | | | | | | | | | | Add ACLs required for self-registration application to registrar system group Allow Account admins to unlock accounts (write to pwdAccountLockedTime) Allow users to update their email address and preferredLanguage Schema: Switch to rfc2307bis (replacing nis.schema and autofs.schema) Add LPK | ||||
* | - add ldap config file, with ldap restricted to localhost (until we set a ↵ | Michael Scherer | 2010-10-29 | 2 | -0/+51 |
| | | | | firewall or stricter acl) | ||||
* | - fix the config file so it work on x86_64 and x86 | Michael Scherer | 2010-10-29 | 1 | -1/+5 |
| | |||||
* | -fix templates naming | Michael Scherer | 2010-10-28 | 1 | -1/+1 |
| | |||||
* | - deploy ldap with puppet on valstar | Michael Scherer | 2010-10-28 | 3 | -0/+298 |