Alexandros Kosiaris has submitted this change and it was merged.
Change subject: openldap: fix sambaNTpassword aci
......................................................................
openldap: fix sambaNTpassword aci
radiusagent needs it
Change-Id: Ib2d1727c4abcad40c90ee461d45960ff90fb8470
---
M modules/openldap/templates/slapd.erb
1 file changed, 9 insertions(+), 1 deletion(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/openldap/templates/slapd.erb
b/modules/openldap/templates/slapd.erb
index ebfe05e..b55a8b7 100644
--- a/modules/openldap/templates/slapd.erb
+++ b/modules/openldap/templates/slapd.erb
@@ -134,12 +134,20 @@
checkpoint 512 30
### Access lists
+# For radius to work we need
+
+access to attrs=sambaNTPassword
+ by dn="cn=admin,<%= @suffix %>" write
+ by dn="cn=radiusagent,ou=other,<%= @suffix %>" read
+ by anonymous auth
+ by self write
+ by * none
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
-access to attrs=userPassword,shadowLastChange,sambaNTPassword
+access to attrs=userPassword,shadowLastChange
by dn="cn=admin,<%= @suffix %>" write
by anonymous auth
by self write
--
To view, visit https://gerrit.wikimedia.org/r/163758
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib2d1727c4abcad40c90ee461d45960ff90fb8470
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
