Refactor ldaps enabling for OpenLDAP
OpenLDAP does not need using ldaps protocol for secure OpenLDAP unless the OpenLDAP certificate gets created. This commit removes the ldaps enablement for OpenLDAP at all times, currently done at bootstrap. The ldaps enablement will be done only when the OpenLDAP certificate creation gets detected. It will be done by puppet configuration applied using runtime manifest. Tests performed: PASS: Check slapd daemon status after system install and no OpenLDAP certificate created and it should not have ldaps enabled. PASS: Create OpenLDAP certificate and verify it was created successfully. PASS: Trigger OpenLDAP certificate installation by removing the OpenLDAP secret. PASS: System command "certificate-list" shows the OpenLDAP certificate has been installed. PASS: Verify that ldaps has been enable and port 636 has been opened after OpenLDAP certificate was installed. PASS: OpenLDAP certificate and key files have been added to schema file “/etc/openldap/schema/cn=config.ldif”. PASS: Deletion of OpenLDAP secret triggers the creation of a new secret. PASS: Add new OpenLDAP user PASS: List all OpenLDAP users Story: 2009834 Task: 45172 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: I9c52dc1c2d95dff265ca79458e9d172f257f2e6a
This commit is contained in:
parent
6f596870cf
commit
02b3acd441
|
@ -46,7 +46,7 @@ case "$1" in
|
|||
ulimit -n $MAX_FD_COUNT
|
||||
if [ -f /etc/openldap/schema/cn=config.ldif ]; then
|
||||
start-stop-daemon --start --oknodo --quiet --exec $slapd \
|
||||
-- -h "ldap:/// ldaps:///" -F /etc/openldap/schema/
|
||||
-- -h "ldap:///" -F /etc/openldap/schema/
|
||||
RETVAL=$?
|
||||
else
|
||||
start-stop-daemon --start --oknodo --quiet --exec $slapd
|
||||
|
|
Loading…
Reference in New Issue