This is part of the change to replace nslcd with sssd to
support multiple secure ldap backends.
This change updated sysinv ldap puppet plugin to retrieve
openldap certificate and key from k8s certificate secret into
secure_system.yaml. The certificate and key will then be used by
ldap puppet to generate openldap certificate and key files for
secure openldap service.
Test Plan on Debian (SX and DX):
PASS: Package build, image build.
PASS: System deployment.
PASS: Openldap certificate and key files are generated, and slapd is
configured to use the certificate and key after controller is
unlocked.
PASS: sssd is connected to slapd on the secure port after unlock.
PASS: ldap functions work properly (ldap user creation, user login
on console and by ssh etc).
PASS: For DX system, ldap functions still work properly after swact.
Test Plan on CentOS:
PASS: ldap functions work properly (ldap user creation, user login
on console and by ssh etc)
Story: 2009834
Task: 46072
Depends-On: https://review.opendev.org/c/starlingx/metal/+/854203
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: Iec876c9b0a5698cf0b15781792443e99ddb5f4ec
ca5bd18cb6