dcc44fe3e3
This change updated ldap.pp to support disable/enable local
openldap insecure service running on port 389. This is done by a new
service parameter called insecure_service under local-openldap
section, with valid values "enabled" and "disabled".
Test Plan:
PASS: Disable openldap insecure service
- Run "system service-parameter-add identity local-openldap
insecure_service=Disabled" to set the parameter to "Disabled"
- Run "system service-parameter-apply identity --section
local-openldap" to apply the parameter.
- Run "ps -ef | grep slapd", verify slapd is running as:
/usr/sbin/slapd -h ldaps:/// -F /etc/ldap/schema/
- Run "netstat -antp | grep slapd", verify slapd is only listening
on secure port 636
- Run "ldapsearch -xH ldap://controller -b "ou=People,dc=cgcs,
dc=local" -d 1", verify that it can't contact LDAP server.
- Run "ldapsearch -xH ldaps://controller -b "ou=People,dc=cgcs,
dc=local" -d 1", verify that it return all the users.
PASS: Enable openldap insecure service
- Run "system service-parameter-add identity local-openldap
insecure_service=Enabled" to set the parameter to "Enabled"
- Run "system service-parameter-apply identity --section
local-openldap" to apply the parameter.
- Run "ps -ef | grep slapd", verify slapd is running as:
/usr/sbin/slapd -h ldap:/// ldaps:/// -F /etc/ldap/schema/
- Run "netstat -antp | grep slapd", verify slapd is listening
on secure port 636, and insecure port 389.
- Run "ldapsearch -xH ldap://controller -b "ou=People,dc=cgcs,
dc=local" -d 1", verify that it return all the users.
- Run "ldapsearch -xH ldaps://controller -b "ou=People,dc=cgcs,
dc=local" -d 1", verify that it return all the users.
Story: 2010589
Task: 47453
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: I1d64826d5f0d77c4409ed6634e9ec3094c2016c0