starlingx/config-files
Code Issues Proposed changes

Update slapd.conf so that openldap syncrepl over TLS

Browse Source 
This change updated slapd.conf so that openldap syncrepl will
be configured to be secure over TLS.

Test Plan:
PASS: DX system deployment
PASS: Check syncrepl section in slapd.conf.backup, it should contain:
      tls_cert="/etc/ldap/certs/openldap-cert.crt"
      tls_key="/etc/ldap/certs/openldap-cert.key"
      tls_cacert="/etc/ssl/certs/ca-certificates.crt"
      tls_reqsan=demand

Story: 2009834
Task: 46246
Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/856766
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Change-Id: Ia3bb31a733cb976ea9c5d0428b64f012dc9ec57e
This commit is contained in:
Andy Ning
2022-09-08 11:39:27 -04:00
parent 60bcd62f38
commit 20fde03931
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
openldap-config/source-debian/slapd.conf
View File

@@ -101,6 +101,10 @@ ppolicy_use_lockout
# syncrepl directives for each of the other masters
syncrepl rid=000
provider=ldap://controller-1
tls_cert="/etc/ldap/certs/openldap-cert.crt"
tls_key="/etc/ldap/certs/openldap-cert.key"
tls_cacert="/etc/ssl/certs/ca-certificates.crt"
tls_reqsan=demand
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=cgcs,dc=local"