From dd1ba0ac691d39e31dd62ad197c3e7f9a4574f9a Mon Sep 17 00:00:00 2001
From: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Date: Mon, 8 Aug 2022 14:13:23 -0300
Subject: [PATCH] Reformat certs.ldif content
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit updates the certs.ldif content to a compressed format to
eliminate possible failure in the python execution of ldapmodify on
Debian.
The following OpenLDAP configuration updates will be applied
during host-unlock using puppet implementation:
- Copy the TLS/SSL certificate and key from Kubernetes repository to
"/etc/openldap/certs" directory in files "openldap-cert.crt" and
"openldap-key.key".
- Set the owner and group for openldap ".crt" and ".key" files.
- Configure the TLS/SSL certificate and key files in the ldap
schema file “/etc/openldap/schema/cn=config.ldif”.

Tests Plan:

PASS: Check that the openldap certificate and key files are correctly
      created in "/etc/ldap/certs".
PASS: Check that the ownership of the openldap certificate and key files
      is "openldap:openldap".
PASS: Verify that system command "certificate-list" shows the openldap
      certificate has been installed.
PASS: Verify that the openldap certificate and key files have been added
      to the schema file “/etc/ldap/schema/cn=config.ldif”.
PASS: Verify that the deletion of openldap secret triggers the creation
      of a new secret and update of certificate and key files in
      "/etc/ldap/certs" directory.
PASS: Verify that there are no errors related to ldapmodify in puppet
      logs.

Story: 2009834
Task: 45975

Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
Change-Id: I5bc9a3f6077f71bd36687dad609680156cf9e001
---
 openldap-config/source-debian/certs.ldif | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/openldap-config/source-debian/certs.ldif b/openldap-config/source-debian/certs.ldif
index 3011d0c..2c09d17 100644
--- a/openldap-config/source-debian/certs.ldif
+++ b/openldap-config/source-debian/certs.ldif
@@ -2,9 +2,7 @@ dn: cn=config
 changetype: modify
 replace: olcTLSCertificateKeyFile
 olcTLSCertificateKeyFile: /etc/ldap/certs/openldap-cert.key
-
-dn: cn=config
-changetype: modify
+-
 replace: olcTLSCertificateFile
 olcTLSCertificateFile: /etc/ldap/certs/openldap-cert.crt