34fa57cf3d
This commit concerns only Debian deployments. The configuration
updates are required to support a secure OpenLDAP server for a Debian
installation. The following updates are applied at bootstrap:
- Configure slapd to support both "ldap" and "ldaps" protocols.
- Configure slapd to allow making updates to schema files by
setting the olcRootPW for "olcRootDN: cn=config"
Tests performed on Debian system:
PASS: Verified slapd service is listening on TCP port 636.
PASS: Schema file "olcDatabase={0}config.ldif" gets updated with
olcRootPW of the ldapadmin user.
PASS: Successful execution of ldapmodify to update schema file
"/etc/openldap/schema/cn=config.ldif".
PASS: OpenLDAP users are cached on the host in "/etc/passwd".
PASS: Successful execution of an ldapsearch command to list
OpenLDAP objects.
PASS: Add new OpenLDAP user
PASS: Integration tests with openldap certificate,
"system-openldap-local-certificate" creation at bootstrap.
PASS: Trigger openldap certificate renewal by removing the
openldap secret.
Story: 2009834
Task: 45839
Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: Ie85ffc57c9670d8063822a9a67f1aabfe8d03441