phosphor-ldap-conf: update nslcd.conf file with tls_cacertfile info

tls_cacertfile specifies the path to the X.509 certificate for
peer authentication.

Also updated the file with "tls_reqcert hard", to force the
behavior: if no certificate is provided, or a bad certificate
is provided, the session is immediately terminated.

Tested: tested using below given commands
1.curl -c cjar -b cjar -k -H "Content-Type: application/json" -X  POST -d \
  '{"data":[true,"ldaps://<host_ip>/","cn=<user-id>,dc=Corp,dc=ibm,dc=com",\
  "cn=Users,dc=Corp,dc=ibm,dc=com",  "<password>",\
  "xyz.openbmc_project.User.Ldap.Create.SearchScope.sub",\
  "xyz.openbmc_project.User.Ldap.Create.Type.ActiveDirectory"] \
}' https://$BMC_IP//xyz/openbmc_project/user/ldap/action/CreateConfig

2.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data":true}'\
  https://$BMC_IP/xyz/openbmc_project/user/ldap/config/attr/SecureLDAP

3.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d \
  '{"data":"ldap://<host_ip>/"}' \
  https://$BMC_IP/xyz/openbmc_project/ldap/config/attr/LDAPServerURI

when "/etc/ssl/certs/Root-CA.pem" doesn't exist on target, we get below
given exception(if we try to set SecureLDAP is true):
"DBusException: xyz.openbmc_project.Common.Error.NoCACertificate: \
Server's CA certificate has not been provided."

Change-Id: I56ffe8b08bb71307b4f2bfe9cf935b6113e4579a
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>

1 files changed, 9 insertions, 6 deletions

diff --git a/phosphor-ldap-config/ldap_configuration.hpp b/phosphor-ldap-config/ldap_configuration.hpp
index 0dfb56d..0254d42 100644
--- a/phosphor-ldap-config/ldap_configuration.hpp
+++ b/phosphor-ldap-config/ldap_configuration.hpp
@@ -49,6 +49,7 @@ class Config : public ConfigIface
      *  @param[in] bus - Bus to attach to.
      *  @param[in] path - The D-Bus object path to attach at.
      *  @param[in] filePath - LDAP configuration file.
+     *  @param[in] caCertFile - LDAP's CA certificate file.
      *  @param[in] secureLDAP - Specifies whether to use SSL or not.
      *  @param[in] lDAPServerURI - LDAP URI of the server.
      *  @param[in] lDAPBindDN - distinguished name with which to bind.
@@ -61,8 +62,9 @@ class Config : public ConfigIface
      */
 
     Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath,
-           bool secureLDAP, std::string lDAPServerURI, std::string lDAPBindDN,
-           std::string lDAPBaseDN, std::string&& lDAPBindDNPassword,
+           const char* caCertFile, bool secureLDAP, std::string lDAPServerURI,
+           std::string lDAPBindDN, std::string lDAPBaseDN,
+           std::string&& lDAPBindDNPassword,
            ldap_base::Config::SearchScope lDAPSearchScope,
            ldap_base::Config::Type lDAPType, ConfigMgr& parent);
 
@@ -112,6 +114,7 @@ class Config : public ConfigIface
 
   private:
     std::string configFilePath{};
+    std::string tlsCacertFile{};
     std::string lDAPBindDNPassword{};
 
     /** @brief Persistent sdbusplus D-Bus bus connection. */
@@ -144,10 +147,10 @@ class ConfigMgr : public CreateIface
      *  @param[in] bus - Bus to attach to.
      *  @param[in] path - Path to attach at.
      *  @param[in] filePath - LDAP configuration file.
-     *  @param[in] caCertfile - LDAP's CA certificate file.
+     *  @param[in] caCertFile - LDAP's CA certificate file.
      */
-    ConfigMgr(sdbusplus::bus::bus& bus, const char* path,
-              const char* filePath) :
+    ConfigMgr(sdbusplus::bus::bus& bus, const char* path, const char* filePath,
+              const char* caCertFile) :
         CreateIface(bus, path, true),
         configFilePath(filePath), bus(bus)
     {
@@ -198,7 +201,7 @@ class ConfigMgr : public CreateIface
 
   protected:
     std::string configFilePath{};
-    std::string tlsCacertfile{};
+    std::string tlsCacertFile{};
 
     /** @brief Persistent sdbusplus D-Bus bus connection. */
     sdbusplus::bus::bus& bus;