diff options
author | Nagaraju Goruganti <ngorugan@in.ibm.com> | 2018-11-08 03:13:38 -0600 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-11-19 21:37:57 -0500 |
commit | 3b4d06a1812566d4095524f2242e272e0b9f449f (patch) | |
tree | ee0ab69d90b48a2a67251019fb6c39eab1d21719 /phosphor-ldap-config/ldap_configuration.hpp | |
parent | d514e5dc3de8dcd305328783ae11ee8e56b27d9a (diff) | |
download | phosphor-user-manager-3b4d06a1812566d4095524f2242e272e0b9f449f.tar.gz phosphor-user-manager-3b4d06a1812566d4095524f2242e272e0b9f449f.zip |
phosphor-ldap-conf: update nslcd.conf file with tls_cacertfile info
tls_cacertfile specifies the path to the X.509 certificate for
peer authentication.
Also updated the file with "tls_reqcert hard", to force the
behavior: if no certificate is provided, or a bad certificate
is provided, the session is immediately terminated.
Tested: tested using below given commands
1.curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d \
'{"data":[true,"ldaps://<host_ip>/","cn=<user-id>,dc=Corp,dc=ibm,dc=com",\
"cn=Users,dc=Corp,dc=ibm,dc=com", "<password>",\
"xyz.openbmc_project.User.Ldap.Create.SearchScope.sub",\
"xyz.openbmc_project.User.Ldap.Create.Type.ActiveDirectory"] \
}' https://$BMC_IP//xyz/openbmc_project/user/ldap/action/CreateConfig
2.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data":true}'\
https://$BMC_IP/xyz/openbmc_project/user/ldap/config/attr/SecureLDAP
3.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d \
'{"data":"ldap://<host_ip>/"}' \
https://$BMC_IP/xyz/openbmc_project/ldap/config/attr/LDAPServerURI
when "/etc/ssl/certs/Root-CA.pem" doesn't exist on target, we get below
given exception(if we try to set SecureLDAP is true):
"DBusException: xyz.openbmc_project.Common.Error.NoCACertificate: \
Server's CA certificate has not been provided."
Change-Id: I56ffe8b08bb71307b4f2bfe9cf935b6113e4579a
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Diffstat (limited to 'phosphor-ldap-config/ldap_configuration.hpp')
-rw-r--r-- | phosphor-ldap-config/ldap_configuration.hpp | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/phosphor-ldap-config/ldap_configuration.hpp b/phosphor-ldap-config/ldap_configuration.hpp index 0dfb56d..0254d42 100644 --- a/phosphor-ldap-config/ldap_configuration.hpp +++ b/phosphor-ldap-config/ldap_configuration.hpp @@ -49,6 +49,7 @@ class Config : public ConfigIface * @param[in] bus - Bus to attach to. * @param[in] path - The D-Bus object path to attach at. * @param[in] filePath - LDAP configuration file. + * @param[in] caCertFile - LDAP's CA certificate file. * @param[in] secureLDAP - Specifies whether to use SSL or not. * @param[in] lDAPServerURI - LDAP URI of the server. * @param[in] lDAPBindDN - distinguished name with which to bind. @@ -61,8 +62,9 @@ class Config : public ConfigIface */ Config(sdbusplus::bus::bus& bus, const char* path, const char* filePath, - bool secureLDAP, std::string lDAPServerURI, std::string lDAPBindDN, - std::string lDAPBaseDN, std::string&& lDAPBindDNPassword, + const char* caCertFile, bool secureLDAP, std::string lDAPServerURI, + std::string lDAPBindDN, std::string lDAPBaseDN, + std::string&& lDAPBindDNPassword, ldap_base::Config::SearchScope lDAPSearchScope, ldap_base::Config::Type lDAPType, ConfigMgr& parent); @@ -112,6 +114,7 @@ class Config : public ConfigIface private: std::string configFilePath{}; + std::string tlsCacertFile{}; std::string lDAPBindDNPassword{}; /** @brief Persistent sdbusplus D-Bus bus connection. */ @@ -144,10 +147,10 @@ class ConfigMgr : public CreateIface * @param[in] bus - Bus to attach to. * @param[in] path - Path to attach at. * @param[in] filePath - LDAP configuration file. - * @param[in] caCertfile - LDAP's CA certificate file. + * @param[in] caCertFile - LDAP's CA certificate file. */ - ConfigMgr(sdbusplus::bus::bus& bus, const char* path, - const char* filePath) : + ConfigMgr(sdbusplus::bus::bus& bus, const char* path, const char* filePath, + const char* caCertFile) : CreateIface(bus, path, true), configFilePath(filePath), bus(bus) { @@ -198,7 +201,7 @@ class ConfigMgr : public CreateIface protected: std::string configFilePath{}; - std::string tlsCacertfile{}; + std::string tlsCacertFile{}; /** @brief Persistent sdbusplus D-Bus bus connection. */ sdbusplus::bus::bus& bus; |