| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
In the createconfig path nslcd restart service is getting called twice
in a row, which not needed.
Change-Id: Ib60d43110815758360aa6f0de0478ad784cf5a5a
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
There's just one nsswitch config file now (instead of a default, an
_linux and an _ldap). Make fixes in code relevant to this.
Change-Id: I92362aac7a1f5e034cea06e9299f7e574dc2fab9
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tls_cacertfile specifies the path to the X.509 certificate for
peer authentication.
Also updated the file with "tls_reqcert hard", to force the
behavior: if no certificate is provided, or a bad certificate
is provided, the session is immediately terminated.
Tested: tested using below given commands
1.curl -c cjar -b cjar -k -H "Content-Type: application/json" -X POST -d \
'{"data":[true,"ldaps://<host_ip>/","cn=<user-id>,dc=Corp,dc=ibm,dc=com",\
"cn=Users,dc=Corp,dc=ibm,dc=com", "<password>",\
"xyz.openbmc_project.User.Ldap.Create.SearchScope.sub",\
"xyz.openbmc_project.User.Ldap.Create.Type.ActiveDirectory"] \
}' https://$BMC_IP//xyz/openbmc_project/user/ldap/action/CreateConfig
2.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data":true}'\
https://$BMC_IP/xyz/openbmc_project/user/ldap/config/attr/SecureLDAP
3.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d \
'{"data":"ldap://<host_ip>/"}' \
https://$BMC_IP/xyz/openbmc_project/ldap/config/attr/LDAPServerURI
when "/etc/ssl/certs/Root-CA.pem" doesn't exist on target, we get below
given exception(if we try to set SecureLDAP is true):
"DBusException: xyz.openbmc_project.Common.Error.NoCACertificate: \
Server's CA certificate has not been provided."
Change-Id: I56ffe8b08bb71307b4f2bfe9cf935b6113e4579a
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Added uinit tests to create and to restore config file.
Change-Id: Idf5231d46542cda1ff84241aa67aadd91a4788d6
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default nscd comes with nsswitch.conf, we had one more file for the
ldap specific version, and we copy the content from the ldap nsswitch
to the nsswitch.conf once LDAP config object gets created/deleted.
We had some inconsistency during restarting of services so thought of
clean logic where we would be having two files nsswitch_linux/nsswitch_ldap
and when ldap config object gets created we copy the nsswitch_ldap to
nsswitch.conf and when it gets deleted then copy the nsswitch_linux
to nsswitch.conf
Change-Id: I5a0af3ec82dd08fc54c7423fda1a80509769872d
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During restore path(i.e while phosphor-ldap-conf service restarts) after
parsing the file if any of the LDAP parameter(BindDN,BaseDN,URI) is
having empty value then don't create the LDAP config
object.
Before this commit the config object was not being created but
it throws a unnecessary log in the journal due to creation
of errorlog.
In restore path we don't want the errorlog.
This commit fixes the problem of creating unnecesary log in
the journal.
Change-Id: I074fe96a6c6382bc2d31e91df1275756b57c1045
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
User residing on the openLDAP server havibg the uid and the
cn attribute so no need to map the uid with cn.
Change-Id: Ie1ef9798191831d0b532b310960115c5dd8a1b33
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
update the config file with "filter group (objectclass=posixGroup)"
for OpenLdap.
Change-Id: I4a0a4693294745391d58d7ee9158c75468637f36
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Validates given URI.
Also updates secureLDAP property based on given URI. If URI is of LDAPS type,
secureLDAP is set to true, else it is set to false.
Change-Id: If96495c01a8bd911d255267ffbbbff7f28fa070b
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a reaction to below given phosphor-dbus-interfaces changes
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-dbus-interfaces/+/14595/.
and
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-dbus-interfaces/+/14718/
Change-Id: Id427d718b6fcc9b90dfb3bccb3b4cc665a107c46
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If bindDN password is being written in the file then
change the permission of the file to 640 so that it is
not world readable.
If bindDN password is not written then permission would
be 644 which is default.
Change-Id: I567285ad75e18c2a38c37918d3d3a5e61b0b39ea
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
Add "bindpw <password>" entry into nslcd.conf file only
if given password is not null.
Change-Id: Ifa4a90c6fd41d5b36c62328dcf3e9bfc38dd0ebb
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
Validate LDAP Server's URI, BaseDN and BindBN.
Change-Id: If754e17c238069e04c9e1e8735a28d54dbf221cb
TODO: Unit tests will be added in subsequent commits.
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
While creating LDAP configuration take a backup of existing config files
and restore them when LDAP configuration is disabled.
Change-Id: Id37138107311a56c5066bc66137a2d55e1e23099
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
Implement the xyz.openbmc_project.Object.Delete interface
to delete LDAP config object.
Change-Id: Ia7413fd10c91ad5c79286fbe4a00740ced42aad6
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
| |
|
|
|
|
|
|
| |
Upon startup, restore D-Bus properties from LDAP config file if
it exists.
Change-Id: I63b5a41eec8937ddbd5e8b4471936376602b6b0e
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
|
|
The application implements the xyz.openbmc_project.User.Ldap.Config
and xyz.openbmc_project.User.Ldap.Create D-Bus interfaces to create
LDAP config file(for example generate nslcd.conf)
Change-Id: Idc7cc643c4143f9bc51182019926e1dd6125da2f
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
|
