Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 3b4d06a1812566d4095524f2242e272e0b9f449f^! / . / phosphor-ldap-config / main.cpp
commit3b4d06a1812566d4095524f2242e272e0b9f449f[log] [tgz]
authorNagaraju Goruganti <ngorugan@in.ibm.com>Thu Nov 08 03:13:38 2018 -0600
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Mon Nov 19 21:37:57 2018 -0500
treeee0ab69d90b48a2a67251019fb6c39eab1d21719
parentd514e5dc3de8dcd305328783ae11ee8e56b27d9a [diff] [blame]
phosphor-ldap-conf: update nslcd.conf file with tls_cacertfile info

tls_cacertfile specifies the path to the X.509 certificate for
peer authentication.

Also updated the file with "tls_reqcert hard", to force the
behavior: if no certificate is provided, or a bad certificate
is provided, the session is immediately terminated.

Tested: tested using below given commands
1.curl -c cjar -b cjar -k -H "Content-Type: application/json" -X  POST -d \
  '{"data":[true,"ldaps://<host_ip>/","cn=<user-id>,dc=Corp,dc=ibm,dc=com",\
  "cn=Users,dc=Corp,dc=ibm,dc=com",  "<password>",\
  "xyz.openbmc_project.User.Ldap.Create.SearchScope.sub",\
  "xyz.openbmc_project.User.Ldap.Create.Type.ActiveDirectory"] \
}' https://$BMC_IP//xyz/openbmc_project/user/ldap/action/CreateConfig

2.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d '{"data":true}'\
  https://$BMC_IP/xyz/openbmc_project/user/ldap/config/attr/SecureLDAP

3.curl -b cjar -k -H "Content-Type: application/json" -X PUT -d \
  '{"data":"ldap://<host_ip>/"}' \
  https://$BMC_IP/xyz/openbmc_project/ldap/config/attr/LDAPServerURI

when "/etc/ssl/certs/Root-CA.pem" doesn't exist on target, we get below
given exception(if we try to set SecureLDAP is true):
"DBusException: xyz.openbmc_project.Common.Error.NoCACertificate: \
Server's CA certificate has not been provided."

Change-Id: I56ffe8b08bb71307b4f2bfe9cf935b6113e4579a
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
Signed-off-by: Nagaraju Goruganti <ngorugan@in.ibm.com>

diff --git a/phosphor-ldap-config/main.cpp b/phosphor-ldap-config/main.cpp
index e285786..adbfdd3 100644
--- a/phosphor-ldap-config/main.cpp
+++ b/phosphor-ldap-config/main.cpp

@@ -27,7 +27,8 @@
     // Add sdbusplus ObjectManager for the 'root' path of the LDAP config.
     sdbusplus::server::manager::manager objManager(bus, LDAP_CONFIG_ROOT);
 
-    phosphor::ldap::ConfigMgr mgr(bus, LDAP_CONFIG_ROOT, LDAP_CONFIG_FILE);
+    phosphor::ldap::ConfigMgr mgr(bus, LDAP_CONFIG_ROOT, LDAP_CONFIG_FILE,
+                                  TLS_CACERT_FILE);
 
     bus.request_name(LDAP_CONFIG_BUSNAME);