Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 5d00cf2560f387aa3ca4c58be5ec173fe289f0e5^! / . / configure.ac
commit5d00cf2560f387aa3ca4c58be5ec173fe289f0e5[log] [tgz]
authorZbigniew Kurzynski <zbigniew.kurzynski@intel.com>Thu Oct 03 12:10:20 2019 +0200
committerRatan Gupta <ratagupt@linux.vnet.ibm.com>Wed Nov 06 10:50:48 2019 +0000
tree5584b00ff7d27cde2df7f1da82fea3aa46326e2c
parent7c6e7cffaf061aabfe5489ef52442e2f7cbd0fb7 [diff] [blame]
Support uploading multiple certificates for ldap configuration

This code change regards replacing a path to CA file with directory
location holding multiple CA files within it.

Implementation assumes that one can still define TLS_CACERT_FILE as
either a single CA file or directory location.
Depending if the path points to a file or a directory a proper
value will be set in /etc/nslcd.conf

This code change depends on another change requests:
https://gerrit.openbmc-project.xyz/c/openbmc/meta-phosphor/+/25987
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/23348

Tested:
   Manually tested, all changes propagate properly to
   /etc/nslcd.conf file.
   Unit Tests are passing.

Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Depends-On: Icd33723c1fc2580679aaaf54b3e99dfb09342402
Depends-On: Ia02c552eb27744e45ccfff3b3a1232d10e65da74
Change-Id: I85dabd4841018f04b0b9e9b58dca9579e7ff1999

diff --git a/configure.ac b/configure.ac
index baa84a4..7f487ca 100644
--- a/configure.ac
+++ b/configure.ac

@@ -67,9 +67,9 @@
 AS_IF([test "x$LDAP_CONFIG_FILE" == "x"], [LDAP_CONFIG_FILE="/etc/nslcd.conf"])
 AC_DEFINE_UNQUOTED([LDAP_CONFIG_FILE], ["$LDAP_CONFIG_FILE"], [Path of LDAP configuration file])
 
-AC_ARG_VAR(TLS_CACERT_FILE, [Path of LDAP server's CA certificate])
-AS_IF([test "x$TLS_CACERT_FILE" == "x"], [TLS_CACERT_FILE="/etc/ssl/certs/Root-CA.pem"])
-AC_DEFINE_UNQUOTED([TLS_CACERT_FILE], ["$TLS_CACERT_FILE"], [Path of LDAP server's CA certificate])
+AC_ARG_VAR(TLS_CACERT_PATH, [Path of LDAP server's CA certificate])
+AS_IF([test "x$TLS_CACERT_PATH" == "x"], [TLS_CACERT_PATH="/etc/ssl/certs/authority"])
+AC_DEFINE_UNQUOTED([TLS_CACERT_PATH], ["$TLS_CACERT_PATH"], [Path of LDAP server's CA certificate])
 
 AC_ARG_VAR(TLS_CERT_FILE, [Path of LDAP's client certificate])
 AS_IF([test "x$TLS_CERT_FILE" == "x"], [TLS_CERT_FILE="/etc/nslcd/certs/cert.pem"])