TLS parameter changes or removed
Bug #1819054 reported by
Narinder Gupta
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone LDAP integration |
Expired
|
Undecided
|
Unassigned |
Bug Description
TLS parameters in Keystone.conf template file needs to be modified to make use of tls certificate. Current parameters are hardcoded. use_tls no such config in config and even ldap-server with ldaps://ip/ does not change it to true.
use_tls = {{ options.use_tls }}
tls_req_cert = demand
While customer requirement is to use
tls_req_cert = allow
use_tls = true
There are two options:
1. Add tls_req_cert as a config option and fix use_tls
2. Remove both the options so that changes can be managed using ldap-config-flags which write into the same file.
I would prefer the later one though.
Changed in charm-keystone-ldap: | |
status: | Triaged → Incomplete |
importance: | Critical → Undecided |
Changed in charm-keystone-ldap: | |
milestone: | 19.04 → 19.07 |
Changed in charm-keystone-ldap: | |
milestone: | 19.07 → 19.10 |
Changed in charm-keystone-ldap: | |
milestone: | 19.10 → 20.01 |
Changed in charm-keystone-ldap: | |
milestone: | 20.01 → 20.05 |
Changed in charm-keystone-ldap: | |
milestone: | 20.05 → 20.08 |
Changed in charm-keystone-ldap: | |
milestone: | 20.08 → none |
To post a comment you must log in.
For reference this is where the charm gets use_tls:
https:/ /github. com/openstack/ charm-keystone- ldap/blob/ master/ src/lib/ charm/openstack /keystone_ ldap.py# L74