commit f23c001f529113749c9258c585d99cea373c517d
Author: Andy Ning <email address hidden>
Date: Thu Oct 20 14:38:36 2022 -0400
Fix ldapsearch require sudo
Currently ldapsearch with non-root user will query openldap on
the insecure port (389), ldapsearch with "-H ldaps://<domain>"
will fail. This is because when non-root user runs ldapsearch,
it will look for a user specific configuration file (rather
than the system wide one at /etc/ldap/ldap.conf), and if there
is no one, it will use internal default.
This change added a ldap configuration file for sysadmin.
Test Plan:
PASS: system deployment
PASS: On AIO-SX system, query openldap users as sysadmin by ldapsearch -xH ldaps://controller -b "ou=People, dc=cgcs,dc=local"
Verify the query complete successfully.
PASS: On AIO-SX system, query openldap users as sysadmin by ldapsearch -x -b "ou=People,dc=cgcs,dc=local -d 1"
Verify the query is on secure port (636) and complete successfully.
PASS: On DC subcloud, query openldap users as sysadmin by ldapsearch -xH ldaps://<system controller mgmt IP>
-b "ou=People,dc=cgcs,dc=local"
Verify the query complete successfully.
PASS: On DC subcloud, query openldap users as sysadmin by ldapsearch -x -b "ou=People,dc=cgcs,dc=local -d 1"
Verify the query is on secure port (636) and complete successfully.
Closes-Bug: 1993734
Signed-off-by: Andy Ning <email address hidden>
Change-Id: I25e49235cfc743fc2938f973cf0cc4b3859a4d49
Reviewed: https:/ /review. opendev. org/c/starlingx /stx-puppet/ +/862186 /opendev. org/starlingx/ stx-puppet/ commit/ f23c001f5291137 49c9258c585d99c ea373c517d
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit f23c001f5291137 49c9258c585d99c ea373c517d
Author: Andy Ning <email address hidden>
Date: Thu Oct 20 14:38:36 2022 -0400
Fix ldapsearch require sudo
Currently ldapsearch with non-root user will query openldap on ldap.conf) , and if there
the insecure port (389), ldapsearch with "-H ldaps://<domain>"
will fail. This is because when non-root user runs ldapsearch,
it will look for a user specific configuration file (rather
than the system wide one at /etc/ldap/
is no one, it will use internal default.
This change added a ldap configuration file for sysadmin.
Test Plan:
ldapsearch -xH ldaps://controller -b "ou=People,
dc=cgcs, dc=local"
ldapsearch -x -b "ou=People, dc=cgcs, dc=local -d 1"
successfully .
ldapsearch -xH ldaps://<system controller mgmt IP> dc=cgcs, dc=local"
ldapsearch -x -b "ou=People, dc=cgcs, dc=local -d 1"
successfully .
PASS: system deployment
PASS: On AIO-SX system, query openldap users as sysadmin by
Verify the query complete successfully.
PASS: On AIO-SX system, query openldap users as sysadmin by
Verify the query is on secure port (636) and complete
PASS: On DC subcloud, query openldap users as sysadmin by
-b "ou=People,
Verify the query complete successfully.
PASS: On DC subcloud, query openldap users as sysadmin by
Verify the query is on secure port (636) and complete
Closes-Bug: 1993734 fc2938f973cf0cc 4b3859a4d49
Signed-off-by: Andy Ning <email address hidden>
Change-Id: I25e49235cfc743