commit 6c0909286c2a36397c1e284740cf87666ec51ef0
Author: Karla Felix <email address hidden>
Date: Tue Feb 20 11:47:56 2024 -0300
Set TLS config for openldap
This commit is setting a minimum tls version and setting a rule
to avoid the use of weak cipher by openldap.
Test Plan:
PASS: Run build-pkgs -c -p openldap-config
PASS: Run build-image with the changes for openldap-config present.
PASS: Run 'nmap --script ssl-enum-ciphers' to the desired port to see
if it is only using tls1.2 and tls1.3.
PASS: Create ldap users on system controller with ldapusersetup.
Verify that user is synchronized to subcloud
Do ldapfinger <username> on subcloud and verify the user is returned
ssh with the user in the subcloud. Verify login goes through.
Run commands with sudo and verify that sudo works without issues
PASS: Run a full setup of an AIO-SX and verify the status of slapd
service.
Closes-Bug: 2054813
Change-Id: Iabbc5c877256b4f886706cf7601ea26e5ab54d28
Signed-off-by: Karla Felix <email address hidden>
Reviewed: https:/ /review. opendev. org/c/starlingx /config- files/+ /909605 /opendev. org/starlingx/ config- files/commit/ 6c0909286c2a363 97c1e284740cf87 666ec51ef0
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 6c0909286c2a363 97c1e284740cf87 666ec51ef0
Author: Karla Felix <email address hidden>
Date: Tue Feb 20 11:47:56 2024 -0300
Set TLS config for openldap
This commit is setting a minimum tls version and setting a rule
to avoid the use of weak cipher by openldap.
Test Plan:
PASS: Run build-pkgs -c -p openldap-config
PASS: Run build-image with the changes for openldap-config present.
PASS: Run 'nmap --script ssl-enum-ciphers' to the desired port to see
if it is only using tls1.2 and tls1.3.
PASS: Create ldap users on system controller with ldapusersetup.
Verify that user is synchronized to subcloud
Do ldapfinger <username> on subcloud and verify the user is returned
ssh with the user in the subcloud. Verify login goes through.
Run commands with sudo and verify that sudo works without issues
PASS: Run a full setup of an AIO-SX and verify the status of slapd
service.
Closes-Bug: 2054813
Change-Id: Iabbc5c877256b4 f886706cf7601ea 26e5ab54d28
Signed-off-by: Karla Felix <email address hidden>