StarlingX

  1. Bug #2054813
  2. Comment #5

Comment 5 for bug 2054813

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config-files (master)

Reviewed: https://review.opendev.org/c/starlingx/config-files/+/909605
Committed: https://opendev.org/starlingx/config-files/commit/6c0909286c2a36397c1e284740cf87666ec51ef0
Submitter: "Zuul (22348)"
Branch: master

commit 6c0909286c2a36397c1e284740cf87666ec51ef0
Author: Karla Felix <email address hidden>
Date: Tue Feb 20 11:47:56 2024 -0300

    Set TLS config for openldap

    This commit is setting a minimum tls version and setting a rule
    to avoid the use of weak cipher by openldap.

    Test Plan:

    PASS: Run build-pkgs -c -p openldap-config
    PASS: Run build-image with the changes for openldap-config present.
    PASS: Run 'nmap --script ssl-enum-ciphers' to the desired port to see
          if it is only using tls1.2 and tls1.3.
    PASS: Create ldap users on system controller with ldapusersetup.
          Verify that user is synchronized to subcloud
          Do ldapfinger <username> on subcloud and verify the user is returned
          ssh with the user in the subcloud. Verify login goes through.
          Run commands with sudo and verify that sudo works without issues
    PASS: Run a full setup of an AIO-SX and verify the status of slapd
          service.

    Closes-Bug: 2054813

    Change-Id: Iabbc5c877256b4f886706cf7601ea26e5ab54d28
    Signed-off-by: Karla Felix <email address hidden>