Multi-Region: Support shared LDAP service
Decouple NSLCD from the open-ldap SM service and manage it by PMOND instead. This is needed because in the Shared LDAP case, we deprovision the open-ldap service on the Secondary Region which renders NSLCD unmanaged. Additionally, we allow the Secondary Region or Sub Clouds to bind anonymously, but still need to support LDAP read operations in these regions such as ldapfinger or lsldap. For this purpose, the ldapscripts runtime library has been modified to allow anonymous binds during LDAP search operations. Change-Id: I3d4a709d058963be61a0311a539cd020f54118d6 Signed-off-by: Jack Ding <jack.ding@windriver.com> Signed-off-by: Scott Little <scott.little@windriver.com>
This commit is contained in:
parent
69be80651e
commit
8c1837205d
@ -1,3 +1,3 @@
|
||||
COPY_LIST="files/* \
|
||||
$CGCS_BASE/downloads/ldapscripts-2.0.8.tgz"
|
||||
TIS_PATCH_VER=1
|
||||
TIS_PATCH_VER=2
|
||||
|
@ -21,6 +21,7 @@ Patch2: log_timestamp.patch
|
||||
Patch3: ldap-user-setup-support.patch
|
||||
Patch4: ldap-user-setup-support-input-validation.patch
|
||||
Patch5: ldap-user-setup-noninteractive-mode-fix.patch
|
||||
Patch6: allow-anonymous-bind-for-ldap-search.patch
|
||||
|
||||
%define debug_package %{nil}
|
||||
|
||||
@ -39,6 +40,7 @@ Shell scripts that allow to manage POSIX accounts (users, groups, machines) in a
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
|
||||
|
||||
%build
|
||||
|
@ -0,0 +1,38 @@
|
||||
From bee43b9f75ee7a2cee0391319528264014d775f7 Mon Sep 17 00:00:00 2001
|
||||
From: Kam Nasim <kam.nasim@windriver.com>
|
||||
Date: Mon, 16 Apr 2018 14:58:03 -0400
|
||||
Subject: [PATCH] ldapscripts - allow anonymous bind for ldap search
|
||||
|
||||
---
|
||||
lib/runtime | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/runtime b/lib/runtime
|
||||
index 012ac95..18acf3f 100644
|
||||
--- a/lib/runtime
|
||||
+++ b/lib/runtime
|
||||
@@ -197,8 +197,11 @@ _ldapsearch () {
|
||||
elif [ -n "$BINDPWDFILE" ]
|
||||
then
|
||||
$LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE"
|
||||
- else
|
||||
+ elif [ -n "$BINDPWD" ]
|
||||
+ then
|
||||
$LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -w "$BINDPWD" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE"
|
||||
+ else
|
||||
+ $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -785,7 +788,7 @@ then
|
||||
then
|
||||
warn_log "Warning : using command-line passwords, ldapscripts may not be safe"
|
||||
else
|
||||
- end_die "Unable to read password file $BINDPWDFILE, exiting..."
|
||||
+ warn_log "Warning: Unable to read password file $BINDPWDFILE, binding anonymously..."
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
--
|
||||
1.8.3.1
|
||||
|
Loading…
Reference in New Issue
Block a user