Update slapd.conf so that openldap syncrepl over TLS

This change updated slapd.conf so that openldap syncrepl will be configured to be secure over TLS. Test Plan: PASS: DX system deployment PASS: Check syncrepl section in slapd.conf.backup, it should contain: tls_cert="/etc/ldap/certs/openldap-cert.crt" tls_key="/etc/ldap/certs/openldap-cert.key" tls_cacert="/etc/ssl/certs/ca-certificates.crt" tls_reqsan=demand Story: 2009834 Task: 46246 Depends-On: https://review.opendev.org/c/starlingx/ansible-playbooks/+/856766 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: Ia3bb31a733cb976ea9c5d0428b64f012dc9ec57e
6 months ago · 20fde03931
parent 60bcd62f38
commit 20fde03931
1 changed files with 4 additions and 0 deletions
--- a/openldap-config/source-debian/slapd.conf
+++ b/openldap-config/source-debian/slapd.conf
@ -101,6 +101,10 @@ ppolicy_use_lockout
 # syncrepl directives for each of the other masters
 syncrepl rid=000 
  provider=ldap://controller-1
+  tls_cert="/etc/ldap/certs/openldap-cert.crt"
+  tls_key="/etc/ldap/certs/openldap-cert.key"
+  tls_cacert="/etc/ssl/certs/ca-certificates.crt"
+  tls_reqsan=demand
  type=refreshAndPersist
  retry="5 5 300 +" 
  searchbase="dc=cgcs,dc=local"