Add support SSL/TLS enabled LDAP service
Closes-Bug: PROD-35184
Change-Id: I414ccbe40eb6869fb928864041b5b5d543602fbc
diff --git a/linux/files/nslcd.conf b/linux/files/nslcd.conf
index 4eb4134..1c2820b 100644
--- a/linux/files/nslcd.conf
+++ b/linux/files/nslcd.conf
@@ -36,9 +36,13 @@
{%- endif %}
# SSL options
-#ssl off
-#tls_reqcert never
-#tls_cacertfile /etc/ssl/certs/ca-certificates.crt
+{%- if "ldaps://" in ldap.uri %}
+ssl on
+tls_reqcert never
+tls_cacertfile /etc/ssl/certs/ca-certificates.crt
+{%- else %}
+ssl off
+{%- endif %}
# The search scope.
scope {{ ldap.scope }}
diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index 2792df3..5696151 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls
@@ -287,8 +287,8 @@
enabled: true
https: https://127.0.5.1:443
saltstack:
- source: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
- key_url: "http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/SALTSTACK-GPG-KEY.pub"
+ source: "deb [arch=amd64] http://mirror.mirantis.com/update/2019.2.0/saltstack-2017.7/xenial xenial main"
+ key_url: "http://mirror.mirantis.com/update/2019.2.0/saltstack-2017.7/xenial/SALTSTACK-GPG-KEY.pub"
name: 'human readable saltstack reponame'
architectures: amd64
clean_file: true
diff --git a/tests/pillar/system_duo.sls b/tests/pillar/system_duo.sls
index 42daeff..f8b72aa 100644
--- a/tests/pillar/system_duo.sls
+++ b/tests/pillar/system_duo.sls
@@ -45,8 +45,8 @@
enabled: true
https: https://127.0.5.1:443
saltstack:
- source: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
- key_url: "http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/SALTSTACK-GPG-KEY.pub"
+ source: "deb [arch=amd64] http://mirror.mirantis.com/update/2019.2.0/saltstack-2017.7/xenial xenial main"
+ key_url: "http://mirror.mirantis.com/update/2019.2.0/saltstack-2017.7/xenial/SALTSTACK-GPG-KEY.pub"
architectures: amd64
clean_file: true
pinning:
@@ -133,56 +133,56 @@
duo:
key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v2.0.22 (GNU/Linux)
- mQINBF25pcQBEADBIWPx6DJ+EItyXif/zgDZjsuwi/4pbd5NBHVpdsK2piteY1h4
- QG0CtfmCrwPRz/q5RlCNKLZ8HJiMrURGGwbts9BM57aVmn7C/OsPo3oOiOOpiiUA
- qFNhuTTQQ812uO+2sULt3/UdRiKUquUgNpdp6SNkNjg5lvKCOWIhKp8l3JbvI572
- 0DnSuLGP9pSyQulz7B6vsCQHq1Ib7AArxk88+9QeUmhVKbXHf0K3vaQkmm7KaveK
- fgyxJfNh6ilFBTZq8yxY362vP18goEdOl+2pK0If2r4w1gjEXVLyGaYHKqr7vVC7
- tGYDP6ibzXNDhTNbvN+XZOlk85ttu77TRiKglcuOz3rAY6OybxUo12MYGv3vntgl
- OD6XaL9+dYPVW8R5886Nq0W88wRNUa0jpY1tvO1h7j4OFvSk2xDQml8ugvbvBTZC
- XuzCx//m8UyF617nlUxY4gMs/GiWs7PlJ/Bjd8bNTaATMCdD3s3RX9XUEAUMo+LM
- k4hM+EaWoG++Pym/009fgdI0AAZa7igNTPcLdvAZTGVJ1K7V/QlKIz3RwTfozUtR
- a3/1XfS2Zllj/Nzmx7FI1aWyTScyfl44jfjpnPc1BvUfCmuV/28pKCYsJ3yPtN4i
- ccQKERQF9vUEnCZ67DmksFsrKrn9n38jd02or8ZzRRDx7NJOILhhhlzKTwARAQAB
+ mQINBF68XyMBEACtnqumd2ocG1qM8BZToRr+BLbWDwa1XWWovuonKupP2Im7F9a6
+ C71lSbD1QX0N0jvesMldrvLHnXFjOOKweNZlMSSzvB0TwSRgLugwaA/LI/g3R4IO
+ AMg4pKKbjguJ9nTAlHj0xQ2aWYI5dep6uks5tB5SCoyaqDc0eGzkkytuwNKLjEhd
+ GNFTH1cBIQsYYKdsfrNh9C3i4ps9jf3Gb3PtpTGdCvxIC1w66wxQO2w2yjD4wYdc
+ VMi5Uy/q8OjxX58YwA5RHt91B75wp6oQa6rKlzyu64H8bffzVn6ukGTLfKepY9WF
+ Hd106D/3lzO9jBXUj125ATIDFl3ObVG9JtiUVkmRl44Sgp4nLJWpejWWgDxGN6sd
+ U3l3bltPYZH/yrlNGaJEshshBSEL8PFRSxx3i+NKdUZhe5yzcxKFT1ZTSPZiKc7m
+ 9hr9BP0+54HzhgZScUsehQXvNe9TwOZccGmyn0Hix3zXBW1LsswFr396RUfKo8IO
+ 82hgaOnlYko8Y/dwPZcc3CEYiEwwQ13PagdO5c/YufZpWB4cq1r95tAzE3QHTOoQ
+ lFQ3yr3HV30LAn//PL2QWePB5nt7qFZwt1RrmUly3a9OA5fyhsyXg22SA7CwZaCI
+ gQc3HAYFNwPXCqiUlPdLbIb6OMSPI2Vd4U4IDb7bR726hWKYCIOcJQLm3QARAQAB
tDJEdW8gU2VjdXJpdHkgUGFja2FnZSBTaWduaW5nIDxkZXZAZHVvc2VjdXJpdHku
- Y29tPokCVAQTAQgAPhYhBN8aYLVu/i3IyoqaYQHvmOkQRI/bBQJduaXEAhsDBQkJ
- ZgGABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEAHvmOkQRI/bDjkP/0dUsJgx
- qTqPDgKimmLUM6xL3cuWcoIWe7kh0GVqBEY9wPJzL9aaggkURjbwtQcHiNBV2Mk5
- M6IaoIVQiSGHSob7il1sCSDRb7zWcZPqZqB9QtRBOgZcOLGxW62+UIGXPCQVvaCy
- FDxsmwMnPRYz4rS3X5zK1c2Fo9D59rQmTjj71UGVliNNq8GMH64I/goa4pEryk2t
- Jeby82la6gP+BPHFNc5hi/em3xxdgO16WKfe8uN0NmRZvOUnpThHbUzDjfj3uEf9
- /W6XcJfIyqdGMLpzrjkdaWr1CZg4XrF5q0c0hDzxrshNV04iFreg4ds5HsboNnPX
- M5HN60R1zeqBu+tVADSKYLpGOCczZTOUzYhlJfNOVSd83DE9vaeVTZQYgOK/1oVY
- WYPnr0spZ06FWb/1+irSWXhdDU8tAzRO3IFq4M8eBEkCrOt17dWDfgOcXN/I34IU
- I6RiAUVNc3W1aEB6r9WDPCDr9WBxrwMlceNrwFSJl9InrVIfJG54E6iYR/vBxyzS
- hjFd5PJxNQIhTTOfA4YplDoviSHw/3Ci64OOPmh06Z5zfd+HOH7E+I9SRk2GunPU
- odvnpWELquFzA9OwDLYUlUQC7cYHnGCzzHKHcxFuQKmH1hnAuBvq5H6OzlAgjuA7
- UX82Bl6FLsm7gJUmHq7xCM3zRG3ZKus/JeUJuQINBF25pcQBEADp3Z1ovqhzfFM6
- Oe/0zme9ynaGGcpxktncuvcpirsI5CYjqHWi11g1dG0HXANGDn2+kHrrJOwO6fVQ
- c4d1iImKoTR6ZmYd/Ae7TthsmjZXe3P/s15JpEMhsvwkSH6FOkrCkhgaNArZr6yn
- kb0s2zcJ69h7gz1rmnjmCsDjM9C/Pa99th4CBb2yo8Xq9mSjQKVCHcfFdrdGOMJc
- YtZCJz6Uno4CQSRPAq0l5lxM+HXhkUdPNdoxSUV4IIwZnxxHhXA+WSMC0Px04nVi
- XVDlJ+Vb5Nhf8bbJaiQXoHGFJY7u8+6QruoPQNmKkD7QwVdoEkd8Pb/6Q7ih5lIn
- 1ksjIG1G+N8AhkOZCm0aBz/uzMBZV8lswjNW1JEcXafe3QOnS3MxqHUXUzLN3tMB
- bG6me8ENbOMlBGCQa22NVf/C1KGL9nZts0Ljz9eNQTT1mxRvuU4twScomFVXh5ZF
- 0LWQdlxVueaebeXQBAtdROyd2wKGO+KMuJXD6Brqh2fCx+kK+zh7cFHLeS4rKLGt
- 7h9yI+lbmFArzVIEuiTYx5pspzYrclbiHOGYBKhV/b7iJ66zSxy2FryPzfeKBWzX
- C3kpVQ3RrhMyykUvfMfyx9+gbrCvwz7BoYD0EguPfnYYB2V7A5kM/ljwVRKY2mDL
- UKQ8v12pgegp/TeWvkKJ4AGr06lzNwARAQABiQI8BBgBCAAmFiEE3xpgtW7+LcjK
- ipphAe+Y6RBEj9sFAl25pcQCGwwFCQlmAYAACgkQAe+Y6RBEj9so2w//TF2rdbgD
- boKM2odifrEWv11HQzVpu/xU7gN0vvha11P5qj7V9yGgy31kRCtPZ9Xp/UfLAIaw
- vP85MydLY5/eUa7pRf207Hle5jl4L6g/Uuv41v9NRyOdldXzFmk0XvJfJ9ptXPTR
- 0E3m5t0IK2XzVhQhgCgyMb27Eh+kPbegnQV8hRNk8PVpFQNjDh6lDv7aFxmjt76x
- kPUTsFriC3NRDMdun5es+74NMfTuNLF8EPcVfByR+tQuKPCXaSzux02arYFEkVdT
- w9EOrNNagWX9wbI5tB80XNd1BcHCV1QOA9XCeQmcvBN5ww7nOTOwDjAMIqyoJX9D
- l9l/AFJa0PH3xENICpHmapS+LJfgKD1MNfQNKl8nTLRINOXnH/7L4q7LFn024nZa
- B4MvOMq7P3Hs2/iZlfIumk2AeeMemR2G72erPa6zx6I2dyp16rdi0mYHS0m4T+ud
- Ye7pnNwU7EqkuUYcd1oj9txfKFYj0nlOhEzSnLnshr3LsBVtzJi42RZc10rIWZbZ
- bXkcoJgoBo0P+QACduNVZ072OqDquv/OpU3UVszwotMV+IANJ9cX3bXKBCjevfTP
- VsXFL+WQaiGz2OcyD2uFLtLeHCDuZ6oL3Rw9pgT4E5ZXKYj4xd1qXhQea0sQu+8I
- 5oRM/JeaPuYz7lH+PhzcqVqpKaWDL0Q9ixs=
- =EHJ5
+ Y29tPokCPwQTAQIAKQUCXrxfIwIbAwUJEswDAAcLCQgHAwIBBhUIAgkKCwQWAgMB
+ Ah4BAheAAAoJEHpFCGTBoHqF0qAP/RmAz9B2RydA3DAdLuqBIcswOi6gLAH/mzDh
+ bisq4VXxLyIk1OfLVIdehvVKX3KINC54Pu9BltQpka8n0sBWPBXp5rp+EEB4epf4
+ kp5OlJqm2CNZq5lBFlGXNtoC33o+cOachmWKnoqrc5iuOKyQCqpgpP3TxcyDQlyJ
+ g18mrv0oN2LQjvTYZoYGQCEwe9iOYEnk+Dn5DNGtTuNTv5b2s1+TEGLuxlZeeHZz
+ pItFEKTqYG2BA+dje2H4/eweuYDxKRJ4Y6NgsLMJRwvopfTNgIg4VV5DJ//jqabc
+ 0HWJ+x95d09ecBZBk+gKiGfU+r5zaVoVKBlHN4q1S3P/cXitaMEKqb9UdicCsB5u
+ pA+Lu9KW5qKyElk3LdsMA5LFErlFRBNup3icuDZ9YP8582T0SXyGpALS2X6symdi
+ 3EZ587sCfEtI3cOZ/WQ7im05f/xu5x0RaZTUegOn6byFjyuKxIkQcAmtY2NvKpMI
+ 7cY1YOuYHGodiV/YQkaoZDFnbxMwI0JeboF9zuYMVqwC0tDvU92+NNaqcdJycwYQ
+ s5byXHB0TycUmIYxcRcuRYXeFa7T94fXY8IwsK6TWMEE04phsbujKzZ8IXxZ/5p4
+ j6dmGJf5OG0WC0KYZBAV5RuSWrGoVv1AS7WO511VP9gkUVZ9Ua9M62TdZ4FVqz7s
+ NBJXY7eBuQINBF68XyMBEACWjR4yUiDiQy/MTABjeI9PU80HUipGYe/CM0FXNhO6
+ D7M9150UgYICGFEyHXI4puVGV05WhG+/Be7UNcxO4OQpagz3b+a/OrTShEAev7Ck
+ /Sxw7qhGIpDt8A4duwNscPsLWnAcKetGOxw8YieR2NE11gYdp0xhPao1MUs2tTKM
+ nWqd/mr1KzAaPjx8FcKbUc1kQf0LHmxwzpZfh4+xWeNQ9GjLyXFvPvGl/YTjJz3k
+ SygADIqHcPgWnO5t9vEFuVCAFd6oIYcnhJOYjxh5Rv0XWAA0do4gxOT0HfKrOeYM
+ hpCFkJ1HgcqmO29yWJq6y0psEdyUBThhX+JEhRa3WMu1NkwV8g1MucPV7DYuPDPw
+ 43sGABU7KLhng4Lqw2r/2hwYsPNCdBZ9HBEfsnhXi0fL24jT8VBULCLt+OdRuQsx
+ xBz2JIhul1FqmjPJLMMmfv6anMNXr8qAOCED74lE/8GKee+/r3TbWanrMMnWvwau
+ 2L7KxUAPcPM/Y8iSMFRlTmMN9ZuTomiZTIT+kkTea2lW6JG9r6kBeRglcqy9Hg+g
+ ooab9QR7hftSQ2WWc4Ru5/ki2+PbDHm7Mw90sMBH43/JVPNowG51WvzK2ACJUA7G
+ ET7cfxi2QLmtgnKk3F04+QRHvV9dV8o88sPZxp7GpparojEAmhBxXcZdz5wkc8bu
+ RQARAQABiQIkBBgBAgAPBQJevF8jAhsMBQkSzAMAAAoJEHpFCGTBoHqFsvIP9Rzo
+ nSPena6p1GVkUvfO3N71atjnqgjajKjNaD1XmLTaXXb12p1pB+0Y7fgKZY6JUWbD
+ BHHAUTadwl2t43I1hRycj9APPpYjJtFZQqdxMKJsE61q7LMgMDfgKVb/XDg7ApKz
+ jwdHEbvSnmyK//5aedv60wFP0mJJnIvchcwyRM+azn2BoHtEIYvicPSOiKA0aG/U
+ 6RT5UkKbqfviyEdkke6JA8795LeagJ4tQlbUT66HskADRD9MFQgRXFYk6fgby77Q
+ a/ni4UZLPkplcPvxKviC23pcx4JyJoskNVvt9ZgAVxZqY3ntdhcYE0U+xx2ENfXV
+ T5eoOwnbu6+lL4oq/ev1m7VAYQCPWLCrjWi++ZZoxpu4IgLrJICuEFkvtRxRZYsg
+ 9dQ8RcuOC8HguLrblEl7DeO81D+bTQz3eT/+In2vjk40XXW0ReA6LZiaHfQYValj
+ 3ntKqlYqgtNEYdXFsxhP1xvsG9DSRiCrTkccaE2BZs9V9MnVP/RVxHdaGRupuc90
+ gHsnKT25loh6PuJBw7SPZxitXqAmbeDl49GpfuAodxBihuemz5KT16VIoQy1OpHX
+ ZLkCAcK8FH6+FUT8y1E/gzs4Kc+lN473B8OJs2XU5XwN56PcVPQuFJK4k7v4jySy
+ MXBqsE6g78e0L2b31PujvG2DyNa0myrqfmNFKBk=
+ =SZIy
-----END PGP PUBLIC KEY BLOCK-----
source: "deb [arch=amd64] http://pkg.duosecurity.com/Ubuntu xenial main"
architectures: amd64