commit b37814721b7abe97074ee5cc3a1ca3f5fcbe90e1
author Denis Egorenko <degorenko@mirantis.com> Thu Jul 11 19:08:59 2019 +0400
committer Denis Egorenko <degorenko@mirantis.com> Fri Jul 12 15:06:49 2019 +0400
tree 7396fc63fe41d434f08051c0fc29d517c8b9f989
parent 23cd904826af104a528476f43cbe813dccd8e2c4

Switch phpldapadmin auth to LDAPS

Change-Id: I2daef3844e74ae7b2e213977f49192ffc055ae8b
Related-Prod: PROD-23454
(cherry picked from commit c95a6766a40de641594008a734adc932b2d29f9a)

defaults/docker_images.yml

diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index a6c0e8d..a3db781 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -11,7 +11,7 @@
     docker_image_mongodb: "${_param:mcp_docker_registry}/mirantis/external/library/mongo:${_param:mcp_version}"
     ###
     # phpldapadmin:0.6.12
-    docker_image_phpldapadmin: "${_param:mcp_docker_registry}/mirantis/cicd/phpldapadmin:${_param:mcp_version}"
+    docker_image_phpldapadmin: "${_param:mcp_docker_registry}/mirantis/cicd/phpldapadmin:2019.2.5"
     # gerrit:2.13.6
     docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:2019.2.5"
     # mysql:5.6

docker/swarm/stack/ldap.yml

diff --git a/docker/swarm/stack/ldap.yml b/docker/swarm/stack/ldap.yml
index 5130caf..1e12a4a 100644
--- a/docker/swarm/stack/ldap.yml
+++ b/docker/swarm/stack/ldap.yml
@@ -49,9 +49,19 @@
               depends_on:
                 - server
               hostname: ldap
+              command: --copy-service
+              volumes:
+                - ${_param:openldap_tls:keyfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.key:ro
+                - ${_param:openldap_tls:certfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.crt:ro
+                - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/ldap-client/assets/certs/ca.crt:ro
               environment:
                 PHPLDAPADMIN_LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
-                PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
+                PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'host': 'ldaps://${_param:cicd_control_address}', 'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
+                PHPLDAPADMIN_LDAP_CLIENT_TLS: "true"
+                PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: drivetrain_ldap.crt
+                PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: drivetrain_ldap.key
+                PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: ca.crt
+                PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: 'try'
                 PHPLDAPADMIN_HTTPS: "false"
                 PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
                 PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}