Fix bug 1571 - Certificate for LDAPS not written if TLS is disabled in Keystone

author sousaedu <eduardo.sousa@canonical.com>

Thu, 17 Jun 2021 10:04:34 +0000 (11:04 +0100)

committer beierlm <mark.beierl@canonical.com>

Fri, 18 Jun 2021 02:09:01 +0000 (04:09 +0200)
author sousaedu <eduardo.sousa@canonical.com>
Thu, 17 Jun 2021 10:04:34 +0000 (11:04 +0100)
committer beierlm <mark.beierl@canonical.com>
Fri, 18 Jun 2021 02:09:01 +0000 (04:09 +0200)
diff --git a/docker/Keystone/scripts/start.sh b/docker/Keystone/scripts/start.sh

index e4bb5f2..5cdeddf 100755 (executable)
--- a/docker/Keystone/scripts/start.sh
+++ b/docker/Keystone/scripts/start.sh
@@ -165,6 +165,12 @@ EOF
      if [ "$LDAP_GROUP_TREE_DN" ]; then
          echo "group_tree_dn = $LDAP_GROUP_TREE_DN" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
      fi
+    if [ "$LDAP_TLS_CACERT_BASE64" ]; then
+        mkdir -p /etc/ssl/certs/
+        echo "-----BEGIN CERTIFICATE-----" >> /etc/ssl/certs/ca-certificates.crt
+        echo $LDAP_TLS_CACERT_BASE64 >> /etc/ssl/certs/ca-certificates.crt
+        echo "-----END CERTIFICATE-----" >> /etc/ssl/certs/ca-certificates.crt
+    fi
      if [ "$LDAP_USE_STARTTLS" ] && [ "$LDAP_USE_STARTTLS" == "true" ]; then
          echo "use_tls = true" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
          mkdir -p /etc/keystone/ssl/certs/
author	sousaedu <eduardo.sousa@canonical.com>
	Thu, 17 Jun 2021 10:04:34 +0000 (11:04 +0100)
committer	beierlm <mark.beierl@canonical.com>
	Fri, 18 Jun 2021 02:09:01 +0000 (04:09 +0200)