From 351397314cd392a0a36701badbdae4806093d3a1 Mon Sep 17 00:00:00 2001
From: sousaedu <eduardo.sousa@canonical.com>
Date: Thu, 17 Jun 2021 11:04:34 +0100
Subject: [PATCH] Fix bug 1571 - Certificate for LDAPS not written if TLS is
 disabled in Keystone

Change-Id: I9d4d3f96c7607c1b6f2172cb0de0a5bdcbffbfc3
Signed-off-by: sousaedu <eduardo.sousa@canonical.com>
---
 docker/Keystone/scripts/start.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docker/Keystone/scripts/start.sh b/docker/Keystone/scripts/start.sh
index e4bb5f27..5cdeddf3 100755
--- a/docker/Keystone/scripts/start.sh
+++ b/docker/Keystone/scripts/start.sh
@@ -165,6 +165,12 @@ EOF
     if [ "$LDAP_GROUP_TREE_DN" ]; then
         echo "group_tree_dn = $LDAP_GROUP_TREE_DN" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
     fi
+    if [ "$LDAP_TLS_CACERT_BASE64" ]; then
+        mkdir -p /etc/ssl/certs/
+        echo "-----BEGIN CERTIFICATE-----" >> /etc/ssl/certs/ca-certificates.crt
+        echo $LDAP_TLS_CACERT_BASE64 >> /etc/ssl/certs/ca-certificates.crt
+        echo "-----END CERTIFICATE-----" >> /etc/ssl/certs/ca-certificates.crt
+    fi
     if [ "$LDAP_USE_STARTTLS" ] && [ "$LDAP_USE_STARTTLS" == "true" ]; then
         echo "use_tls = true" >> /etc/keystone/domains/keystone.$LDAP_AUTHENTICATION_DOMAIN_NAME.conf
         mkdir -p /etc/keystone/ssl/certs/
-- 
2.17.1