Owner and permissions for slapd TLS files

Added logic to set the owner and permissions for the slapd TLS certificate, privkey, and CA cert files so that they are explicitly owned by openldap with the correct permissions.
docker · Jul 24, 2018 · 0436ac2 · 0436ac2
1 parent b65387a
commit 0436ac2
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh
@@ -420,14 +420,20 @@ EOF
 function comanage_ldap_utils::copy_cert_and_secrets() {
     if [[ -f "${SLAPD_CERT_FILE}" ]]; then
         cp ${SLAPD_CERT_FILE} /etc/ldap/slapd.crt
+        chown openldap:openldap /etc/ldap/slapd.crt
+        chmod 644 /etc/ldap/slapd.crt
     fi
 
     if [[ -f "${SLAPD_PRIVKEY_FILE}" ]]; then
         cp ${SLAPD_PRIVKEY_FILE} /etc/ldap/slapd.key
+        chown openldap:openldap /etc/ldap/slapd.key
+        chmod 600 /etc/ldap/slapd.key
     fi
 
     if [[ -f "${SLAPD_CHAIN_FILE}" ]]; then
         cp ${SLAPD_CHAIN_FILE} /etc/ldap/slapd.ca.crt
+        chown openldap:openldap /etc/ldap/slapd.ca.crt
+        chmod 644 /etc/ldap/slapd.ca.crt
     fi
 
     if [[ -f "${OLC_ROOT_PW_FILE}" ]]; then