From 0436ac25ed870bfc52e08a1356a4af05f2097fd7 Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Tue, 24 Jul 2018 09:22:40 -0500
Subject: [PATCH] Owner and permissions for slapd TLS files

Added logic to set the owner and permissions for the slapd TLS
certificate, privkey, and CA cert files so that they are explicitly
owned by openldap with the correct permissions.
---
 comanage-registry-slapd-base/comanage_ldap_utils.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh
index 22d1b85..4bac4c9 100755
--- a/comanage-registry-slapd-base/comanage_ldap_utils.sh
+++ b/comanage-registry-slapd-base/comanage_ldap_utils.sh
@@ -420,14 +420,20 @@ EOF
 function comanage_ldap_utils::copy_cert_and_secrets() {
     if [[ -f "${SLAPD_CERT_FILE}" ]]; then
         cp ${SLAPD_CERT_FILE} /etc/ldap/slapd.crt
+        chown openldap:openldap /etc/ldap/slapd.crt
+        chmod 644 /etc/ldap/slapd.crt
     fi
 
     if [[ -f "${SLAPD_PRIVKEY_FILE}" ]]; then
         cp ${SLAPD_PRIVKEY_FILE} /etc/ldap/slapd.key
+        chown openldap:openldap /etc/ldap/slapd.key
+        chmod 600 /etc/ldap/slapd.key
     fi
 
     if [[ -f "${SLAPD_CHAIN_FILE}" ]]; then
         cp ${SLAPD_CHAIN_FILE} /etc/ldap/slapd.ca.crt
+        chown openldap:openldap /etc/ldap/slapd.ca.crt
+        chmod 644 /etc/ldap/slapd.ca.crt
     fi
 
     if [[ -f "${OLC_ROOT_PW_FILE}" ]]; then