Updates for the November 2020 training offering

Updates for the November 2020 training offering, including changing the
well known password used by the trainees, updating COmanage Registry to
version 3.3.1, updating the Shibboleth IdP to 4.0.1, and updating the
slapd image to the latest version.

README.md

@@ -67,7 +67,7 @@ cd comanage-registry-training-deployment
 virtualenv -p python3.7 ./
 source bin/activate
 pip install --upgrade pip
-pip install ansible==2.9.6
+pip install ansible==2.10.1
 pip install boto
 pip install boto3
 cp /path/to/AWS-Trng-1.pem .
@@ -117,6 +117,23 @@ vars/global.yml
 
 Review that file before running the playbook.
 
+## Changing Training Password
+
+The password used by trainees for SSH and when authenticating to the IdP
+needs to be set in two (2) places:
+
+1. The file `roles/common/tasks/users.yml`. Use the `mkpasswd` Linux utility to hash the
+password:
+    ```
+    mkpasswd --method=sha-512
+    ```
+
+1. The file `roles/idp/files/config-always-01.ldif`. Use the `slappasswd` Linux utilty to
+hash the password and then edit the file using `ansible-vault edit`:
+
+    ```
+    /usr/sbin/slappasswd -c '$6$rounds=5000$%.86s'
+    ```
 
 ## Provision the COmanage Training Infrastructure
 

roles/common/tasks/users.yml

@@ -68,7 +68,10 @@
       comment: COmanage Training User
       uid: 2000
       home: /home/training
-      password: "$6$Vi9PQcxYJ.VBZ$RD.yWppXJUvqTBcicu4V1VTwcfpILQ6fisdXbl1VRwezpPr88p5ufW8fL4lmoVKgyGVgFIOQt1LL3Z0KlEOvK/"
+      # The password chosen can be hashed using mkpasswd command found on most Linux deployments
+      #
+      # mkpasswd --method=sha-512
+      password: "$6$k72rMBqah9omQW$ii9NcQTJHJtlESDq1PyX0Xc7bqwcogk0qwZtDsSjKi9gLRirHvSTDOIUP.x3IuVsIp1jc2MQyjvRtSulYWDDq."
       shell: /bin/bash
       group: training
       append: yes