* * * READ ME * * * * * * Veritas CloudPoint 2.0.2 * * * * * * Identity-Management-Service 2.0.2.489 * * * * * * Hot Fix 1 * * * Patch Date: 2018-05-30 This document provides the following information: * PATCH NAME * OPERATING SYSTEMS SUPPORTED BY THE PATCH * BASE PRODUCT VERSION FOR THE PATCH * SUMMARY OF INCIDENTS FIXED BY THE PATCH * DETAILS OF INCIDENTS FIXED BY THE PATCH * INSTALLING THE PATCH * KNOWN ISSUES * NOTE PATCH NAME ---------- Veritas CloudPoint Veritas CloudPoint 2.0.2 Identity-Management-Service 2.0.2.489 Hot Fix 1 OPERATING SYSTEMS SUPPORTED BY THE PATCH ---------------------------------------- Ubuntu 16.04 x86-64 BASE PRODUCT VERSION FOR THE PATCH ----------------------------------- * Veritas CloudPoint 2.0.2 SUMMARY OF INCIDENTS FIXED BY THE PATCH --------------------------------------- Patch 2.0.2 - Identity Management Service 2.0.2.489: * C3PM-5495: (C3PM-5735) Enable LDAP over SSL DETAILS OF INCIDENTS FIXED BY THE PATCH -------------------------------------------- This patch fixes the following JIRA incidents: Patch 2.0.2 - Identity Management Service 2.0.2.489: * C3PM-5495: (C3PM-5735) Enable LDAP over SSL Symptom: LDAP over ssl does not work Description: All ldap queries were only happening over ldap simple authentication with ssl disabled. Resolution : While configuring AD , There can be passed an ssl flag that says whether ssl is to be used or not. There is also a mechanism to import the customer AD's certificate to the idm_store that can be used to speak to AD securely over ssl. INSTALLING THE PATCH -------------------- I. Before patching: 1. Copy the 'deb' package identity_manager_service-2.0.2.489.deb to /cloudpoint directory on your CloudPoint host. # cp /identity_manager_service-2.0.2.489.deb /cloudpoint 2. Run this as root to check all containers are up and running healthy: # docker ps 3. Make note of the 'Container ID' or 'Names' of the identity-manager-service container. (Most likely the name should be 'flexsnap-identity-manager-service') II. Patching: 1. Run the following command as root (To enter the identity-manager-service container) # docker exec -it flexsnap-identity-manager-service bash OR # docker exec -it bash 2. Run the following commands inside the identity-manager-service container you just entered: Run this command to check the current version installed: # dpkg --list | grep identity_manager Run these commands to install the patch version package in your container: # dpkg -i /cloudpoint/identity_manager_service-2.0.2.489.deb # sed -i "s/localhost/flexsnap-rabbitmq/g" /opt/VRTScloudpoint/services/identity_manager_service/config/amqpconfig.properties && \ # sed -i "s/127.0.0.1/flexsnap-mongodb/g" /opt/VRTScloudpoint/services/identity_manager_service/config/mongo.properties && \ # sed -i "s/127.0.0.1/0.0.0.0/g" /opt/VRTScloudpoint/services/identity_manager_service/config/application.properties Run this command again to verify the current version of identity-manager-service installed is the patch version 2.0.2.489: # dpkg --list | grep identity_manager Then exit the container: # exit 3. Run the following command after exiting the container as root on CLoudPoint host: # docker restart flexsnap-identity-manager-service OR docker restart III. After patching: 1. Wait for 15-20 seconds for the 'flexsnap-identity-manager-service' container to completely restart the service with the new installation. 2. Copy AD Server's public certificate to /cloudpoint/keys # cp /cloudpoint/keys/ 3. Go into flexsnap_identity_manager container # docker exec -it flexsnap-identity-manager-service bash 4. Run command to navigate to /cloudpoint/keys directory # cd /cloudpoint/keys 5. Import certificate into idm_store truststore for IDM # keytool -importcert -file certificate.cer -keystore idm_store -alias "AD_Server" 6. Enter truststore password as secret and enter yes to the prompt 7. Make sure the AD Server is configured so as to allow Context creation and querying using email. 8. Use exit to exit the docker container 9. Run the following curl command to login # curl -v -H "Content-Type: application/json" -H "Accept:application/json" -X POST -d '{"email":"","password" : "" }' -k https:///cloudpoint/api/v2/idm/login 10. Run the following curl command to create an AD Configuration over SSL. # curl -X PUT \ https:///cloudpoint/api/v2/idm/config/ad \ -H 'Authorization: Bearer ' \ -H 'Cache-Control: no-cache' \ -H 'Content-Type: application/json' \ -d '{ "ssl": true, "ldapUsername":"", "ldapPassword":"", "ldapUrl":"", "ldapPort":"" , "ldapBaseDN":"", "ldapEmailDomain":"" }' NOTE ---- 1. Roll back to the previous version of identity-manager-service if needed. a. Run the following command as root (To enter the identity-manager-service container) # docker exec -it flexsnap-identity-manager-service bash OR # docker exec -it bash b. Run the following commands inside the identity-manager-service container you just entered # dpkg -i /root/identity_manager_service-.deb # sed -i "s/localhost/flexsnap-rabbitmq/g" /opt/VRTScloudpoint/services/identity_manager_service/config/amqpconfig.properties # sed -i "s/127.0.0.1/flexsnap-mongodb/g" /opt/VRTScloudpoint/services/identity_manager_service/config/mongo.properties # sed -i "s/127.0.0.1/0.0.0.0/g" /opt/VRTScloudpoint/services/identity_manager_service/config/application.properties Run this command to verify the current version of identity-manager-service installed is the original version (what it was before installing the patch in the container in Step II(2) of "Installing the Patch"): # dpkg --list | grep identity_manager Then exit the container: # exit c. Run the following command after exiting the container as root on CLoudPoint host: # docker restart flexsnap-identity-manager-service OR docker restart