* * * READ ME * * *
                 * * * Veritas CloudPoint 2.1.1.7469 * * *
                         * * * Hot Fix 1 * * *
                         Patch Date: 2018-09-25


This document provides the following information:

   * PATCH NAME
   * OPERATING SYSTEMS SUPPORTED BY THE PATCH
   * BASE PRODUCT VERSION FOR THE PATCH
   * SUMMARY OF INCIDENTS FIXED BY THE PATCH
   * DETAILS OF INCIDENTS FIXED BY THE PATCH
   * INSTALLING THE PATCH
   * KNOWN ISSUES
   * NOTE


PATCH NAME
----------
Veritas CloudPoint 2.1.1.7469 Hot Fix 1


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
Ubuntu 16.04 x86-64


BASE PRODUCT VERSION FOR THE PATCH
-----------------------------------
   * Veritas CloudPoint 2.1.1

SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch 2.1.1.7469:
C3PM-9519(C3PM-10578) : Enable LDAP over SSL

DETAILS OF INCIDENTS FIXED BY THE PATCH
--------------------------------------------
This patch fixes the following JIRA incidents:
C3PM-9519 : (Tracking ID: C3PM-10578)
	Enable LDAP over SSL (Identity Management Service)

Symptom: LDAP over ssl does not work

Description: All ldap queries were only happening over ldap simple authentication with ssl disabled.

Resolution : While configuring AD , There can be passed an ssl flag that says whether ssl is to be used or not.
There is also a mechanism to import the customer AD's certificate to the idm_store that can be used to speak to AD securely over ssl

INSTALLING THE PATCH
--------------------
I. Before patching:
  1. Contact Veritas Technical Support for this Hot Fix.
  2. Untar the Hot Fix file to a CloudPoint host.
  3. Run the following commands to load the patch.
    # docker load -i Veritas_CloudPoint_2.1.1.7469.IE.img.gz
    # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:2.1.1.7469 load
  4. Ensure that there are no protection policy snapshots or other operations in progress.
     Estimate the patching time will be 15 minutes to an hour.
  5. Log out from the CloudPoint UI.
  6. Run the following command as root to stop CloudPoint.
    # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:2.1.1.7468 stop

II. Patching:
  Run the following command as root.
    # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:2.1.1.7469 install

III. After patching:
  1. Refresh your web broswer and log in to the CloudPoint UI.
  2. Verify the CloudPoint version. Click on Settings and select About. The following information should show up.
    Current Version: 2.1.1.7469
    Current Commit: 2ee0734d63358435367e17fa241f6886a9d58fb5
  3. Verify the CloudPoint data.

IV. Steps for LDAP over SSL:
  1. Wait for 15-20 seconds for the 'flexsnap-identity-manager-service' container to completely restart the service with the new installation.
  
  2. Copy AD Server's public certificate <certificate.cer> to /cloudpoint/keys
    # cp <path_to_certificate.cer> /cloudpoint/keys/


  3. Go into flexsnap_identity_manager container
    # docker exec -it flexsnap-identity-manager-service bash
  
  4. Run command to navigate to /cloudpoint/keys directory
    # cd /cloudpoint/keys
  
  5. Import certificate into idm_store truststore for IDM
    # keytool -importcert -file certificate.cer -keystore idm_store -alias "AD_Server"

  6. Enter truststore password as secret and enter yes to the prompt
  
  7. Make sure the AD Server is configured so as to allow Context creation and querying using email.

  8. Use exit to exit the docker container

  9. Run the following curl command to login
    # curl -v -H "Content-Type: application/json" -H "Accept:application/json" -X POST -d '{"email":"<Cloudpoint-Admin-email>","password" : "<Cloudpoint-admin-password>" }' -k  https://<Cloudpoint-Server-IP>/cloudpoint/api/v2/idm/login

  10. Run the following curl command to create an AD Configuration over SSL.
    # curl -X PUT \
      https://<Cloudpoint-Server-IP>/cloudpoint/api/v2/idm/config/ad \
      -H 'Authorization: Bearer <Authz token>' \
      -H 'Cache-Control: no-cache' \
      -H 'Content-Type: application/json' \
      -d '{
            "ssl": true,
            "ldapUsername":"<AD-Admin-Username>",
            "ldapPassword":"<AD-Admin-Password>",
            "ldapUrl":"<AD-Server-Url>",
            "ldapPort":"<AD-Server-port-serving-ldap>" ,
            "ldapBaseDN":"<Base DN for searching>",
            "ldapEmailDomain":"<Email Domain with which users log in>"
          }'

NOTE
----
1. Roll back to the previous version if needed.
  a. Log out from the CloudPoint UI.
  b. Run the following commands as root.
    # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:2.1.1.7469 stop
    # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:2.1.1.7469 uninstall
    # docker run --rm -it -v /cloudpoint:/cloudpoint -v /var/run/docker.sock:/var/run/docker.sock veritas/flexsnap-cloudpoint:2.1.1.7468 install
2. The previous version(s) of Docker container images are not removed. You can remove them to save your CloudPoint instance disk space.