[openshift] Obfuscate LDAP bind passwords

OpenShift broker and console can be configured with different authentication backends. If LDAP is being used with a server that requires authentication for search the configuration files will capture the credentials of the BindDN. Fixes: rhbz#1227462 Fixes: #673. Signed-off-by: Pep Turró Mauri <pep@redhat.com>
author: Pep Turró Mauri <pep@redhat.com> 2015-10-30 17:59:03 +0100
committer: Bryn M. Reeves <bmr@redhat.com> 2015-12-18 17:32:10 +0000
commit: c864e4f7f9a831cc31f341b299d82e6ac5389d2d (patch)
tree: 7af1f447fcfaf42ef22cf4fe27003c970b7b3a64
parent: ce1af8e84a479b10960eb421340fdd8df60ffd29 (diff)
download: sos-c864e4f7f9a831cc31f341b299d82e6ac5389d2d.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sos/plugins/openshift.py b/sos/plugins/openshift.py
index 75386cdc..b424eb91 100644
--- a/sos/plugins/openshift.py
+++ b/sos/plugins/openshift.py
@@ -147,5 +147,10 @@ class Openshift(Plugin, RedHatPlugin):
         self.do_file_sub(plugin_dir + 'openshift-origin-dns-nsupdate.conf',
                          r"(BIND_KEYVALUE\s*=\s*)(.*)",
                          r"\1********")
+        # LDAP authentication:  AuthLDAPBindPassword "IShouldNotBeHere"
+        ldap_paths = '/var/www/openshift/(broker|console)/httpd/conf.d/.*'
+        self.do_path_regex_sub(ldap_paths,
+                               r"(AuthLDAPBindPassword)\s*(.*)",
+                               r"\1********")
 
 # vim: set et ts=4 sw=4 :
author	Pep Turró Mauri <pep@redhat.com>	2015-10-30 17:59:03 +0100
committer	Bryn M. Reeves <bmr@redhat.com>	2015-12-18 17:32:10 +0000
commit	c864e4f7f9a831cc31f341b299d82e6ac5389d2d (patch)
tree	7af1f447fcfaf42ef22cf4fe27003c970b7b3a64
parent	ce1af8e84a479b10960eb421340fdd8df60ffd29 (diff)
download	sos-c864e4f7f9a831cc31f341b299d82e6ac5389d2d.tar.gz