Merge branch 'sonic-net:master' into master

Author: i-davydenko

data/templates/common-auth-sonic.j2

@@ -68,6 +68,15 @@ auth	[success=2 default=ignore]	pam_exec.so /usr/sbin/cache_radius
 # Local
 auth	[success=done new_authtok_reqd=done default=ignore{{ ' auth_err=die maxtries=die' if not auth['failthrough'] }}]	pam_unix.so nullok try_first_pass
 
+{% elif auth['login'] == 'ldap,local' %}
+auth    [success=2 default=ignore]      pam_ldap.so minimum_uid=1000 try_first_pass
+auth    [success=1 default=ignore]      pam_unix.so nullok try_first_pass
+{% elif auth['login'] == 'local,ldap' %}
+auth    [success=2 default=ignore]      pam_unix.so nullok try_first_pass
+auth    [success=1 default=ignore]      pam_ldap.so minimum_uid=1000 try_first_pass
+{% elif auth['login'] == 'ldap' %}
+auth    [success=1 default=ignore]      pam_ldap.so minimum_uid=1000 try_first_pass
+
 {% else %}
 auth	[success=1 default=ignore]	pam_unix.so nullok try_first_pass
 

data/templates/ldap.conf.j2

@@ -0,0 +1,17 @@
+{{ ldap_cfg.cfg_servers(servers) }}
+
+base {{ ldap_cfg.cfg_base(servers) }}
+
+ldap_version {{ ldap_cfg.cfg_version(servers) }}
+
+binddn {{ ldap_cfg.cfg_bind(servers) }}
+
+bindpw {{ ldap_cfg.cfg_bindpw(servers) }}
+
+port {{ ldap_cfg.cfg_port(servers) }}
+
+scope {{ ldap_cfg.cfg_scope(servers) }}
+
+timelimit {{ ldap_cfg.cfg_timeout(servers) }}
+
+bind_timelimit {{ ldap_cfg.cfg_bind_timeout(servers) }}

data/templates/nslcd.conf.j2

@@ -0,0 +1,41 @@
+# /etc/nslcd.conf
+# nslcd configuration file. See nslcd.conf(5)
+# for details.
+
+# The user and group nslcd should run as.
+uid nslcd
+gid nslcd
+
+# The location at which the LDAP server(s) should be reachable.
+{{ ldap_cfg.cfg_servers(servers) }}
+
+# The search base that will be used for all queries.
+base {{ ldap_cfg.cfg_base(servers) }}
+
+
+# The LDAP protocol version to use.
+ldap_version {{ ldap_cfg.cfg_version(servers) }}
+
+# The DN to bind with for normal lookups.
+binddn {{ ldap_cfg.cfg_bind(servers) }}
+bindpw {{ ldap_cfg.cfg_bindpw(servers) }}
+
+# The DN used for password modifications by root.
+#rootpwmoddn cn=admin,dc=example,dc=com
+
+# SSL options
+#ssl off
+#tls_reqcert never
+tls_cacertfile /etc/ssl/certs/ca-certificates.crt
+
+# The search scope.
+scope {{ ldap_cfg.cfg_scope(servers) }}
+
+timelimit {{ ldap_cfg.cfg_timeout(servers) }}
+
+bind_timelimit {{ ldap_cfg.cfg_bind_timeout(servers) }}
+
+nss_initgroups_ignoreusers ALLLOCAL
+
+nss_min_uid 1000
+

host_modules/gcu.py

@@ -39,6 +39,36 @@ def apply_patch_yang(self, patch_text):
                     break
         return result.returncode, msg
 
+    @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='is')
+    def replace_db(self, patch_text):
+        input_bytes = (patch_text + '\n').encode('utf-8')
+        cmd = ['/usr/local/bin/config', 'replace', '-f', 'CONFIGDB', '/dev/stdin']
+
+        result = subprocess.run(cmd, input=input_bytes, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        msg = ''
+        if result.returncode:
+            lines = result.stderr.decode().split('\n')
+            for line in lines:
+                if 'Error' in line:
+                    msg = line
+                    break
+        return result.returncode, msg
+
+    @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='is')
+    def replace_yang(self, patch_text):
+        input_bytes = (patch_text + '\n').encode('utf-8')
+        cmd = ['/usr/local/bin/config', 'replace', '-f', 'SONICYANG', '/dev/stdin']
+
+        result = subprocess.run(cmd, input=input_bytes, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        msg = ''
+        if result.returncode:
+            lines = result.stderr.decode().split('\n')
+            for line in lines:
+                if 'Error' in line:
+                    msg = line
+                    break
+        return result.returncode, msg
+
     @host_service.method(host_service.bus_name(MOD_NAME), in_signature='s', out_signature='is')
     def create_checkpoint(self, checkpoint_file):
 

scripts/featured

@@ -166,7 +166,7 @@ class FeatureHandler(object):
     def port_listener(self, key, op, data):
         if not key:
             return 
-        if op == 'SET' and key == 'PortInitDone' and not self.is_delayed_enabled:
+        if op == 'SET' and key == 'PortInitDone':
             syslog.syslog(syslog.LOG_INFO, "Updating delayed features after port initialization")
             self.enable_delayed_services()