<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Tom.</p>
<p>> As IPMI requires clear text password my understanding is
that LDAP/AD is not suitable for IPMI user account management.
<br>
Is the purpose of LDAP/AD to support authentication from UI along
with IPMI user accounts on the BMC?
<br>
Also LDAP/AD cannot be used for IPMI session setup as passwords
are stored as one-way hash and cannot be retrieved. <br>
</p>
<p>Seems ldap gets the way through which we can access the password.</p>
<p>e.g.</p>
<pre class="code-pre command"><code>sudo ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW
Regards
Ratan Gupta
</code></pre>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On Tuesday 10 July 2018 12:44 AM, Tom
Joseph wrote:<br>
</div>
<blockquote type="cite"
cite="mid:dd593784-d650-0393-0e44-3f6a5bcbdfec@linux.vnet.ibm.com">Hello,
<br>
<br>
I came across the user guide of MegaRAC, SuperMicro etc mentioning
about the LDAP/Active directory settings.
<br>
(Example:
<a class="moz-txt-link-freetext" href="https://argonsys.com/learn-microsoft-cloud/articles/supermicro-ipmi-active-directory-integration/">https://argonsys.com/learn-microsoft-cloud/articles/supermicro-ipmi-active-directory-integration/</a>)<br>
<br>
As IPMI requires clear text password my understanding is that
LDAP/AD is not suitable for IPMI user account management.
<br>
Is the purpose of LDAP/AD to support authentication from UI along
with IPMI user accounts on the BMC?
<br>
Also LDAP/AD cannot be used for IPMI session setup as passwords
are stored as one-way hash and cannot be retrieved.
<br>
<br>
Any thoughts?
<br>
<br>
Regards,
<br>
Tom
<br>
<br>
</blockquote>
<br>
</body>
</html>