<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><tt>Hi Kevin,</tt></font></p>
<p><font size="+1"><tt>Thanks for sharing the info</tt></font><tt><font
size="+1">.</font></tt><br>
</p>
<font size="+1"><tt>We are in mid of updating the openbmctool for
the LDAP,would share the commit once it is done.</tt><tt><br>
</tt><tt>
</tt><tt><br>
</tt><tt>Regarding the redfish commands, You can use the following
link</tt><tt><br>
</tt><tt>
</tt><tt><br>
</tt><tt><b><a class="moz-txt-link-freetext" href="https://pastebin.com/ibX5nyAc">https://pastebin.com/ibX5nyAc</a></b></tt><tt><br>
</tt><tt>
</tt><tt><br>
</tt><tt>If you still hit the issue, please share the output of
the ldapsearch command.</tt><tt><br>
</tt><tt>
</tt><tt><br>
</tt><tt>eg: ldapsearch -d 2 -H <a class="moz-txt-link-freetext" href="ldap://ldaptest.abc.com/">ldap://ldaptest.abc.com/</a> -x -W -D
"<bind_dn>" -b "<base_dn>" "(objectclass=*)"</tt><br>
</font>
<pre><font size="+1">Ratan</font></pre>
<div class="moz-cite-prefix">On 10/07/19 9:15 AM, Kevin WM Chen
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:f4126378-b2f3-361f-189d-cf22f3f5f119@insyde.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi Ratan,</p>
<div><br>
</div>
<div>My answers are embedded with your questions as below:</div>
<div><br>
</div>
<div>
<div>1. Please get me the redfish commands which you used to
configure the LDAP.</div>
<div><br>
</div>
<div>Ans: We use openbmctool.py
(<a class="moz-txt-link-freetext"
href="https://github.com/openbmc/openbmc-tools/blob/master/thalerj/openbmctool.py"
moz-do-not-send="true">https://github.com/openbmc/openbmc-tools/blob/master/thalerj/openbmctool.py</a>)
to configure LDAP.</div>
<div> Due to unfamiliarity with OpenBmc, please help to
list the "redfish commands" to configure LDAP.</div>
<div><br>
</div>
<div>2. I just want to know the following info:</div>
<div>=> What is your backend LDAP server(AD/openLDAP)?</div>
<div><br>
</div>
<div>Ans: The backend LDAP server we use is openLDAP.<br>
</div>
<div><span style="font-size: 22.3633px;"><br>
</span></div>
<div>=> Did you try to connect your LDAP server with some
other external LDAP client? I normally use the
ldapsearch(opensource utility).</div>
<div> But there are some GUI based clients(jxplorer) also.</div>
</div>
<div><br>
</div>
<div>Ans: We can use ldapsearch to query the user/group of the
bindDN on the server.</div>
<div><br>
</div>
<div><br>
</div>
<div>By the way, we have revised the openbmctool as follows:</div>
<div><br>
</div>
<div>
<div>As the function "enableLDAP" in openbmctool.py hasn't
supported properties "GroupNameAttribute" and
"UserNameAttribute" yet,</div>
<div>we modify the function to accept those two arguments as
below.</div>
<div><br>
</div>
<div>diff --git a/thalerj/openbmctool.py
b/thalerj/openbmctool.py</div>
<div>index c2bce07..834d812 100755</div>
<div>--- a/thalerj/openbmctool.py</div>
<div>+++ b/thalerj/openbmctool.py</div>
<div>@@ -2595,7 +2595,15 @@ def enableLDAP(host, args, session):</div>
<div> 'OpenLDAP' :
'xyz.openbmc_project.User.Ldap.Create.Type.OpenLdap'</div>
<div> }</div>
<div><br>
</div>
<div>- data = {"data": [args.uri, args.bindDN, args.baseDN,
args.bindPassword, scope[args.scope],
serverType[args.serverType]]}</div>
<div>+ usernameAttribute = ""</div>
<div>+ if args.usernameAttribute:</div>
<div>+ usernameAttribute = args.usernameAttribute</div>
<div>+</div>
<div>+ groupnameAttribute = ""</div>
<div>+ if args.groupnameAttribute:</div>
<div>+ groupnameAttribute = args.groupnameAttribute</div>
<div>+</div>
<div>+ data = {"data": [args.uri, args.bindDN, args.baseDN,
args.bindPassword, scope[args.scope],
serverType[args.serverType], usernameAttribute,
groupnameAttribute]}</div>
<div><br>
</div>
<div> try:</div>
<div> res = session.post(url, headers=jsonHeader,
json=data, verify=False, timeout=baseTimeout)</div>
<div>@@ -3915,6 +3923,8 @@ def createCommandParser():</div>
<div> help='Specifies the search scope:subtree, one
level or base object.')</div>
<div> parser_ldap_config.add_argument("-t", "--serverType",
choices=['ActiveDirectory','OpenLDAP'],</div>
<div> help='Specifies the configured server is
ActiveDirectory(AD) or OpenLdap')</div>
<div>+ parser_ldap_config.add_argument("-u",
"--usernameAttribute", required=True,
help="usernameAttribute")</div>
<div>+ parser_ldap_config.add_argument("-g",
"--groupnameAttribute", required=True,
help="groupnameAttribute")</div>
<div> parser_ldap_config.set_defaults(func=enableLDAP)</div>
<div><br>
</div>
<div> # disable LDAP</div>
<div><br>
</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
<div>Kevin WM Chen</div>
<div><br>
</div>
<div><br>
</div>
</div>
<div class="moz-cite-prefix">On 7/8/19 4:27 PM, Ratan Gupta wrote:<br>
</div>
<blockquote type="cite"
cite="mid:fffcb49e-2d37-f52d-f680-bedc0ca9e826@linux.vnet.ibm.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<p><font size="-1">Hi Kevin,</font></p>
<p><font size="-1">Please get me the redfish commands which you
used to configure the LDAP.</font></p>
<font size="-1">I just want to know the following info:<br>
=> What is your backend LDAP server(AD/openLDAP)?<br>
=> Did you try to connect your LDAP server with some other
external LDAP client? I normally use the ldapsearch(opensource
utility).<br>
But there are some GUI based clients(jxplorer) also.</font>
<p><font size="-1">Ratan</font></p>
<div class="moz-cite-prefix">On 05/07/19 3:32 PM, Kevin WM Chen
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ca3c7cba-429c-034c-bd63-0f42c6c5a1a2@insyde.com">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">Hi Ratan,</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;"><br>
</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">This is Kevin with Insyde, a
software vendor for BIOS and BMC.</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">We are now elaborating on
enabling centralized user authentication based on LDAP
service for OpenBMC v2.6.</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">We made some progress but
cannot make the user successfully logging via bmcweb.</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">Our platform to run OpenBMC is
ast2500evb.</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">The debug log I embedded into
bmcweb shows that pam_tally2.so did not find LDAP user and
this caused login via bmcweb failed.</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">The package checkout points is
as below:<br>
bmcweb: b97b9c3600<br>
phosphor-user-manager: 95a2931473<br>
phosphor-dbus-interfaces: 096a5af0a3<br>
phosphor-webui: 511a2bbc55</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;"><br>
</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">Please advise us how to fix
the problem, or if there is any document available, please
let us know.</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">Thank you,</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;"><br>
</p>
<p style="color: rgb(34, 34, 34); font-family: Verdana,
sans-serif; font-size: 14px;">Kevin WM Chen</p>
<pre class="moz-signature" cols="72">--
Kevin WM Chen 陳韋民
Insyde Software Corp.
Email : <a class="moz-txt-link-abbreviated" href="mailto:kevinwm.chen@insyde.com" moz-do-not-send="true">kevinwm.chen@insyde.com</a>
Tel : +886-2-6608-3688 # 8562
</pre>
</blockquote>
</blockquote>
<pre class="moz-signature" cols="72">--
Kevin WM Chen 陳韋民
Insyde Software Corp.
Email : <a class="moz-txt-link-abbreviated" href="mailto:kevinwm.chen@insyde.com" moz-do-not-send="true">kevinwm.chen@insyde.com</a>
Tel : +886-2-6608-3688 # 8562
</pre>
</blockquote>
</body>
</html>