Mapping LDAP group to user roles
Tom Joseph
tomjose at linux.vnet.ibm.com
Wed Aug 29 00:55:02 AEST 2018
On Thursday 23 August 2018 09:59 PM, Tanous, Ed wrote:
>>> It would be great if you could document your proposal as a patch to the
>> existing user management document here:
>>> https://github.com/openbmc/docs/blob/master/user_management.md
>> https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/12091/
> This is a great start, but a lot of detail seems to be missing. You don't mention anything of the two user roles you mentioned in your original email. Has that changed? I don't see any mention of the dbus interface, has that changed? I don't see that you've modified any of the login flows in the document, but the LDAP section talks about authorizing users via DBus, which certainly should include changes to the flow diagrams.
Thanks Ed for the feedback. The D-Bus interface is updated to support
all the privilege roles supported by OpenBMC. The document ha sonly the
user creation flows. Richard mentioned he has the login flows updated in
the downstream and he will upstream it. So I will update the
authorization flow on top of that.
Documentation:
https://gerrit.openbmc-project.xyz/#/c/openbmc/docs/+/12091/
D-Bus Interface:
https://gerrit.openbmc-project.xyz/#/c/openbmc/phosphor-dbus-interfaces/+/12027/
> It would be great if you could take another pass at this, and see if you could add a little more detail to your proposal.
>
> Thanks,
>
> -Ed
More information about the openbmc
mailing list