IPMI user account with LDAP/Active Directory
Ratan Gupta
ratagupt at linux.vnet.ibm.com
Thu Jul 12 16:18:56 AEST 2018
Hi Tom.
> As IPMI requires clear text password my understanding is that LDAP/AD
is not suitable for IPMI user account management.
Is the purpose of LDAP/AD to support authentication from UI along with
IPMI user accounts on the BMC?
Also LDAP/AD cannot be used for IPMI session setup as passwords are
stored as one-way hash and cannot be retrieved.
Seems ldap gets the way through which we can access the password.
e.g.
|sudo ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config"
"(olcRootDN=*)" dn olcRootDN olcRootPW Regards Ratan Gupta |
On Tuesday 10 July 2018 12:44 AM, Tom Joseph wrote:
> Hello,
>
> I came across the user guide of MegaRAC, SuperMicro etc mentioning
> about the LDAP/Active directory settings.
> (Example:
> https://argonsys.com/learn-microsoft-cloud/articles/supermicro-ipmi-active-directory-integration/)
>
> As IPMI requires clear text password my understanding is that LDAP/AD
> is not suitable for IPMI user account management.
> Is the purpose of LDAP/AD to support authentication from UI along with
> IPMI user accounts on the BMC?
> Also LDAP/AD cannot be used for IPMI session setup as passwords are
> stored as one-way hash and cannot be retrieved.
>
> Any thoughts?
>
> Regards,
> Tom
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180712/531b0a73/attachment-0001.html>
More information about the openbmc
mailing list