IPMI user account with LDAP/Active Directory

Ratan Gupta ratagupt at linux.vnet.ibm.com
Thu Jul 12 16:18:56 AEST 2018


Hi Tom.

 > As IPMI requires clear text password my understanding is that LDAP/AD 
is not suitable for IPMI user account management.
Is the purpose of LDAP/AD to support authentication from UI along with 
IPMI user accounts on the BMC?
Also LDAP/AD cannot be used for IPMI session setup as passwords are 
stored as one-way hash and cannot be retrieved.

Seems ldap gets the way through which we can access the password.

e.g.

|sudo ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" 
"(olcRootDN=*)" dn olcRootDN olcRootPW Regards Ratan Gupta |



On Tuesday 10 July 2018 12:44 AM, Tom Joseph wrote:
> Hello,
>
> I came across the user guide of MegaRAC, SuperMicro etc mentioning 
> about the LDAP/Active directory settings.
> (Example: 
> https://argonsys.com/learn-microsoft-cloud/articles/supermicro-ipmi-active-directory-integration/)
>
> As IPMI requires clear text password my understanding is that LDAP/AD 
> is not suitable for IPMI user account management.
> Is the purpose of LDAP/AD to support authentication from UI along with 
> IPMI user accounts on the BMC?
> Also LDAP/AD cannot be used for IPMI session setup as passwords are 
> stored as one-way hash and cannot be retrieved.
>
> Any thoughts?
>
> Regards,
> Tom
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180712/531b0a73/attachment-0001.html>


More information about the openbmc mailing list