RFC: LDAP Configuration
Ratan Gupta
ratagupt at linux.vnet.ibm.com
Thu Jul 26 22:14:44 AEST 2018
Hi All,
Regarding Git hub issue : https://github.com/openbmc/openbmc/issues/3305
Per my analysis following are the desired/mandatory parameters which
needs to be configured -
1) Global for all LDAP servers
LDAP certificate configuration(/assuming same certificate can be used
for all the LDAP servers in the case of secure ldap/).
Certificate configuration would be done with separate activity.
2) Specific to each LDAP server
a)LDAP server IP
b)Secure v/s Non secure LDAP
c)Search Base: Where the search should start on the ldap server
d)Scope of the search: One level or search till the end of the tree.
Users would be allowed to configure multiple LDAP servers.
_*Methods to configure*_
Option 1) Define the D-Bus API which takes all these parameters and
updates the configuration files accordingly.
/Pros: Not tied to a specific ldap client(sssd/openLDAP)/
Option 2) Upload the configuration file directly(/sssd.conf //&//ldap.conf/)
/Cons: Additional overhead of doing file parsing and more bad path
validations than option 1)/
/In the option2 don't do any validation and copy the conf file but
expecting user should validate the correctness of the conf file.
/
/Need opinion from the community members on this proposal on the methods
to configure./
/Regards/
/Ratan Gupta
/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180726/9aab8420/attachment.html>
More information about the openbmc
mailing list