Redfish query(AccountService)

Ratan Gupta ratagupt at linux.vnet.ibm.com
Wed Feb 13 21:19:16 AEDT 2019


Hi,

Need your input on following query

As part of the the github story 
https://github.com/ibm-openbmc/dev/issues/232 which is to support the 
"RemoteRoleMapping" under LDAP property in AccountService

RemoteRoleMapping is a property of type collection of mapping rules 
under LDAP property.

eg GET Request is as follows(truncated output)

"LDAP": {
             "RemoteRoleMapping": [
             {
                 "RemoteUser": "cn=Manager,dc=example,dc=org",
                 "LocalRole": "Admin"
             },
         {
                 "RemoteUser": "cn=Admins,ou=Groups,dc=example,dc=org",
                 "LocalRole": "Admin"
             },
             {
                 "RemoteUser": "cn=PowerUsers,ou=Groups,dc=example,dc=org",
                 "LocalRole": "Operator"
             },
     ]
}

We have the following use cases for the PATCH request on RemoteRoleMapping

=> How to add the Role Mapping?

  PATCH { "RemoteRoleMapping": [{"RemoteUser": 
"Admingroup15","LocalRole": "User"},{"RemoteUser": "Admingroup13", 
"LocalRole": "Administrator"},{"RemoteUser": "Admingroup14", 
"LocalRole": "Operator"}]}

With the above PATCH request all the above role mapping gets added.

=> How to delete a specific role mapping,

let's continue the above eg, After addding the above roles mapping, user 
want to delete the second mapping which is ({"RemoteUser": 
"Admingroup13", "LocalRole": "Administrator"})

Following PATCH request would be used.
PATCH {"RemoteRoleMapping": [{},null,{}]}'

Now we have the following two roles mapping

{"RemoteUser": "Admingroup15",
   LocalRole": "User"
}
{"RemoteUser": "Admingroup14",
  "LocalRole": "Operator"
}


=> Let's take a case where user want to update the second role mapping, 
User would use the following PATCH request.

PATCH {"RemoteRoleMapping": [{},{"RemoteUser": 
"NewUserName","LocalRole": "Operator"}]}

Do you see any other use case for the PATCH request for the 
"RemoteRoleMapping" or any changes in the above PATCH request?

Looking for your inputs

Ratan



More information about the openbmc mailing list