Authorization of LDAP users in bmcweb
CS20 KFTing
KFTING at nuvoton.com
Wed Apr 1 18:40:00 AEDT 2020
Hi Alex:
Please help try the patch from https://github.com/Nuvoton-Israel/openbmc/blob/runbmc/meta-quanta/meta-olympus-nuvoton/recipes-extended/pam/libpam/pam_succeed_if_support_ldap_user_login.patch to libpam and see how it goes.
Besides the patch, the user from the ldap server needs to be in the "redfish" group in the ldap server database and it's already done according to your description.
The requirement "user in group redfish" is controlled by the pam_succeed_if module when a user tries to login via WebUI and the original implementation in pam_succeed_if module has some limitation on group identification.
Any update is welcome.
Thank you.
Regards,
Tyrone
________________________________
The privileged confidential information contained in this email is intended for use only by the addressees as indicated by the original sender of this email. If you are not the addressee indicated in this email or are not responsible for delivery of the email to such a person, please kindly reply to the sender indicating this fact and delete all copies of it from your computer and network server immediately. Your cooperation is highly appreciated. It is advised that any unauthorized use of confidential information of Nuvoton is strictly prohibited; and any information in this email irrelevant to the official business of Nuvoton shall be deemed as neither given nor endorsed by Nuvoton.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200401/406a0089/attachment.htm>
More information about the openbmc
mailing list