Authorization of LDAP users in bmcweb

[CS20 KFTing]

Hi Alex:

Please help try the patch from https://github.com/Nuvoton-Israel/openbmc/blob/runbmc/meta-quanta/meta-olympus-nuvoton/recipes-extended/pam/libpam/pam_succeed_if_support_ldap_user_login.patch to libpam and see how it goes.

Besides the patch, the user from the ldap server needs to be in the "redfish" group in the ldap server database and it's already done according to your description.

The requirement "user in group redfish" is controlled by the pam_succeed_if module when a user tries to login via WebUI and the original implementation in pam_succeed_if module has some limitation on group identification.

Any update is welcome.

Thank you.

Regards,
Tyrone

________________________________
The privileged confidential information contained in this email is intended for use only by the addressees as indicated by the original sender of this email. If you are not the addressee indicated in this email or are not responsible for delivery of the email to such a person, please kindly reply to the sender indicating this fact and delete all copies of it from your computer and network server immediately. Your cooperation is highly appreciated. It is advised that any unauthorized use of confidential information of Nuvoton is strictly prohibited; and any information in this email irrelevant to the official business of Nuvoton shall be deemed as neither given nor endorsed by Nuvoton.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200401/406a0089/attachment.htm>