Authorization of LDAP users in bmcweb

RAJESWARAN THILLAIGOVINDAN rajeswaran.thillaigovindan at gmail.com
Fri Apr 3 21:16:35 AEDT 2020


LDAP authentication commit is : 
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/27952 and it has 
been merged to the master.

Thanks,
T.Rajeswaran
On 01-04-2020 00:50, Alexander Amelkin wrote:
> 16.10.2019 14:13, RAJESWARAN THILLAIGOVINDAN пишет:
>>
>> On 09-10-2019 23:25, Ed Tanous wrote:
>>> I'd rather we discuss on the mailing list, so others can have input, 
>>> and
>>> we've documented our conversation for archival later.  I appreciate the
>>> offer though.
>
> That was a wise decision. Although it didn't help me here, it did 
> clarify some things.
>
> What I would like to know is: is LDAP authentication fully working in 
> master now?
>
> We're trying to configure it with Intel-BMC/openbmc/intel for wolfpass 
> target and it looks like LDAP support is somehow incomplete.
>
> I configure binding to the server and try to authenticate with an LDAP 
> user in WebUI, but I get a message in journalctl that requirement 
> "user in group redfish" is not met by the user, and an "Invalid 
> username or password" appears in the web browser. I don't see any 
> means in WebUI to include any remote users to 'redfish' group. Adding 
> the user to an LDAP group 'redfish' doesn't help (why would it?).
>
> Trying to log in to shell also fails without any diagnostics, just 
> "authentication failure".
>
> After reading the user_management.md I would expect the following 
> scenario:
>
> 1. I enter credentials for LDAP binding
> 2. I list LDAP groups with their respective OpenBMC privileges
> 3. I log in with an LDAP user without any errors and get the privilege 
> according to the LDAP/OpenBMC group mapping set up in 2)
>
> Currently it doesn't work like that for me.
>
> So the question is: is it Intel-BMC/openbmc repo that is not up to 
> date or is it LDAP support in openbmc/openbmc also incomplete? Or am I 
> doing anything wrong?
>
> Thank you for any help.
>


More information about the openbmc mailing list