Authorization of LDAP users in bmcweb
RAJESWARAN THILLAIGOVINDAN
rajeswaran.thillaigovindan at gmail.com
Fri Apr 3 21:16:35 AEDT 2020
LDAP authentication commit is :
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/27952 and it has
been merged to the master.
Thanks,
T.Rajeswaran
On 01-04-2020 00:50, Alexander Amelkin wrote:
> 16.10.2019 14:13, RAJESWARAN THILLAIGOVINDAN пишет:
>>
>> On 09-10-2019 23:25, Ed Tanous wrote:
>>> I'd rather we discuss on the mailing list, so others can have input,
>>> and
>>> we've documented our conversation for archival later. I appreciate the
>>> offer though.
>
> That was a wise decision. Although it didn't help me here, it did
> clarify some things.
>
> What I would like to know is: is LDAP authentication fully working in
> master now?
>
> We're trying to configure it with Intel-BMC/openbmc/intel for wolfpass
> target and it looks like LDAP support is somehow incomplete.
>
> I configure binding to the server and try to authenticate with an LDAP
> user in WebUI, but I get a message in journalctl that requirement
> "user in group redfish" is not met by the user, and an "Invalid
> username or password" appears in the web browser. I don't see any
> means in WebUI to include any remote users to 'redfish' group. Adding
> the user to an LDAP group 'redfish' doesn't help (why would it?).
>
> Trying to log in to shell also fails without any diagnostics, just
> "authentication failure".
>
> After reading the user_management.md I would expect the following
> scenario:
>
> 1. I enter credentials for LDAP binding
> 2. I list LDAP groups with their respective OpenBMC privileges
> 3. I log in with an LDAP user without any errors and get the privilege
> according to the LDAP/OpenBMC group mapping set up in 2)
>
> Currently it doesn't work like that for me.
>
> So the question is: is it Intel-BMC/openbmc repo that is not up to
> date or is it LDAP support in openbmc/openbmc also incomplete? Or am I
> doing anything wrong?
>
> Thank you for any help.
>
More information about the openbmc
mailing list