LDAP group privilege mapping does not exist

Venkata Chandrappa Venkata_Chandrappa at phoenix.com
Fri Dec 4 02:20:29 AEDT 2020


Hi Everyone,

I'm looking for information regarding privilege mapping of LDAP users. I have a LDAP server running with a group set to "priv-admin" privileges and there is one user added to this group. After setting the LDAP data in BMC web, I've added a Role Group with the same name as the LDAP group name and assigned administrator privileges to it. The LDAP user is able to login to the BMC web and redfish, however the user cannot perform any actions that an administrator is allowed to perform, even viewing information in the overview page is disallowed.

Journal logs seem to indicate the mapping doesn't exist, so I'm wondering if the role groups added in BMC web have been setup correctly.
phosphor-user-manager[257]: LDAP group privilege mapping does not exist
One more thing to note is when I added the role group, there was a 404 response generated. However, on refreshing the page or navigating back to the page, the role group was added successfully.

I'm hoping this is a LDAP configuration issue and appreciate if someone could provide some direction on this. Thanks.

Best Regards,
Venka
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20201203/68ac9395/attachment-0001.htm>


More information about the openbmc mailing list