LDAP group privilege mapping does not exist

Joseph Reynolds jrey at linux.ibm.com
Sat Dec 5 04:28:31 AEDT 2020


On 12/4/20 4:01 AM, Venkata Chandrappa wrote:
> Thanks for the response.
>
> Could you help to share a basic LDAP server LDIF file with an user who is a member of a group with the privileges assigned, somethingthat you've already tested. I've also attached the LDIF file that I've used for my tests. I want to rule out LDAP configuration errors that I may be overlooking before I dwelve into the BMC side investigation.

Good questions.  Thanks for asking and answering!

Have you seen the LDAP tests here?: 
https://github.com/openbmc/openbmc-test-automation/blob/master/redfish/account_service/test_ldap_configuration.robot

When we have a consensus answer, I would like to link to it or summarize 
it here: https://github.com/openbmc/openbmc/wiki/Configuration-guide

- Joseph

> Best Regards,
> Venka
>
> -----Original Message-----
> From: Derick Montague [mailto:Derick.Montague at ibm.com]
> Sent: Friday, December 4, 2020 6:55 AM
> To: Venkata Chandrappa
> Cc: openbmc at lists.ozlabs.org
> Subject: Re: LDAP group privilege mapping does not exist
>
>> Journal logs seem to indicate the mapping doesn’t exist, so I’m wondering if
>> the role groups added in BMC web have been setup correctly.
>     
> I can't speak to that, but we had tested role groups when the view was created
> and we were able to login and perform actions.
>     
>> One more thing to note is when I added the role group, there was a 404 response
>> generated. However, on refreshing the page or navigating back to the page, the role
>> group was added successfully.
>     
> That was fixed in https://gerrit.openbmc-project.xyz/c/openbmc/webui-vue/+/38618. It was
> a UI issue, but the API request was successful as you noticed by refreshing the page.
>



More information about the openbmc mailing list