LDAP authentication is not working

Ratan Gupta ratagupt at linux.vnet.ibm.com
Tue May 19 20:05:57 AEST 2020

Hi Richard,

This is regarding the commit 

where "user without having redfish group user is not authenticated to 
query the details, and login will fail"

As per the pam authentication for the ldap user it gets the user details 
through pam_ldap module
which internally uses standard linux api (getpwnam_r), to fetch the user 
details like(group id of the group
which the LDAP/Local user is tied to)

Now once user gets authenticated by the first pam auth module, second 
auth module(pam_succeed_if.so) gets eXecuted
in following order


getgrnam_r("groupname") will fetch the groupID of the given group name 
in following order(as per the configuration)
=> Local

We created the new LDAP group named "redfish" in the LDAP server and put 
the ldap user under the newly created "redfish" group
but that didn't help as same group is listed in both places(Local,LDAP)

As I explained above local database will get priortize over LDAP

Hence there would be failure. Now we have following option

Priortize LDAP over Local if LDAP is enabled but in that case the same 
problem will occur for the local user.

We have upstream tagging is planned for this week and with the commit 
below LDAP is broken


Should we revert it or do you have any plans?

Please let me know your thoughts.

Ratan Gupta

More information about the openbmc mailing list