LDAP authentication is not working
Thomaiyar, Richard Marian
richard.marian.thomaiyar at linux.intel.com
Wed May 20 01:21:17 AEST 2020
Agree. As for LDAP user we defined privilege related mapping only and
not group based authentication restriction. I think adding group based
authentication for ldap users immediately, is not good option, as it
must be done with agreement from everyone.
Quick solution is to skip the pam_succeed_if check if it is local user
using pam_localuser module. i.e. using user_unknown condition to skip
the pam_succeed_if, we can skip the group check for ldap users, and
still continue for local users.
Note: I am OK, if you want to revert the fix immediately, i can roll out
the fix this weekend after testing.
Regards,
Richard
On 5/19/2020 3:35 PM, Ratan Gupta wrote:
> in the LDAP server and put the ldap user under the newly created
> "redfish" group
> but that didn't help as same group is listed in both places(Local,LDAP)
>
> As I explained above local database will get priortize over LDAP
>
> Hence there would be failure. Now we have following option
>
> Priortize LDAP over Local if LDAP is enabled but in that case the same
> problem will occur for the local user.
>
> We have upstream tagging is planned for this week and with the commit
> below LDAP is broken
>
> (https://github.com/openbmc/bmcweb/commit/cd17b26c893ba9dd1dcb0d56d725f2892c57e125.)
>
>
> Should we revert it or do you have any plans?
>
> Please let me know your thoughts.
More information about the openbmc
mailing list