"To add custom local role maps include the ldap argument with the --addrolemap option with the form PrivNum1;PrivNum2;...:RemoteRoleGroup:OptionalSID. Numbers of privileges can be found in the help text."
Example into the site:
iLOrest > directory ldap --addrolemap "10;2;3:Another remote role:S-1-7-23"
Changing settings...
The operation completed successfully.
Updating privileges of created role maps...
The operation completed successfully.
Updated privileges for ANOTHERETSTT
The operation completed successfully.
Updated privileges for A TESTTT:S-1-7-23
And into the 'ilorest directory ldap -h'
--addrolemap [ROLES ...], --removerolemap [ROLES ...]
Optionally add this flag to add or remove Role Mapping(s) for the LDAP and Kerberos services. Remove EX:
--removerolemap LocalRole1;LocalRole2 Add EX: --addrolemap "LocalRole1:RemoteGroup3;LocalRole2:RemoteGroup4
"SID EX: --addrolemap "LocalRole1:RemoteGroup2;SID,LocalRole2:RemoteGroup5:SID NOTE 1: Create a custom
local role group (and subsequently assign to a role map)by adding the numbers associated with privilege(s)
desired separated by a semicolon(;) NOTE 2: SID is optional
So trying to use here I'm not able to add properly.
Hi,
I'm trying to add some remote group against the server and looks like there is a bug.
According the doc (https://servermanagementportal.ext.hpe.com/docs/redfishclients/ilorest-userguide/ilocommands/#directory-command):
"To add custom local role maps include the ldap argument with the --addrolemap option with the form PrivNum1;PrivNum2;...:RemoteRoleGroup:OptionalSID. Numbers of privileges can be found in the help text."
Example into the site:
And into the 'ilorest directory ldap -h'
--addrolemap [ROLES ...], --removerolemap [ROLES ...] Optionally add this flag to add or remove Role Mapping(s) for the LDAP and Kerberos services. Remove EX: --removerolemap LocalRole1;LocalRole2 Add EX: --addrolemap "LocalRole1:RemoteGroup3;LocalRole2:RemoteGroup4 "SID EX: --addrolemap "LocalRole1:RemoteGroup2;SID,LocalRole2:RemoteGroup5:SID NOTE 1: Create a custom local role group (and subsequently assign to a role map)by adding the numbers associated with privilege(s) desired separated by a semicolon(;) NOTE 2: SID is optional
So trying to use here I'm not able to add properly.
# ilorest directory ldap --addrolemap "1;2;3;4;5:CN=LinuxiLOAdmins,OU=bbbbb,OU=cccc,OU=ddddd,DC=xxxxx,DC=yyyyy,DC=com" iLORest : RESTful Interface Tool version 4.8.0.0 Copyright (c) 2014-2024 Hewlett Packard Enterprise Development LP
usage: directory ldap [-h] [--enable [ENABLE ...]] [--addsearch [SEARCH ...]] [--serviceaddress SERVICEADDRESS] [--port PORT] [--addrolemap [ROLES ...]] [--enablelocalauth [LOCALAUTH ...]] [--authentication {DefaultSchema,ExtendedSchema}] [--url URL] [--sessionid SESSIONID] [-u USER] [-p PASSWORD] [-o LOGIN_OTP] [--biospassword BIOSPASSWORD] [--https HTTPS_CERT] [--usercert USER_CERTIFICATE] [--userkey USER_ROOT_CA_KEY] [--userpassphrase USER_ROOT_CA_PASSWORD] [--includelogs] [--path PATH] [--force_vnic] [--logout] [-j] [USERNAME] [PASSWORD] directory ldap: error: Supply roles to add in form:
Error:
Just works using the Local roles:
ReadOnly/Operator/Administrator
See below:
# ilorest directory ldap --addrolemap "Operator:CN=LinuxiLOAdmins,OU=bbbbb,OU=cccc,OU=ddddd,DC=xxxxx,DC=yyyyy,DC=com" iLORest : RESTful Interface Tool version 4.8.0.0 Copyright (c) 2014-2024 Hewlett Packard Enterprise Development LP
Changing settings... The operation completed successfully.