Unable to Establish successful LDAP connection

[manojdesd]

Issue: Unable to establish a successful LDAP connection and LOGIN and use the LDAP user.

OpenBMC version - 2.9

Steps:

1. I gave the input to field Server URI: ldap:// in LDAP configuration page in BMC.
2. I got the BASE DN from this command $ dsquery* from the LDAP server.
3. I got the BIND DN from this command $ dsquery user -name . From the user which i had created in the LDAP server.
4. I filled in all the inputs to the LDAP configuration page in BMC.
5. I added the created user to the admin privilege group in BMC webpage.

6. But when I try to login through with LDAP user and password I couldn't access the server so i manually added the user into the redfish group using the command $ usermod -a -G redfish like adding any other local user I had to do it.
7. After that I could login to the server but I couldn't do any operations at all. It shows "unauthorized"

My question is : why I couldn't login without adding the user to the redfish group? why does it show unauthorized even after adding to the redfish group?

Please help me with this. What am I missing to do? Do I need to preconfigure anything else in order to have a successful connection? Is it a problem with my steps?

[manojdesd]

Please help me in this. I have tried many times, couldn't configure it right. OpenBMC community help me.

[manojdesd]

@gtmills Please help me in this, or can you guide someone to help me with the LDAP configuration. I have tried many things, nothing has worked for me. Please help.

[gtmills]

Hi, Do these same commands work via Redfish? You can go to the network tab on the browser developer tools to see the requests/responses. I doubt this is a problem with phosphor-webui and instead looks like a problem with your setup or a user management bug. Note: most community members have moved away from phoshor-webui and to https://github.com/openbmc/webui-vue

There is some LDAP documentation here: https://github.com/openbmc/phosphor-user-manager/blob/18c1b42c1612e0e8d8f5cd9973bba09b447c7185/docs/README.md

@ratagupt do you see anything?

[manojdesd]

Hi @gtmills

Thank you for your response. Since this is the older project, still using the phosphor-webui, so won't be able to use webui-vue. I have tried a unsecure LDAP config, but it hasn't worked. Through redfish commands I will try and get back to you.

[ratagupt]

@manojdesd : It is a working code and we have been using it since long...I don't have the setup right now, @gkeishin @prakatti1 Can you help in configuring the setup? I will be looking at my notes to share the setup details. As per me this is a ldap setup/configuration problem

But when I try to login through with LDAP user and password I couldn't access the server so i manually added the user into the redfish group using the command $ usermod -a -G redfish like adding any other local user I had to do it.

You don't need to run the usermod cmd

@gkeishin : Can you also confirm that do we need to run the usermod cmd to put the ldap user in the redfish group?

[manojdesd]

@ratagupt thank you for your insights. Yeah please do share the setup details.