* IPMI user account with LDAP/Active Directory @ 2018-07-09 19:14 Tom Joseph 2018-07-12 6:18 ` Ratan Gupta 0 siblings, 1 reply; 2+ messages in thread From: Tom Joseph @ 2018-07-09 19:14 UTC (permalink / raw) To: OpenBMC Maillist Hello, I came across the user guide of MegaRAC, SuperMicro etc mentioning about the LDAP/Active directory settings. (Example: https://argonsys.com/learn-microsoft-cloud/articles/supermicro-ipmi-active-directory-integration/) As IPMI requires clear text password my understanding is that LDAP/AD is not suitable for IPMI user account management. Is the purpose of LDAP/AD to support authentication from UI along with IPMI user accounts on the BMC? Also LDAP/AD cannot be used for IPMI session setup as passwords are stored as one-way hash and cannot be retrieved. Any thoughts? Regards, Tom ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: IPMI user account with LDAP/Active Directory 2018-07-09 19:14 IPMI user account with LDAP/Active Directory Tom Joseph @ 2018-07-12 6:18 ` Ratan Gupta 0 siblings, 0 replies; 2+ messages in thread From: Ratan Gupta @ 2018-07-12 6:18 UTC (permalink / raw) To: openbmc [-- Attachment #1: Type: text/plain, Size: 1242 bytes --] Hi Tom. > As IPMI requires clear text password my understanding is that LDAP/AD is not suitable for IPMI user account management. Is the purpose of LDAP/AD to support authentication from UI along with IPMI user accounts on the BMC? Also LDAP/AD cannot be used for IPMI session setup as passwords are stored as one-way hash and cannot be retrieved. Seems ldap gets the way through which we can access the password. e.g. |sudo ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW Regards Ratan Gupta | On Tuesday 10 July 2018 12:44 AM, Tom Joseph wrote: > Hello, > > I came across the user guide of MegaRAC, SuperMicro etc mentioning > about the LDAP/Active directory settings. > (Example: > https://argonsys.com/learn-microsoft-cloud/articles/supermicro-ipmi-active-directory-integration/) > > As IPMI requires clear text password my understanding is that LDAP/AD > is not suitable for IPMI user account management. > Is the purpose of LDAP/AD to support authentication from UI along with > IPMI user accounts on the BMC? > Also LDAP/AD cannot be used for IPMI session setup as passwords are > stored as one-way hash and cannot be retrieved. > > Any thoughts? > > Regards, > Tom > [-- Attachment #2: Type: text/html, Size: 2079 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-12 6:19 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-07-09 19:14 IPMI user account with LDAP/Active Directory Tom Joseph 2018-07-12 6:18 ` Ratan Gupta
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).