Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-user-manager / 5686206103721b8cc452179b4947ad67e3571bcf
commit5686206103721b8cc452179b4947ad67e3571bcf[log] [tgz]
authorJiaqing Zhao <jiaqing.zhao@intel.com>Tue May 31 19:16:09 2022 +0800
committerJiaqing Zhao <jiaqing.zhao@intel.com>Mon Jan 09 02:26:38 2023 +0000
treebc2fbe14edb6d67a9942fb7cdd3558df2620cdfc
parentda401fe5d8b791d8ef2c08b02658b76fcb5864f2 [diff]
Implement default LDAP privilege role

According to OpenBMC documentation[1], "if there is no mapping for
group name to privilege role, default to user privilege role for the
session", meaning that LDAP users should have "priv-user" assigned
when there is no mapping entry matched.

[1] https://github.com/openbmc/docs/blob/master/architecture/user-management.md#authorization-flow

Tested:
* Configure LDAP with empty RemoteRoleMapping in redfish, then login
  BMC with an LDAP account, verified it has User privilege.
* Change the primary group of user from a grop without mapping to one
  mapped to Admin privilege on remote LDAP server, confirmed the user
  is mapped to priv-admin in BMC.

Change-Id: I374732f2895f40a671225ec0d1fafd7e4ae27dea
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
2 files changed
tree: bc2fbe14edb6d67a9942fb7cdd3558df2620cdfc
  1. docs/
  2. phosphor-ldap-config/
  3. subprojects/
  4. test/
  5. .clang-format
  6. .clang-tidy
  7. .gitignore
  8. .openbmc-enforce-gitlint
  9. file.hpp
  10. LICENSE
  11. mainapp.cpp
  12. meson.build
  13. meson_options.txt
  14. nslcd
  15. OWNERS
  16. phosphor-nslcd-cert-config.conf
  17. shadowlock.hpp
  18. user_mgr.cpp
  19. user_mgr.hpp
  20. users.cpp
  21. users.hpp