aix:hmc_ldap_ad
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
aix:hmc_ldap_ad [2022/04/04 15:23] manu created |
aix:hmc_ldap_ad [2023/02/15 22:02] (current) manu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== HMC connection to AD / LDAP ====== | ||
| + | First remove the previous LDAP config | ||
| + | <cli prompt='>'> | ||
| + | hscroot@hmc:~> chhmcldap -o r -r ldap | ||
| + | </cli> | ||
| + | Add a CA certificate for AD LDAP (copy the certificate to /home/hscroot/ca2.mydom.cer | ||
| + | <cli prompt='>'> | ||
| + | hscroot@hmc:~> getfile -t ldapcacert -l l -f /home/hscroot/ca2.mydom.cer -a 'MYDOM_ca2.cer' | ||
| + | </cli> | ||
| + | |||
| + | Configure AD connexion: use this format | ||
| + | ldaps://ldapserver1.mydom.lu:636 (so param must be --starttls 0) | ||
| + | |||
| + | <cli prompt='>'> | ||
| + | hscroot@hmc:~> chhmcldap -o s --primary ldaps://ldapserver1.mydom.lu:636 --basedn "OU=Users,OU=Users & Groups,DC=mydom,DC=test,DC=lu" --loginattribute sAMAccountName --automanage 1 --auth ldap --binddn "CN=ldap user,OU=Users,OU=Users & Groups,DC=mydom,DC=test,DC=lu" --bindpw "xxxxxxxxxxxx" --starttls 0 --automanage 0 | ||
| + | |||
| + | hscroot@hmc:~> lshmcldap -r config -v | ||
| + | primary=ldaps://ldapserver1.mydom.lu:636,backup=,"basedn=OU=Users,OU=Users & Groups,DC=mydom,DC=test,DC=lu",timelimit=30,bindtimelimit=30,referrals=1,ssl=0,loginattribute=sAMAccountName,hmcauthnameattribute=userPrincipalName,hmcuserpropsattribute=description,"binddn=CN=ldap user,OU=Users,OU=Users & Groups,DC=mydom,DC=test,DC=lu",bindpwset=1,automanage=1,auth=ldap,searchfilter=,scope=sub,tlscacert=,hmcgroups=,authsearch=base,tlsreqcert=never | ||
| + | |||
| + | Details: | ||
| + | |||
| + | Get LDAP Config: | ||
| + | |||
| + | Validate LDAP Configuration: | ||
| + | |||
| + | hscroot@hmc:~> lshmcldap -r user | ||
| + | name=user01,description=,remote_user_name=,user_properties= | ||
| + | name=user02,description=,remote_user_name=,user_properties= | ||
| + | name=user03,description=,remote_user_name=,user_properties= | ||
| + | name=user04,description=,remote_user_name=,user_properties= | ||
| + | ... | ||
| + | </cli> | ||
| + | |||
| + | Give rights to the different users | ||
| + | <cli prompt='>'> | ||
| + | hscroot@hmc:~> mkhmcusr -i "name=user01,taskrole=hmcsuperadmin,authentication_type=ldap,remote_webui_access=1,description="Myuser"" | ||
| + | |||
| + | hscroot@hmc:~> lshmcusr | ||
| + | name=user01,taskrole=hmcsuperadmin,description=HMC User,pwage=99999,resourcerole=ALL:,authentication_type=ldap,remote_webui_access=1,remote_ssh_access=1,min_pwage=0,session_timeout=0,verify_timeout=15,idle_timeout=120,inactivity_expiration=0,resources=<ResourceID = ALL:><UserDefinedName = AllSystemResources>,disabled=0,passwd_authentication=0 | ||
| + | ... | ||
| + | </cli> | ||
| + | |||
| + | Now try a connection on the Web UI, without domain ! | ||
| + | |||
| + | If not possible to registryer a user, try | ||
| + | <cli prompt='>'> | ||
| + | hscroot@hmc:~> chhmcldap -o s --automanage 0 | ||
| + | </cli> | ||
aix/hmc_ldap_ad.1649078616.txt.gz ยท Last modified: 2022/04/04 15:23 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
