On ti, 11 syys 2018, Andrew Gurinovich via FreeIPA-users wrote:
I'm trying to enable ldap auth for our server ipmi interface. I would like
to allow access to members of ipmi_admin group only.
I constructed the following query and it works OK:
ldapsearch -W -b "cn=users,cn=accounts,dc=deleted,dc=loc"
However, due to ipmi limitations, there is no way to specify search query,
i can only customize searchbase.
What query does ipmi interface use? You can
discover that from the
access log of the directory server. What attributes it expects to
Is there any way to create a DIT subtree that will only contain users
I'm thinking maybe there is an analog of sql views where you can create a
`view` that searches some other subtree with predefined search query?
There is no
such thing. However, you can use slapi-nis plugin ("compat
tree") to generate this kind of view in cn=compat,dc=deleted,dc=loc.
We already have some examples (and default configuration for RFC2307
schema), you can get more details in https://pagure.io/slapi-nis/blob/master/f/doc
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland