Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

redfish/account_service/test_ldap_configuration #2253

Open
fangkaiyu2023 opened this issue Oct 16, 2024 · 6 comments
Open

redfish/account_service/test_ldap_configuration #2253

fangkaiyu2023 opened this issue Oct 16, 2024 · 6 comments

Comments

@fangkaiyu2023
Copy link

fangkaiyu2023 commented Oct 16, 2024
edited
Loading

LDAP user with Operator privilege is able to add or delete IP address, so the expected valid_status_code should be HTTP_OK.
操作员
@mdmillerii
Copy link

Is this reporting that the Operator is supposed to have this access or is bmcweb not enforcing and the testcase detects the issue?

@fangkaiyu2023
Copy link
Author

@mdmillerii the Operator is supposed to have this access

@gkeishin
Copy link
Member

@prkatti1 @swe12345 Please look into this.

@prkatti1
Copy link
Contributor

ldap operator user should not be able add ip delete ip of the system

@fangkaiyu2023
Copy link
Author

@prkatti1 Thank you for your reply! However, based on my testing, I discovered that in OpenBMC 2.11.0 and 2.17.0-dev, the operator user is able to add or delete IP addresses through bmcweb (Redfish API). Below, I’ve outlined my testing environment and results:

image
image
image
image

@prkatti1
Copy link
Contributor

Pls open a defect

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mdmillerii @gkeishin @prkatti1 @fangkaiyu2023