diff options
| author | Ratan Gupta <ratagupt@linux.vnet.ibm.com> | 2019-04-22 14:27:01 +0530 |
|---|---|---|
| committer | Ratan Gupta <ratagupt@linux.vnet.ibm.com> | 2019-06-24 14:41:55 +0530 |
| commit | eb2bbe56e4cce00f92d2f26fb66bfefefa28f929 (patch) | |
| tree | de2510ab9aa780c15216b0209382229f5c88c57b | |
| parent | ab828d7cba9f61019c27f3dfffe00eee264f96f7 (diff) | |
| download | bmcweb-eb2bbe56e4cce00f92d2f26fb66bfefefa28f929.tar.gz bmcweb-eb2bbe56e4cce00f92d2f26fb66bfefefa28f929.zip | |
Redfish: Implement PATCH operation for ActiveDirectory property in AccountService
With this commit PATCH operation on the ActiveDirectory property
would configure the ActiveDirectory on the OpenBMC.
If one of the config is enabled, user needs to disable the other config.
eg: If LDAP is enabled and user tries to enable the Active Diretory
user will get the error and user need to disable the LDAP first.
TestedBy:
Enable the LDAP service: PASS
Login through LDAP credentials : PASS
Enable the AD service throws error as LDAP is already enabled: PASS
Disable the LDAP service : PASS
Enable the AD service : PASS
Login through AD credentials: PASS
Login through LDAP credentials, should not be allowed: PASS
Detailed test results are at following location.
https://pastebin.com/ibX5nyAc
Change-Id: I36d17757db1542604dbf5215728ac30f4e91f610
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
| -rw-r--r-- | redfish-core/lib/account_service.hpp | 41 |
1 files changed, 30 insertions, 11 deletions
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp index 8d03a25..b4f6f96 100644 --- a/redfish-core/lib/account_service.hpp +++ b/redfish-core/lib/account_service.hpp @@ -636,6 +636,16 @@ class AccountService : public Node const std::vector<std::string>& params, const std::string& serverType) { + std::string dbusObjectPath; + if (serverType == "ActiveDirectory") + { + dbusObjectPath = ADConfigObject; + } + else if (serverType == "LDAP") + { + dbusObjectPath = ldapConfigObject; + } + std::optional<nlohmann::json> authentication; std::optional<nlohmann::json> ldapService; std::optional<std::string> accountProviderType; @@ -702,7 +712,8 @@ class AccountService : public Node getLDAPConfigData(serverType, [this, asyncResp, userName, password, baseDNList, userNameAttribute, groupsAttribute, accountProviderType, - serviceAddressList, serviceEnabled]( + serviceAddressList, serviceEnabled, + dbusObjectPath]( bool success, LDAPConfigData confData, const std::string& serverType) { if (!success) @@ -716,39 +727,39 @@ class AccountService : public Node // Disable the service first and update the rest of // the properties. handleServiceEnablePatch(false, asyncResp, serverType, - ldapConfigObject); + dbusObjectPath); } if (serviceAddressList) { handleServiceAddressPatch(*serviceAddressList, asyncResp, - serverType, ldapConfigObject); + serverType, dbusObjectPath); } if (userName) { handleUserNamePatch(*userName, asyncResp, serverType, - ldapConfigObject); + dbusObjectPath); } if (password) { handlePasswordPatch(*password, asyncResp, serverType, - ldapConfigObject); + dbusObjectPath); } if (baseDNList) { handleBaseDNPatch(*baseDNList, asyncResp, serverType, - ldapConfigObject); + dbusObjectPath); } if (userNameAttribute) { handleUserNameAttrPatch(*userNameAttribute, asyncResp, - serverType, ldapConfigObject); + serverType, dbusObjectPath); } if (groupsAttribute) { handleGroupNameAttrPatch(*groupsAttribute, asyncResp, - serverType, ldapConfigObject); + serverType, dbusObjectPath); } if (serviceEnabled) { @@ -758,7 +769,7 @@ class AccountService : public Node if (*serviceEnabled) { handleServiceEnablePatch(*serviceEnabled, asyncResp, - serverType, ldapConfigObject); + serverType, dbusObjectPath); } } else @@ -767,7 +778,7 @@ class AccountService : public Node // then revert it to the same state as it was // before. handleServiceEnablePatch(confData.serviceEnabled, asyncResp, - serverType, ldapConfigObject); + serverType, dbusObjectPath); } }); } @@ -863,12 +874,14 @@ class AccountService : public Node std::optional<uint16_t> minPasswordLength; std::optional<uint16_t> maxPasswordLength; std::optional<nlohmann::json> ldapObject; + std::optional<nlohmann::json> activeDirectoryObject; if (!json_util::readJson(req, res, "AccountLockoutDuration", unlockTimeout, "AccountLockoutThreshold", lockoutThreshold, "MaxPasswordLength", maxPasswordLength, "MinPasswordLength", - minPasswordLength)) + minPasswordLength, "LDAP", ldapObject, + "ActiveDirectory", activeDirectoryObject)) { return; } @@ -888,6 +901,12 @@ class AccountService : public Node handleLDAPPatch(*ldapObject, asyncResp, req, params, "LDAP"); } + if (activeDirectoryObject) + { + handleLDAPPatch(*activeDirectoryObject, asyncResp, req, params, + "ActiveDirectory"); + } + if (unlockTimeout) { crow::connections::systemBus->async_method_call( |
