diff options
Diffstat (limited to 'xyz/openbmc_project/User/Ldap')
| -rw-r--r-- | xyz/openbmc_project/User/Ldap/Config.interface.yaml | 83 | ||||
| -rw-r--r-- | xyz/openbmc_project/User/Ldap/Create.interface.yaml | 79 |
2 files changed, 162 insertions, 0 deletions
diff --git a/xyz/openbmc_project/User/Ldap/Config.interface.yaml b/xyz/openbmc_project/User/Ldap/Config.interface.yaml new file mode 100644 index 0000000..42c7126 --- /dev/null +++ b/xyz/openbmc_project/User/Ldap/Config.interface.yaml @@ -0,0 +1,83 @@ +description: > + Implement to update LDAP mandatory properties. + +properties: + - name: LDAPServerURI + type: string + description: > + Specifies the LDAP URI of the server to connect to. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.Common.Error.NoCACertificate + - name: LDAPBindDN + type: string + description: > + Specifies the distinguished name with which to bind to the directory + server for lookups. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - name: LDAPBindDNPassword + type: string + description: > + Specifies the credentials with which to bind,Implementation should + consider changing the permissions of the underlying file to + only grant access to the root user. + This property value should not be reflected on the D-bus object itself. + Implementation can use the given value and update the service + implementing the LDAP client.This is just to facilitate the support + for changing the bin dn password if needed. + Currently this property is over D-bus, There are security concerns + for the same, but once we find better way to update the ldap password + we would fix it. + - name: LDAPBaseDN + type: string + description: > + Specifies the base distinguished name to use as search base. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - name: LDAPSearchScope + type: enum[self.SearchScope] + description: > + Specifies the search scope:subtree, one level or base object. + default: sub + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - name: LDAPType + type: enum[self.Type] + description: > + Specifies the the configured server is ActiveDirectory(AD) or + OpenLdap. It's just an indication for the LDAP stack running on + the BMC, in case the app is implemented in such a way that it has + to react differently for AD vs openldap. + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - name: GroupNameAttribute + type: string + description: > + The value of this property shall be the attribute name + that contains the name of the Group in the LDAP server. + - name: UserNameAttribute + type: string + description: > + The value of this property shall be the attribute name + that contains the username in the LDAP server. +enumerations: + - name: SearchScope + description: > + Possible base scopes. + values: + - name: sub + - name: one + - name: base + + - name: Type + description: > + Possible LDAP Types. + values: + - name: ActiveDirectory + - name: OpenLdap + +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 diff --git a/xyz/openbmc_project/User/Ldap/Create.interface.yaml b/xyz/openbmc_project/User/Ldap/Create.interface.yaml new file mode 100644 index 0000000..69c03e6 --- /dev/null +++ b/xyz/openbmc_project/User/Ldap/Create.interface.yaml @@ -0,0 +1,79 @@ +description: > + Implement to create LDAP name service daemon configuration file. + +methods: + - name: CreateConfig + description: > + This method always creates a new config file as well as a D-Bus + object to represent the config, it will destroy an existing one, + if found. In other words, this is not an update API. Individual + properties can be updated as per the + xyz/openbmc_project/User/Ldap/Config.interface.yaml. + parameters: + - name: LDAPServerURI + type: string + description: > + Specifies the LDAP URI of the server to connect to. + - name: LDAPBindDN + type: string + description: > + Specifies the distinguished name with which to bind to the + directory server for lookups. + - name: LDAPBaseDN + type: string + description: > + Specifies the base distinguished name to use as search base. + - name: LDAPBINDDNpassword + type: string + description: > + Specifies the clear text credentials with which to bind. This + option is only applicable when used with LDAPBindDN. + - name: LDAPSearchScope + type: enum[self.SearchScope] + description: > + Specifies the search scope:subtree, one level or base object. + - name: LDAPType + type: enum[self.Type] + description: > + Specifies the the configured server is ActiveDirectory(AD) or + OpenLdap. It's just an indication for the LDAP stack running on + the BMC, in case the app is implemented in such a way that it has + to react differently for AD vs openldap. + - name: GroupNameAttribute + type: string + description: > + Specifies the attribute name that contains the name + of the Group in the LDAP server. + - name: UsernameAttribute + type: string + description: > + Specifies the attribute name that contains + the username in the LDAP server. + returns: + - name: path + type: string + description: > + The object path of the D-Bus object representing the config. + + errors: + - xyz.openbmc_project.Common.Error.InternalFailure + - xyz.openbmc_project.Common.Error.InvalidArgument + - xyz.openbmc_project.Common.Error.NoCACertificate + +enumerations: + - name: SearchScope + description: > + Possible base scopes. + values: + - name: sub + - name: one + - name: base + + - name: Type + description: > + Possible LDAP Types. + values: + - name: ActiveDirectory + - name: OpenLdap + +# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4 |
