Pasar al contenido principal
Comenzar una conversación nueva

No resuelto

hserna

2 Mensajes

746

23 de julio de 2021 03:00

IDM iDRAC9 integration

Hello,


I'm trying to connect iDRAC9 and IDM(LDAP), all test I tried fail.

The last error message is: ERROR: The user is not a member of any role group that allows access to iDRAC.

From OS ldapsearch command the system shown that user is a member of role that allow access to iDRAC

I tested with several changes, trying to have luck, but nothing fix my problem.


TEST FROM iDRAC9

Test Results

Test Description Result
--------------------------------------------------------------------------------
Ping Directory Server Not Run
Directory Server DNS Name Passed
LDAP connection to the Directory Server Passed
Certificate Validation Disabled
User DN existence Passed
User Authentication Passed
User Authorization Failed


Test Results

--------------------------------------------------------------------------------
Test User Name hserna
Test User Password ****


Test Log
--------------------------------------------------------------------------------
11:10:20 Initiating Directory Services Settings Diagnostics:
11:10:20 trying LDAP server 172.22.194.81:636
11:10:20 Server Address 172.22.194.81 resolved to 172.22.194.81
11:10:20 connect to 172.22.194.81:636 passed
11:10:20 Connecting to ldaps://[172.22.194.81]:636...
11:10:20 Test user authenticated user=uid=idrac,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es host=172.22.194.81
11:10:20 Search command:
Bind DN: uid=idrac,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
Scope: subtree
Base DN: cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
Search filter: (uid=hserna)
Attribute list:
objectClass
memberOf
dn
uid
objectCategory
defaultNamingContext
namingContexts
ldapServiceName
supportedControl
supportedExtension
11:10:20 Connecting to ldaps://[172.22.194.81]:636...
11:10:20 Test user authenticated user=uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es host=172.22.194.81
11:10:20 Connecting to ldaps://[172.22.194.81]:636...
11:10:20 Test user authenticated user=uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es host=172.22.194.81
11:10:20 Search command:
Bind DN: uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
Scope: base
Base DN: cn=admon_idrac,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
Search filter: (memberOf=uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es)
Attribute list:
objectClass
memberOf
dn
uid
objectCategory
defaultNamingContext
namingContexts
ldapServiceName
supportedControl
supportedExtension
11:10:20 ERROR: The user is not a member of any role group that allows access to iDRAC.

 

TEST FROM OS COMMAND LINE

ldapsearch -H ldap://172.22.194.81 -b "uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es" -D "uid=idrac,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# hserna, users, accounts, corona.dev.atm.indra.es
dn: uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
memberOf: cn=admon_rhv,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
memberOf: cn=admon_idrac,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
mail: hserna@indra.es
krbPasswordExpiration: 20211020075254Z
krbLastPwdChange: 20210722075254Z
displayName: Hugo Serna
uid: hserna
krbCanonicalName: hserna@CORONA.DEV.ATM.INDRA.ES
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
loginShell: /bin/sh
initials: HS
gecos: Hugo Serna
sn: Serna
homeDirectory: /home/hserna
krbPrincipalName: hserna@CORONA.DEV.ATM.INDRA.ES
givenName: Hugo
cn: Hugo Serna
ipaUniqueID: 60fae560-dfe1-11eb-b8ec-566f594d000f
uidNumber: 1626200003
gidNumber: 1626200003

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Thanks for your assistance and your time

 

Test Results

Test Description Result
--------------------------------------------------------------------------------
Ping Directory Server Not Run
Directory Server DNS Name Passed
LDAP connection to the Directory Server Passed
Certificate Validation Disabled
User DN existence Passed
User Authentication Passed
User Authorization Failed


Test Results

--------------------------------------------------------------------------------
Test User Name hserna
Test User Password ****


Test Log
--------------------------------------------------------------------------------
11:10:20 Initiating Directory Services Settings Diagnostics:
11:10:20 trying LDAP server 172.22.194.81:636
11:10:20 Server Address 172.22.194.81 resolved to 172.22.194.81
11:10:20 connect to 172.22.194.81:636 passed
11:10:20 Connecting to ldaps://[172.22.194.81]:636...
11:10:20 Test user authenticated user=uid=idrac,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es host=172.22.194.81
11:10:20 Search command:
Bind DN: uid=idrac,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
Scope: subtree
Base DN: cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
Search filter: (uid=hserna)
Attribute list:
objectClass
memberOf
dn
uid
objectCategory
defaultNamingContext
namingContexts
ldapServiceName
supportedControl
supportedExtension
11:10:20 Connecting to ldaps://[172.22.194.81]:636...
11:10:20 Test user authenticated user=uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es host=172.22.194.81
11:10:20 Connecting to ldaps://[172.22.194.81]:636...
11:10:20 Test user authenticated user=uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es host=172.22.194.81
11:10:20 Search command:
Bind DN: uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
Scope: base
Base DN: cn=admon_idrac,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
Search filter: (memberOf=uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es)
Attribute list:
objectClass
memberOf
dn
uid
objectCategory
defaultNamingContext
namingContexts
ldapServiceName
supportedControl
supportedExtension
11:10:20 ERROR: The user is not a member of any role group that allows access to iDRAC.

 

TEST FROM OS COMMAND LINE

ldapsearch -H ldap://172.22.194.81 -b "uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es" -D "uid=idrac,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# hserna, users, accounts, corona.dev.atm.indra.es
dn: uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
memberOf: cn=ipausers,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
memberOf: cn=admon_rhv,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
memberOf: cn=admon_idrac,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
mail: hserna@indra.es
krbPasswordExpiration: 20211020075254Z
krbLastPwdChange: 20210722075254Z
displayName: Hugo Serna
uid: hserna
krbCanonicalName: hserna@CORONA.DEV.ATM.INDRA.ES
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: posixaccount
objectClass: krbprincipalaux
objectClass: krbticketpolicyaux
objectClass: ipaobject
objectClass: ipasshuser
objectClass: ipaSshGroupOfPubKeys
objectClass: mepOriginEntry
loginShell: /bin/sh
initials: HS
gecos: Hugo Serna
sn: Serna
homeDirectory: /home/hserna
krbPrincipalName: hserna@CORONA.DEV.ATM.INDRA.ES
givenName: Hugo
cn: Hugo Serna
ipaUniqueID: 60fae560-dfe1-11eb-b8ec-566f594d000f
uidNumber: 1626200003
gidNumber: 1626200003

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


Thanks for your assistance and your time

DiegoLopez

4 Operator

 • 

2.7K Mensajes

26 de julio de 2021 04:00

Hola @hserna,


I'm answering you in Spanish because at the moment this message is in the Spanish Forum. If you wish to be answered in English, please, let me know.

 

Por tanto, si he entendido bien, está intentando configurar el LDAP en una iDRAC 9. Y estás teniendo el ERROR: The user is not a member of any role group that allows access to iDRAC. ¿Qué servidor LDAP está utilizando (E.g. Open LDAP, OpenDS Erc.)? Cuando especifica el role group eligió group name oDistinguished Name para el Group? Por favor, puede revisar este manual y decirme si ha seguido los mismos pasos específicados? Configuring generic LDAP directory service using iDRAC web-based interface - https://dell.to/3kXMgXS


Quedo a la espera de su respuesta.
Un saludo.

hserna

2 Mensajes

26 de julio de 2021 07:00

Buenas,

 

Tienes toda la razón, mejor escribo en español.

 

Cuando elegí el grupo, establecí el que he creado dentro de LDAP (IDM Redhat / 389)

Grupos de roles 1 cn=admon_idrac,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es Administrator

 

El grupo en ldap está definido del siguiente modo

 

[root@admin /]# ldapsearch -H ldap://172.22.194.81 -b "cn=admon_idrac,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es" -D "uid=idrac,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# admon_idrac, groups, accounts, corona.dev.atm.indra.es
dn: cn=admon_idrac,cn=groups,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=e
s
member: uid=hserna,cn=users,cn=accounts,dc=corona,dc=dev,dc=atm,dc=indra,dc=es
objectClass: top
objectClass: groupofnames
objectClass: nestedgroup
objectClass: ipausergroup
objectClass: ipaobject
objectClass: ipaexternalgroup
cn: admon_idrac
ipaUniqueID: 5c982ea8-eb8d-11eb-95ac-566f594d000f

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@admin /]#

 

Gracias por tu ayuda

DiegoLopez

4 Operator

 • 

2.7K Mensajes

27 de julio de 2021 07:00

Hola @hserna,

 

Y a nivel de iDRAC, ¿cómo está la configuración? ¿lo ha hecho a través del GUI o usando RACADM? ¿puede compartirme capturas de pantalla de la configuración?


Para la configuración del LDAP a nivel de OS necesitaría tener un servidor en garantía con sistema operativo OEM. Dado que necesitaría escalarlo al departamento de soporte sistemas operativos.


Un saludo.

¿Fue útil esta publicación?

Ver todos

¡No se encontraron eventos!

Top