mirrors/lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2024-11-25 09:06:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
lldap/example_configs/MegaRAC-SP-X-BMC.md
Aziz 8cbad6d5bd
example_configs: Add MegaRAC-SP-X-BMC
2024-03-14 09:36:12 +01:00

48 lines
2.3 KiB
Markdown
Raw Blame History

# MegaRAC SP-X BMC IPMI LDAP Setup
The MegaRAC SP-X BMC is a service processor firmware stack designed by American Megatrends Inc. (AMI), aimed at providing out-of-band management for servers and computing systems.
It's part of the MegaRAC family of management solutions, offering remote server management capabilities, including monitoring, control, and maintenance functionalities, independent of the operating system or system state.
This enables administrators to manage systems remotely for tasks such as updates, troubleshooting, and recovery.
## Setting up LLDAP with MegaRAC SP-X BMC IPMI
### Pre-requisites
- Create and assign the `ipmi` group in LLDAP to a (test) user.
- Bind User: It is recommended that you create a separate user account (e.g, `bind_user`) instead of admin for sharing Bind credentials with other services. The bind_user should be a member of the lldap_strict_readonly group to limit access to your LDAP configuration in LLDAP.
- Bind Password: password of the user specified above
### Configuration Steps
1. **Navigate**: Go to `Settings > External User Settings > LDAP/E-Directory Settings > General Settings`.
2. **General LDAP Settings**:
- **Encryption Type**: `SSL` (or No Encryption if preferred)
- **Common Name Type**: `FQDN` (or IP if you use a plain IP address to connect to lldap)
- **Server Address**: `fqdn.lldap.tld`
- **Port**: `6360` (default for SSL, adjust if necessary to default non ssl `3890`)
3. **Authentication** (use read-only bind user):
- **Bind DN**: `uid=bind_user,ou=people,dc=example,dc=com`
- **Password**: `change_bind_user_password`
4. **Search Configuration**:
- **Search Base**: `ou=people,dc=example,dc=com`
- **Attribute of User Login**: `uid`
![General LDAP Settings](images/megarac_user.png)
5. **Navigate**: Go to `Settings > External User Settings > LDAP/E-Directory Settings > Role groups`.
6. **Click on empty role group in order to assign a new one**
7. **Role Group - Group Details**:
- **Group Name**: `ipmi`
- **Group Domain**: `cn=ipmi,ou=groups,dc=example,dc=com`
- **Group Privilege**: `Administrator`
8. **Group Permissions**:
- KVM Access: Enabled (adjust as needed)
- VMedia Access: Enabled (adjust as needed)
![Role Groups](images/megarac_group.png)
Reference in a new issue View git blame Copy permalink