OpenBMC ldap设定和验证,可分成几个部分,本篇会先介绍第一个部分nss-pam-ldapd
- nss-pam-ldapd
- LDAP server 架设
- Redfish/Web设定
nss-pam-ldapd
底下 OpenBMC 对nss-pam-ldapd 的描述
Bringing the LDAP authentication module support in openbmc stack requires to pull the nss-pam-ldapd which allows the LDAP server to provide the user, passwd, group info that we normally get from the /etc flat files.
openbmc auth stack 使用nss-pam-ldapd 来引入LDAP验证模组让我们能从/etc 平面文件中取得LDAP server 提供的 user, psswd, group 资讯。
nss-pam-ldapd provides libnss-ldap(Name Service Switch module) and pam_ldap(Pluggable Authentication Module) module which delegate the work to the nslcd(daemon) that queries the LDAP server.
nss-pam-ldapd 是透过 nslcd(daemon) 使用 libnss-ldap和 pam_ldap (thin NSS and PAM modules )来实现的
pam_ldap uses the openldap client API to interact with the LDAP server.
其中pam_ldap 是使用openldap client API来和LDAP server做沟通的
因此我们在OpenBMC 的进程中可以看到nslcd这个daemon
path of nss-pam-ldapd in Openbmc: meta-phosphor/recipes-support/nss-pam-ldapd at master · openbmc/meta-phosphor · GitHub
open source of nss-pam-ldapd:
GitHub - arthurdejong/nss-pam-ldapd: NSS and PAM modules for lookups using LDAP
nss-pam-ldapd 在接下来这边会分别介绍
- nslcd的设定档(nslcd.conf)
- pam module
- nss module