API tools faq
paste
rgupta_

Untitled

rgupta_
Mar 27th, 2019
458
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.67 KB | None | 0 0
raw download clone embed print report
  1. On a fresh system where LDAP Configuration doesn't exist
  2. 1) Ran the redfish validator : PASS
  3.  
  4. 2) Get request on account service when there is no LDAP/AD Configuration
  5. ========================================================================
  6. curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${BMC_IP}/redfish/v1/AccountService/
  7. {
  8. "@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
  9. "@odata.id": "/redfish/v1/AccountService",
  10. "@odata.type": "#AccountService.v1_3_1.AccountService",
  11. "AccountLockoutDuration": 0,
  12. "AccountLockoutThreshold": 0,
  13. "Accounts": {
  14. "@odata.id": "/redfish/v1/AccountService/Accounts"
  15. },
  16. "ActiveDirectory": {
  17. "AccountProviderType": "ActiveDirectoryService",
  18. "[email protected]": [
  19. "ActiveDirectoryService"
  20. ],
  21. "Authentication": {
  22. "AuthenticationType": "UsernameAndPassword",
  23. "[email protected]": [
  24. "UsernameAndPassword"
  25. ],
  26. "Password": null,
  27. "Username": ""
  28. },
  29. "LDAPService": {
  30. "SearchSettings": {
  31. "BaseDistinguishedNames": [
  32. ""
  33. ],
  34. "GroupsAttribute": "",
  35. "UsernameAttribute": ""
  36. }
  37. },
  38. "ServiceAddresses": [
  39. ""
  40. ],
  41. "ServiceEnabled": false
  42. },
  43. "Description": "Account Service",
  44. "Id": "AccountService",
  45. "LDAP": {
  46. "AccountProviderType": "LDAPService",
  47. "[email protected]": [
  48. "LDAPService"
  49. ],
  50. "Authentication": {
  51. "AuthenticationType": "UsernameAndPassword",
  52. "[email protected]": [
  53. "UsernameAndPassword"
  54. ],
  55. "Password": null,
  56. "Username": ""
  57. },
  58. "LDAPService": {
  59. "SearchSettings": {
  60. "BaseDistinguishedNames": [
  61. ""
  62. ],
  63. "GroupsAttribute": "",
  64. "UsernameAttribute": ""
  65. }
  66. },
  67. "ServiceAddresses": [
  68. ""
  69. ],
  70. "ServiceEnabled": false
  71. },
  72. "MaxPasswordLength": 20,
  73. "MinPasswordLength": 8,
  74. "Name": "Account Service",
  75. "Roles": {
  76. "@odata.id": "/redfish/v1/AccountService/Roles"
  77. },
  78. "ServiceEnabled": true
  79.  
  80. 3) Empty JSON
  81. =============
  82. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"LDAP":{"Authentication": {}}}'
  83. {
  84. "error": {
  85. "@Message.ExtendedInfo": [
  86. {
  87. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  88. "Message": "The request body submitted contained an empty JSON object and the service is unable to process it.",
  89. "MessageArgs": [],
  90. "MessageId": "Base.1.4.0.EmptyJSON",
  91. "Resolution": "Add properties in the JSON object and resubmit the request.",
  92. "Severity": "Warning"
  93. }
  94. ],
  95. "code": "Base.1.4.0.EmptyJSON",
  96. "message": "The request body submitted contained an empty JSON object and the service is unable to process it."
  97. }
  98. }
  99.  
  100. 4) Update AccountProvider Type
  101. =============================
  102. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"LDAP":{"AccountProviderType": "LDAPService"}}'
  103. {
  104. "[email protected]": [
  105. {
  106. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  107. "Message": "The property AccountProviderType is a read only property and cannot be assigned a value.",
  108. "MessageArgs": [
  109. "AccountProviderType"
  110. ],
  111. "MessageId": "Base.1.4.0.PropertyNotWritable",
  112. "Resolution": "Remove the property from the request body and resubmit the request if the operation failed.",
  113. "Severity": "Warning"
  114. }
  115. ]
  116. }
  117. 5) Update invalid authentication type
  118. ====================================
  119. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"LDAP":{"Authentication": {"AuthenticationType": "abcdef"}}}'
  120. {
  121. "[email protected]": [
  122. {
  123. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  124. "Message": "The value abcdef for the property AuthenticationType is not in the list of acceptable values.",
  125. "MessageArgs": [
  126. "abcdef",
  127. "AuthenticationType"
  128. ],
  129. "MessageId": "Base.1.4.0.PropertyValueNotInList",
  130. "Resolution": "Choose a value from the enumeration list that the implementation can support and resubmit the request if the operation failed.",
  131. "Severity": "Warning"
  132. }
  133. ]
  134. }
  135.  
  136.  
  137. 6) Update the service address with empty list
  138. ==============================================
  139.  
  140. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"LDAP":{"ServiceAddresses": []}}'
  141. {
  142. "error": {
  143. "@Message.ExtendedInfo": [
  144. {
  145. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  146. "Message": "The request failed due to an internal service error. The service is still operational.",
  147. "MessageArgs": [],
  148. "MessageId": "Base.1.4.0.InternalError",
  149. "Resolution": "Resubmit the request. If the problem persists, consider resetting the service.",
  150. "Severity": "Critical"
  151. }
  152. ],
  153. "code": "Base.1.4.0.InternalError",
  154. "message": "The request failed due to an internal service error. The service is still operational."
  155. }
  156.  
  157. 9) Let's PATCH the LDAP Property.
  158. ===============================
  159. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"LDAP":{"ServiceEnabled":false, "ServiceAddresses": ["ldap://9.126.172.69/"],"Authentication": {"AuthenticationType":"UsernameAndPassword","Username": "uid=sivasjxp,dc=ldap,dc=com","Password": "india@123"}, "LDAPService": {"SearchSettings": {"BaseDistinguishedNames": ["dc=ldap,dc=com"]}}}}'
  160. {
  161. "LDAP": {
  162. "AccountProviderType": "LDAPService",
  163. "[email protected]": [
  164. "LDAPService"
  165. ],
  166. "Authentication": {
  167. "AuthenticationType": "UsernameAndPassword",
  168. "[email protected]": [
  169. "UsernameAndPassword"
  170. ],
  171. "Password": "",
  172. "Username": "uid=sivasjxp,dc=ldap,dc=com"
  173. },
  174. "LDAPService": {
  175. "SearchSettings": {
  176. "BaseDistinguishedNames": [
  177. "dc=ldap,dc=com"
  178. ],
  179. "GroupsAttribute": "gidNumber",
  180. "UsernameAttribute": "cn"
  181. }
  182. },
  183. "ServiceAddresses": [
  184. "ldap://9.126.172.69/"
  185. ],
  186. "ServiceEnabled": false
  187. }
  188. }
  189. 10) Do the GET request after Patching the LDAP Configuration.
  190. =============================================================
  191. curl -k -H "X-Auth-Token: $bmc_token" -X GET https://${BMC_IP}/redfish/v1/AccountService/
  192. {
  193. "@odata.context": "/redfish/v1/$metadata#AccountService.AccountService",
  194. "@odata.id": "/redfish/v1/AccountService",
  195. "@odata.type": "#AccountService.v1_3_1.AccountService",
  196. "AccountLockoutDuration": 0,
  197. "AccountLockoutThreshold": 0,
  198. "Accounts": {
  199. "@odata.id": "/redfish/v1/AccountService/Accounts"
  200. },
  201. "ActiveDirectory": {
  202. "AccountProviderType": "ActiveDirectoryService",
  203. "[email protected]": [
  204. "ActiveDirectoryService"
  205. ],
  206. "Authentication": {
  207. "AuthenticationType": "UsernameAndPassword",
  208. "[email protected]": [
  209. "UsernameAndPassword"
  210. ],
  211. "Password": null,
  212. "Username": ""
  213. },
  214. "LDAPService": {
  215. "SearchSettings": {
  216. "BaseDistinguishedNames": [
  217. ""
  218. ],
  219. "GroupsAttribute": "",
  220. "UsernameAttribute": ""
  221. }
  222. },
  223. "ServiceAddresses": [
  224. ""
  225. ],
  226. "ServiceEnabled": false
  227. },
  228. "Description": "Account Service",
  229. "Id": "AccountService",
  230. "LDAP": {
  231. "AccountProviderType": "LDAPService",
  232. "[email protected]": [
  233. "LDAPService"
  234. ],
  235. "Authentication": {
  236. "AuthenticationType": "UsernameAndPassword",
  237. "[email protected]": [
  238. "UsernameAndPassword"
  239. ],
  240. "Password": null,
  241. "Username": "uid=sivasjxp,dc=ldap,dc=com"
  242. },
  243. "LDAPService": {
  244. "SearchSettings": {
  245. "BaseDistinguishedNames": [
  246. "dc=ldap,dc=com"
  247. ],
  248. "GroupsAttribute": "gidNumber",
  249. "UsernameAttribute": "cn"
  250. }
  251. },
  252. "ServiceAddresses": [
  253. "ldap://9.126.172.69/"
  254. ],
  255. "ServiceEnabled": false
  256. },
  257. "MaxPasswordLength": 20,
  258. "MinPasswordLength": 8,
  259. "Name": "Account Service",
  260. "Roles": {
  261. "@odata.id": "/redfish/v1/AccountService/Roles"
  262. },
  263. "ServiceEnabled": true
  264.  
  265. 11) Login with LDAP Credentials
  266. ==================================
  267. curl --insecure -X POST -D headers.txt https://${BMC_IP}/redfish/v1/SessionService/Sessions -d '{"UserName":"sivasjxp", "Password":"india@123"}'
  268. {
  269. "@odata.context": "/redfish/v1/$metadata#Session.Session",
  270. "@odata.id": "/redfish/v1/SessionService/Sessions/ZuZgsHAJLP",
  271. "@odata.type": "#Session.v1_0_2.Session",
  272. "Description": "Manager User Session",
  273. "Id": "ZuZgsHAJLP",
  274. "Name": "User Session",
  275. "UserName": "sivasjxp"
  276. }
  277. 12) Let's patch the AD configuration
  278. =====================================
  279. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"ActiveDirectory":{"ServiceEnabled":false, "ServiceAddresses": ["ldap://9.194.251.141/"],"Authentication": {"AuthenticationType":"UsernameAndPassword","Username": "cn=dvtuser,cn=Users,dc=Corp,dc=ibm,dc=com","Password": "india@123"}, "LDAPService": {"SearchSettings": {"BaseDistinguishedNames": ["dc=Corp,dc=ibm,dc=com"]}}}}'
  280. {
  281. "ActiveDirectory": {
  282. "AccountProviderType": "ActiveDirectoryService",
  283. "[email protected]": [
  284. "ActiveDirectoryService"
  285. ],
  286. "Authentication": {
  287. "AuthenticationType": "UsernameAndPassword",
  288. "[email protected]": [
  289. "UsernameAndPassword"
  290. ],
  291. "Password": "",
  292. "Username": "cn=dvtuser,cn=Users,dc=Corp,dc=ibm,dc=com"
  293. },
  294. "LDAPService": {
  295. "SearchSettings": {
  296. "BaseDistinguishedNames": [
  297. "dc=Corp,dc=ibm,dc=com"
  298. ],
  299. "GroupsAttribute": "",
  300. "UsernameAttribute": ""
  301. }
  302. },
  303. "ServiceAddresses": [
  304. "ldap://9.194.251.141/"
  305. ],
  306. "ServiceEnabled": false
  307. }
  308. 13) Still Ldap is Enabled, so let's enable the AD
  309. ==================================================
  310. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"ActiveDirectory":{"erviceEnabled":true}}'
  311. {
  312. "ActiveDirectory": {
  313. "AccountProviderType": "ActiveDirectoryService",
  314. "[email protected]": [
  315. "ActiveDirectoryService"
  316. ],
  317. "Authentication": {
  318. "AuthenticationType": "UsernameAndPassword",
  319. "[email protected]": [
  320. "UsernameAndPassword"
  321. ],
  322. "Password": null,
  323. "Username": "cn=dvtuser,cn=Users,dc=Corp,dc=ibm,dc=com"
  324. },
  325. "LDAPService": {
  326. "SearchSettings": {
  327. "BaseDistinguishedNames": [
  328. "dc=Corp,dc=ibm,dc=com"
  329. ],
  330. "GroupsAttribute": "primaryGroupID",
  331. "UsernameAttribute": "sAMAccountName"
  332. }
  333. },
  334. "ServiceAddresses": [
  335. "ldap://9.194.251.141/"
  336. ],
  337. "ServiceEnabled": false
  338. },
  339. "error": {
  340. "@Message.ExtendedInfo": [
  341. {
  342. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  343. "Message": "The request failed due to an internal service error. The service is still operational.",
  344. "MessageArgs": [],
  345. "MessageId": "Base.1.4.0.InternalError",
  346. "Resolution": "Resubmit the request. If the problem persists, consider resetting the service.",
  347. "Severity": "Critical"
  348. }
  349. ],
  350. "code": "Base.1.4.0.InternalError",
  351. "message": "The request failed due to an internal service error. The service is still operational."
  352. }
  353. }
  354. 14) Disable the LDAP first
  355. ==========================
  356. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"LDAP":{"ServiceEnabled":false}}'
  357. {
  358. "LDAP": {
  359. "AccountProviderType": "LDAPService",
  360. "[email protected]": [
  361. "LDAPService"
  362. ],
  363. "Authentication": {
  364. "AuthenticationType": "UsernameAndPassword",
  365. "[email protected]": [
  366. "UsernameAndPassword"
  367. ],
  368. "Password": null,
  369. "Username": "uid=sivasjxp,dc=ldap,dc=com"
  370. },
  371. "LDAPService": {
  372. "SearchSettings": {
  373. "BaseDistinguishedNames": [
  374. "dc=ldap,dc=com"
  375. ],
  376. "GroupsAttribute": "gidNumber",
  377. "UsernameAttribute": "cn"
  378. }
  379. },
  380. "ServiceAddresses": [
  381. "ldap://9.126.172.69/"
  382. ],
  383. "ServiceEnabled": false
  384. }
  385. }
  386. 15) Enable the AD now
  387. =====================
  388. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{ActiveDirectory":{"ServiceEnabled":true}}'
  389. {
  390. "ActiveDirectory": {
  391. "AccountProviderType": "ActiveDirectoryService",
  392. "[email protected]": [
  393. "ActiveDirectoryService"
  394. ],
  395. "Authentication": {
  396. "AuthenticationType": "UsernameAndPassword",
  397. "[email protected]": [
  398. "UsernameAndPassword"
  399. ],
  400. "Password": null,
  401. "Username": "cn=dvtuser,cn=Users,dc=Corp,dc=ibm,dc=com"
  402. },
  403. "LDAPService": {
  404. "SearchSettings": {
  405. "BaseDistinguishedNames": [
  406. "dc=Corp,dc=ibm,dc=com"
  407. ],
  408. "GroupsAttribute": "primaryGroupID",
  409. "UsernameAttribute": "sAMAccountName"
  410. }
  411. },
  412. "ServiceAddresses": [
  413. "ldap://9.194.251.141/"
  414. ],
  415. "ServiceEnabled": true
  416. }
  417. }
  418. 16) Login with LDAP credentails
  419. ================================
  420. curl --insecure -X POST -D headers.txt https://${BMC_IP}/redfish/v1/SessionService/Sessions -d '{"UserName":"sivasjxp", "Password":"india@123"}'
  421. {
  422. "error": {
  423. "@Message.ExtendedInfo": [
  424. {
  425. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  426. "Message": "While accessing the resource at /redfish/v1/SessionService/Sessions, the service received an authorization error Invalid username or password.",
  427. "MessageArgs": [
  428. "/redfish/v1/SessionService/Sessions",
  429. "Invalid username or password"
  430. ],
  431. "MessageId": "Base.1.4.0.ResourceAtUriUnauthorized",
  432. "Resolution": "Ensure that the appropriate access is provided for the service in order for it to access the URI.",
  433. "Severity": "Critical"
  434. }
  435. ],
  436. "code": "Base.1.4.0.ResourceAtUriUnauthorized",
  437. "message": "While accessing the resource at /redfish/v1/SessionService/Sessions, the service received an authorization error Invalid username or password."
  438. }
  439. }
  440. 17) login with AD credentials
  441. =============================
  442. curl --insecure -X POST -D headers.txt https://${BMC_IP}/redfish/v1/SessionService/Sessions -d '{"UserName":"dvtuser", "Password":"india@123"}'
  443. {
  444. "@odata.context": "/redfish/v1/$metadata#Session.Session",
  445. "@odata.id": "/redfish/v1/SessionService/Sessions/Cjr9YSMrxc",
  446. "@odata.type": "#Session.v1_0_2.Session",
  447. "Description": "Manager User Session",
  448. "Id": "Cjr9YSMrxc",
  449. "Name": "User Session",
  450. "UserName": "dvtuser"
  451. }
  452. 18) Add the Remote Role mapping for the AD
  453. ==========================================
  454. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup": "Admingroup15","LocalRole": "User"},{"RemoteGroup": "Admingroup13","LocalRole": "Administrator"},{"RemoteGroup": "Admingroup14","LocalRole": "Operator"}]}}'
  455. {
  456. "@Message.ExtendedInfo": [
  457. {
  458. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  459. "Message": "Successfully Completed Request",
  460. "MessageArgs": [],
  461. "MessageId": "Base.1.4.0.Success",
  462. "Resolution": "None",
  463. "Severity": "OK"
  464. }
  465. ],
  466. "ActiveDirectory": {
  467. "AccountProviderType": "ActiveDirectoryService",
  468. "Authentication": {
  469. "AuthenticationType": "UsernameAndPassword",
  470. "Password": null,
  471. "Username": "cn=dvtuser,cn=Users,dc=Corp,dc=ibm,dc=com"
  472. },
  473. "LDAPService": {
  474. "SearchSettings": {
  475. "BaseDistinguishedNames": [
  476. "dc=Corp,dc=ibm,dc=com"
  477. ],
  478. "GroupsAttribute": "",
  479. "UsernameAttribute": ""
  480. }
  481. },
  482. "RemoteRoleMapping": [
  483. {
  484. "LocalRole": "User",
  485. "RemoteGroup": "Admingroup15"
  486. },
  487. {
  488. "LocalRole": "Administrator",
  489. "RemoteGroup": "Admingroup13"
  490. },
  491. {
  492. "LocalRole": "Operator",
  493. "RemoteGroup": "Admingroup14"
  494. }
  495. ],
  496. "ServiceAddresses": [
  497. "ldap://9.194.251.141/"
  498. ],
  499. "ServiceEnabled": false
  500. }
  501. 19) Delete the second remote role mapping.
  502. ==========================================
  503. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"ActiveDirectory":{"RemoteRoleMapping": [{},null,{}]}}'
  504. {
  505. "@Message.ExtendedInfo": [
  506. {
  507. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  508. "Message": "Successfully Completed Request",
  509. "MessageArgs": [],
  510. "MessageId": "Base.1.4.0.Success",
  511. "Resolution": "None",
  512. "Severity": "OK"
  513. }
  514. ],
  515. "ActiveDirectory": {
  516. "AccountProviderType": "ActiveDirectoryService",
  517. "Authentication": {
  518. "AuthenticationType": "UsernameAndPassword",
  519. "Password": null,
  520. "Username": "cn=dvtuser,cn=Users,dc=Corp,dc=ibm,dc=com"
  521. },
  522. "LDAPService": {
  523. "SearchSettings": {
  524. "BaseDistinguishedNames": [
  525. "dc=Corp,dc=ibm,dc=com"
  526. ],
  527. "GroupsAttribute": "",
  528. "UsernameAttribute": ""
  529. }
  530. },
  531. "RemoteRoleMapping": [
  532. {
  533. "LocalRole": "Administrator",
  534. "RemoteGroup": "Admingroup13"
  535. },
  536. null,
  537. {
  538. "LocalRole": "Operator",
  539. "RemoteGroup": "Admingroup14"
  540. }
  541. ],
  542. "ServiceAddresses": [
  543. "ldap://9.194.251.141/"
  544. ],
  545. "ServiceEnabled": false
  546. }
  547. 20) change the Remote group of first remote role mapping
  548. ========================================================
  549. curl -k -H "X-Auth-Token: $bmc_token" -X PATCH https://${BMC_IP}/redfish/v1/AccountService/ -D patch.txt -d '{"ActiveDirectory":{"RemoteRoleMapping": [{"RemoteGroup": "Admingroup25"},{}]}}'
  550. {
  551. "@Message.ExtendedInfo": [
  552. {
  553. "@odata.type": "/redfish/v1/$metadata#Message.v1_0_0.Message",
  554. "Message": "Successfully Completed Request",
  555. "MessageArgs": [],
  556. "MessageId": "Base.1.4.0.Success",
  557. "Resolution": "None",
  558. "Severity": "OK"
  559. }
  560. ],
  561. "ActiveDirectory": {
  562. "AccountProviderType": "ActiveDirectoryService",
  563. "Authentication": {
  564. "AuthenticationType": "UsernameAndPassword",
  565. "Password": null,
  566. "Username": "cn=dvtuser,cn=Users,dc=Corp,dc=ibm,dc=com"
  567. },
  568. "LDAPService": {
  569. "SearchSettings": {
  570. "BaseDistinguishedNames": [
  571. "dc=Corp,dc=ibm,dc=com"
  572. ],
  573. "GroupsAttribute": "",
  574. "UsernameAttribute": ""
  575. }
  576. },
  577. "RemoteRoleMapping": [
  578. {
  579. "LocalRole": "Administrator",
  580. "RemoteGroup": "Admingroup25"
  581. },
  582. {
  583. "LocalRole": "Operator",
  584. "RemoteGroup": "Admingroup14"
  585. }
  586. ],
  587. "ServiceAddresses": [
  588. "ldap://9.194.251.141/"
  589. ],
  590. "ServiceEnabled": false
  591. }
  592. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!