1*** Settings *** 2Documentation This module provides general keywords for LDAP. 3 4*** Keywords *** 5 6Get LDAP Configuration Using Redfish 7 [Documentation] Retrieve LDAP Configuration. 8 [Arguments] ${ldap_type} 9 10 # Description of argument(s): 11 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 12 13 ${ldap_config}= Redfish.Get Properties ${REDFISH_BASE_URI}AccountService 14 RETURN ${ldap_config["${ldap_type}"]} 15 16 17Get LDAP Privilege And Group Name Via Redfish 18 [Documentation] Get LDAP groupname via Redfish. 19 20 # Get LDAP configuration via Redfish. 21 # Sample output of LDAP configuration: 22 # { 23 # 'RemoteRoleMapping': [ 24 # { 25 # 'RemoteGroup': 'openldapgroup', 26 # 'LocalRole': 'Administrator' 27 # }, 28 # ], 29 # 'Authentication': 30 # { 31 # 'Username': 'cn=Administrator,dc=ldap,dc=com', 32 # 'Password': None, 33 # 'AuthenticationType': 'UsernameAndPassword' 34 # }, 35 # 'LDAPService': 36 # { 37 # 'SearchSettings': 38 # { 39 # 'BaseDistinguishedNames': ['dc=ldap,dc=com'], 40 # 'UsernameAttribute': 'cn', 41 # 'GroupsAttribute': 'gidNumber' 42 # } 43 # }, 44 # 'ServiceEnabled': True, 45 # 'Certificates': 46 # { 47 # '@odata.id': u'/redfish/v1/AccountService/LDAP/Certificates' 48 # }, 49 # 'ServiceAddresses': ['ldap://xx.xx.xx.xx/'] 50 # } 51 52 ${ldap_config}= Get LDAP Configuration Using Redfish ${LDAP_TYPE} 53 ${num_list_entries}= Get Length ${ldap_config["RemoteRoleMapping"]} 54 Return From Keyword If ${num_list_entries} == ${0} @{EMPTY} 55 ${ldap_group_names}= Create List 56 FOR ${i} IN RANGE ${num_list_entries} 57 Append To List ${ldap_group_names} ${ldap_config["RemoteRoleMapping"][${i}]["RemoteGroup"]} 58 END 59 60 RETURN ${ldap_group_names} 61 62 63Create LDAP Configuration 64 [Documentation] Create LDAP configuration. 65 [Arguments] ${ldap_type}=${LDAP_TYPE} ${ldap_server_uri}=${LDAP_SERVER_URI} 66 ... ${ldap_bind_dn}=${LDAP_BIND_DN} ${ldap_bind_dn_password}=${LDAP_BIND_DN_PASSWORD} 67 ... ${ldap_base_dn}=${LDAP_BASE_DN} 68 69 # Description of argument(s): 70 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 71 # ldap_server_uri LDAP server uri (e.g. ldap://XX.XX.XX.XX). 72 # ldap_bind_dn The LDAP bind distinguished name. 73 # ldap_bind_dn_password The LDAP bind distinguished name password. 74 # ldap_base_dn The LDAP base distinguished name. 75 76 ${body}= Catenate {'${ldap_type}': 77 ... {'ServiceEnabled': ${True}, 78 ... 'ServiceAddresses': ['${ldap_server_uri}'], 79 ... 'Authentication': 80 ... {'AuthenticationType': 'UsernameAndPassword', 81 ... 'Username':'${ldap_bind_dn}', 82 ... 'Password': '${ldap_bind_dn_password}'}, 83 ... 'LDAPService': 84 ... {'SearchSettings': 85 ... {'BaseDistinguishedNames': ['${ldap_base_dn}']}}}} 86 87 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=${body} 88 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}] 89 Sleep 15s 90 91 92Update LDAP Configuration with LDAP User Role And Group 93 [Documentation] Update LDAP configuration update with LDAP user Role and group. 94 [Arguments] ${ldap_type} ${group_privilege} ${group_name} 95 96 # Description of argument(s): 97 # ldap_type The LDAP type ("ActiveDirectory" or "LDAP"). 98 # group_privilege The group privilege ("Administrator", "Operator", "User" or "Callback"). 99 # group_name The group name of user. 100 101 ${local_role_remote_group}= Create Dictionary LocalRole=${group_privilege} RemoteGroup=${group_name} 102 ${remote_role_mapping}= Create List ${local_role_remote_group} 103 ${ldap_data}= Create Dictionary RemoteRoleMapping=${remote_role_mapping} 104 ${payload}= Create Dictionary ${ldap_type}=${ldap_data} 105 Redfish.Patch ${REDFISH_BASE_URI}AccountService body=&{payload} 106 ... valid_status_codes=[${HTTP_OK},${HTTP_NO_CONTENT}] 107 # Provide adequate time for LDAP daemon to restart after the update. 108 Sleep 15s 109