Redfish: Implement PATCH operation for ActiveDirectory property in AccountService
With this commit PATCH operation on the ActiveDirectory property
would configure the ActiveDirectory on the OpenBMC.
If one of the config is enabled, user needs to disable the other config.
eg: If LDAP is enabled and user tries to enable the Active Diretory
user will get the error and user need to disable the LDAP first.
TestedBy:
Enable the LDAP service: PASS
Login through LDAP credentials : PASS
Enable the AD service throws error as LDAP is already enabled: PASS
Disable the LDAP service : PASS
Enable the AD service : PASS
Login through AD credentials: PASS
Login through LDAP credentials, should not be allowed: PASS
Detailed test results are at following location.
https://pastebin.com/ibX5nyAc
Change-Id: I36d17757db1542604dbf5215728ac30f4e91f610
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index 8d03a25..b4f6f96 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -636,6 +636,16 @@
const std::vector<std::string>& params,
const std::string& serverType)
{
+ std::string dbusObjectPath;
+ if (serverType == "ActiveDirectory")
+ {
+ dbusObjectPath = ADConfigObject;
+ }
+ else if (serverType == "LDAP")
+ {
+ dbusObjectPath = ldapConfigObject;
+ }
+
std::optional<nlohmann::json> authentication;
std::optional<nlohmann::json> ldapService;
std::optional<std::string> accountProviderType;
@@ -702,7 +712,8 @@
getLDAPConfigData(serverType, [this, asyncResp, userName, password,
baseDNList, userNameAttribute,
groupsAttribute, accountProviderType,
- serviceAddressList, serviceEnabled](
+ serviceAddressList, serviceEnabled,
+ dbusObjectPath](
bool success, LDAPConfigData confData,
const std::string& serverType) {
if (!success)
@@ -716,39 +727,39 @@
// Disable the service first and update the rest of
// the properties.
handleServiceEnablePatch(false, asyncResp, serverType,
- ldapConfigObject);
+ dbusObjectPath);
}
if (serviceAddressList)
{
handleServiceAddressPatch(*serviceAddressList, asyncResp,
- serverType, ldapConfigObject);
+ serverType, dbusObjectPath);
}
if (userName)
{
handleUserNamePatch(*userName, asyncResp, serverType,
- ldapConfigObject);
+ dbusObjectPath);
}
if (password)
{
handlePasswordPatch(*password, asyncResp, serverType,
- ldapConfigObject);
+ dbusObjectPath);
}
if (baseDNList)
{
handleBaseDNPatch(*baseDNList, asyncResp, serverType,
- ldapConfigObject);
+ dbusObjectPath);
}
if (userNameAttribute)
{
handleUserNameAttrPatch(*userNameAttribute, asyncResp,
- serverType, ldapConfigObject);
+ serverType, dbusObjectPath);
}
if (groupsAttribute)
{
handleGroupNameAttrPatch(*groupsAttribute, asyncResp,
- serverType, ldapConfigObject);
+ serverType, dbusObjectPath);
}
if (serviceEnabled)
{
@@ -758,7 +769,7 @@
if (*serviceEnabled)
{
handleServiceEnablePatch(*serviceEnabled, asyncResp,
- serverType, ldapConfigObject);
+ serverType, dbusObjectPath);
}
}
else
@@ -767,7 +778,7 @@
// then revert it to the same state as it was
// before.
handleServiceEnablePatch(confData.serviceEnabled, asyncResp,
- serverType, ldapConfigObject);
+ serverType, dbusObjectPath);
}
});
}
@@ -863,12 +874,14 @@
std::optional<uint16_t> minPasswordLength;
std::optional<uint16_t> maxPasswordLength;
std::optional<nlohmann::json> ldapObject;
+ std::optional<nlohmann::json> activeDirectoryObject;
if (!json_util::readJson(req, res, "AccountLockoutDuration",
unlockTimeout, "AccountLockoutThreshold",
lockoutThreshold, "MaxPasswordLength",
maxPasswordLength, "MinPasswordLength",
- minPasswordLength))
+ minPasswordLength, "LDAP", ldapObject,
+ "ActiveDirectory", activeDirectoryObject))
{
return;
}
@@ -888,6 +901,12 @@
handleLDAPPatch(*ldapObject, asyncResp, req, params, "LDAP");
}
+ if (activeDirectoryObject)
+ {
+ handleLDAPPatch(*activeDirectoryObject, asyncResp, req, params,
+ "ActiveDirectory");
+ }
+
if (unlockTimeout)
{
crow::connections::systemBus->async_method_call(