commit 5686206103721b8cc452179b4947ad67e3571bcf
author Jiaqing Zhao <jiaqing.zhao@intel.com> Tue May 31 19:16:09 2022 +0800
committer Jiaqing Zhao <jiaqing.zhao@intel.com> Mon Jan 09 02:26:38 2023 +0000
tree bc2fbe14edb6d67a9942fb7cdd3558df2620cdfc
parent da401fe5d8b791d8ef2c08b02658b76fcb5864f2

Implement default LDAP privilege role

According to OpenBMC documentation[1], "if there is no mapping for
group name to privilege role, default to user privilege role for the
session", meaning that LDAP users should have "priv-user" assigned
when there is no mapping entry matched.

[1] https://github.com/openbmc/docs/blob/master/architecture/user-management.md#authorization-flow

Tested:
* Configure LDAP with empty RemoteRoleMapping in redfish, then login
  BMC with an LDAP account, verified it has User privilege.
* Change the primary group of user from a grop without mapping to one
  mapped to Admin privilege on remote LDAP server, confirmed the user
  is mapped to priv-admin in BMC.

Change-Id: I374732f2895f40a671225ec0d1fafd7e4ae27dea
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

test/user_mgr_test.cpp

diff --git a/test/user_mgr_test.cpp b/test/user_mgr_test.cpp
index 8de2893..3a07fda 100644
--- a/test/user_mgr_test.cpp
+++ b/test/user_mgr_test.cpp
@@ -160,7 +160,7 @@
     EXPECT_CALL(mockManager, isGroupMember(_, _, _)).Times(0);
     userInfo = mockManager.getUserInfo(userName);
     EXPECT_EQ(true, std::get<bool>(userInfo["RemoteUser"]));
-    EXPECT_EQ("", std::get<std::string>(userInfo["UserPrivilege"]));
+    EXPECT_EQ("priv-user", std::get<std::string>(userInfo["UserPrivilege"]));
 }
 
 TEST(GetCSVFromVector, EmptyVectorReturnsEmptyString)