Name
user — Manages BMC users, including adding, deleting, changing passwords, and configuring LDAP authentication.
Syntax
user list
user add <USERNAME> <ROLE>
user del <USERNAME>
user changepw <USERNAME>
user ldap [show | modify] [ad | openldap]
Options
listLists the users in the BMC and their privilege level.
addCreates a new user. A password is required.
Passwords must be 8-32 characters (no spaces) containing at least one number, one uppercase letter, one lowercase letter, and one special character: !@#$%^&*
delDeletes the specified user. Requires a confirmation.
changepwChanges the password of the specified user.
<USERNAME>Specifies the user's name.
<ROLE>Specifies admin or operator role.
ldapManages OpenLDAP/Active Directory user authentication.
Options:
showShows the current configuration for the specified option:
adoropenldap.Refer to parameters under
modify.modifyModifies the current configuration for the specified option:
adoropenldap.Parameters include:
LDAPServerURI: Specifies the location of LDAP server, with prefix (usually ldap:// or ldaps://)
LDAPBindDN: Specifies the credential to LDAP server
LDAPBindDNPassword: Specifies the password associated to the BindDN to access the server
LDAPBaseDN: Specifies the starting point for user searches
LDAPSearchScope: Specifies the portion of the target subtree that should be considered. either
*.base,*.one, or*.sub, such asxyz.openbmc_project.User.Ldap.Config.SearchScope.sub(refer to https://ldap.com/the-ldap-search-operation/)LDAPType: Specifies the type of ldap server, either OpenLdap or ActiveDirectory, such as
xyz.openbmc_project.User.Ldap.Config.OpenLdapGroupNameAttribute: Specifies the attribute that contains group name
UserNameAttribute: Specifies the attribute name that contains user name
adConfigures Active Directory.
openldapConfigures OpenLDAP.
Examples
user list user add alice admin user del bob user changepw charlie user ldap show ad user ldap modify openldap