HMC

 View Only

  • 1.  LDAP Remote User Management

    IBM Champion
    Posted Thu May 12, 2022 06:43 AM
    Hello community,

    we tried to set up LDAP Remote User Management for our HMC's but failed with the implementation.
    As there has to be a special attribute in the users LDAP profile like "decription=taskrole", it it is not practical to us and I think to many other companies too.
    We are using application roles to allow users authentication for applications and services.

    My question to you is now: How did you integrate LDAP in your HMC environment?

    I could not create almost 100 users with different task roles for each of our hmc's to use LDAP without remote user management and I can not change the ldap profile of 90.000 ldap accounts to grant access for 100 users.

    Thanks for your answers in advance.
    Best regard
    Joerg

    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------


  • 2.  RE: LDAP Remote User Management

    Posted Thu May 12, 2022 04:13 PM
    Our HMC access doesn't change to often so we just script it via command line... chhmcusr, mkhmcusrrmhmcusr

    mkhmcusr -i "name=userid,description=User_Fullname,taskrole=hmcsuperadmin,authentication_type=ldap,remote_user_name=userid,remote_webui_access=1"

    https://www.ibm.com/docs/en/power10?topic=commands-mkhmcusr



    ------------------------------
    Matt Geisler
    ------------------------------

    Original Message