From 296d24befcdff48ac87d4d44464fd4846fb429c4 Mon Sep 17 00:00:00 2001 From: Ngairangbam Mili Date: Mon, 16 Sep 2024 09:55:40 +0000 Subject: [PATCH] Add note about creating ldap users on subclouds (dsr8mr3, dsr8mr2+) Change-Id: I19ca5684668aa1664e0cb7c78c5c8197ee69ac8b Signed-off-by: Ngairangbam Mili --- .../security/kubernetes/create-ldap-linux-accounts.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/source/security/kubernetes/create-ldap-linux-accounts.rst b/doc/source/security/kubernetes/create-ldap-linux-accounts.rst index 6ea881a76..4b77c7050 100644 --- a/doc/source/security/kubernetes/create-ldap-linux-accounts.rst +++ b/doc/source/security/kubernetes/create-ldap-linux-accounts.rst @@ -15,6 +15,16 @@ Create LDAP Linux Accounts allowed to |SSH| to the nodes of the |prod|. Non-admin level users should strictly use remote CLIs or remote web GUIs. +.. note:: + + In a |prod-dc| system configuration, the :command:`ldapusersetup` command + and other |LDAP| commands that are used to update data on the |LDAP| + server, are supported only on System Controller. These commands are not + supported on subclouds. This is because bind with password file is + supported only from System Controller. On subclouds, only bind anonymously + to the |LDAP| server is supported, thus, only the commands that read + information can be executed. + The :command:`ldapusersetup` command provides an interactive method for setting up |LDAP| Linux user accounts.