User Management
Getting General Information
To retrieve general information about the BMC account services:
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService
Example output:
{
"@odata.id": "/redfish/v1/AccountService",
"@odata.type": "#AccountService.v1_10_0.AccountService",
"AccountLockoutDuration": 600,
"AccountLockoutThreshold": 4,
"Accounts": {
"@odata.id": "/redfish/v1/AccountService/Accounts"
},
..
"MaxPasswordLength": 20,
"MinPasswordLength": 13,
"Name": "Account Service",
"Oem": {
..
"Roles": {
"@odata.id": "/redfish/v1/AccountService/Roles"
},
"ServiceEnabled": true
}
Listing Supported User Roles
To list supported user roles in the system:
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService/Roles
Example output:
{
"@odata.id": "/redfish/v1/AccountService/Roles",
"@odata.type": "#RoleCollection.RoleCollection",
"Description": "BMC User Roles",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/Operator"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/ReadOnly"
},
{
"@odata.id": "/redfish/v1/AccountService/Roles/NoAccess"
}
],
"Members@odata.count": 4,
"Name": "Roles Collection"
}
Listing User Accounts
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X GET https://<IP>/redfish/v1/AccountService/Accounts
Example output:
{
"@odata.id": "/redfish/v1/AccountService/Accounts",
"@odata.type": "#ManagerAccountCollection.ManagerAccountCollection",
"Description": "BMC User Accounts",
"Members": [
{
"@odata.id": "/redfish/v1/AccountService/Accounts/NvdBluefieldUefi"
},
{
"@odata.id": "/redfish/v1/AccountService/Accounts/root"
}
],
"Members@odata.count": 2,
"Name": "Accounts Collection"
}
Creating New User
To create a new user on the BMC:
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X POST https://<IP>/redfish/v1/AccountService/Accounts -d '{ "UserName":"<USER>", "Password":"<PASSWORD>", "RoleId":"<ROLE>", "Enabled":true}'
Example output:
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The resource has been created successfully.",
"MessageArgs": [],
"MessageId": "Base.1.15.0.Created",
"MessageSeverity": "OK",
"Resolution": "None."
}
]
}
Deleting User
To delete a user from the system:
curl -k -u root:'<password>' -H 'Content-Type: application/json' -X DELETE https://<IP>/redfish/v1/AccountService/Accounts/<USER>
Example:
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The account was successfully removed.",
"MessageArgs": [],
"MessageId": "Base.1.15.0.AccountRemoved",
"MessageSeverity": "OK",
"Resolution": "No resolution is required."
}
]
}
Listing Users
ipmitool user list [<channel-number>]
Example:
ipmitool user list 1
Creating User
ipmitool user set name <user-id> <username>
For example:
ipmitool user set name 2 Admin
Setting User Password
ipmitool user set password <user-id> <password>
Example:
ipmitool user set password 2 AdminPass_123
Enabling/Disabling User
ipmitool user <enable|disable> <user-id>
Example:
ipmitool user enable 2
Setting User Privilege
ipmitool user priv <user-id> <privilege level(1-4)> [<channel-number>]
Where "privilege level":
1 – callback level (currently not supported)
2 – user level
3 – operator level
4 – administrator level
Example:
ipmitool user priv 2 0x3 1
Enabling Remote IPMI for User
To enable remote IPMI command functionality for a user:
ipmitool channel setaccess [<channel-number>] <user-id> ipmi=<on|off>
For example:
ipmitool channel setaccess 1 2 ipmi=on
Lanplus Commands to Execute IPMI Commands Remotely for Admin Users
Lanplus commands to execute IPMI commands remotely for users with admin permissions:
ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc-ip-address> <ipmi-command>
For example:
ipmitool -C 17 -I lanplus -U ADMIN -P AdminPass_123! -H 10.10.10.10 user list 1
Lanplus Commands to Execute IPMI Commands Remotely for Non-admin Users
Lanplus commands to execute IPMI commands remotely for users with a non-administrator role:
ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc-ip-address> -L <privilege (operator|user)> <ipmi-command>
For example:
ipmitool -C 17 -I lanplus -U operator1 -P operator123 -H 10.10.10.10 -L operator user list 1
ipmitool -C 17 -I lanplus -U user1 -P user123 -H 10.10.10.10 -L user chassis status
Deleting User
ipmitool user set name <user-id> ""
For example:
ipmitool user set name 2 ""