confd_cli -u username is detecting the user groups only for the aaa users.
But our project is having external users these users are authenticated using LDAP servers.
These users are mapped to some groups of our project. But these groups are not identified or detected by confd_cli.
Pls help to solve this issue.
Use `confd_cli -u username -g group". See the confd_cli(1) man page (also available as an appendix to the UG).
root@orchestrator:/# /var/confd/bin/confd_cli -u admin
Welcome to the CPS CLI
admin connected from 127.0.0.1 using console on orchestrator
admin@orchestrator[TEST-Binding-master]# id
user = admin(0), gid=0, groups=policy-ro,policy-admin,mfa,grafana-viewer,grafana-admin,crd-read-write,crd-read-only,bulkstats,admin,root, gids=0
admin@orchestrator[TEST-Binding-master]# exit
root@orchestrator:/#
root@orchestrator:/# /var/confd/bin/confd_cli -u john
Welcome to the CPS CLI
john connected from 127.0.0.1 using console on orchestrator
john@orchestrator[TEST-Binding-master]# id
user = john(0), gid=0, groups=root, gids=0
here john is external user and belongs to crd-read-write, policy-admin and admin group.
but id command is not detecting those groups when john is logged in with confd_cli.
As mentioned above, the confd_cli program connects to ConfD directly via the IPC port and is not “logging in”. So you have to use the confd_cli -g option to specify which groups the user belongs to. From the confd_cli(1) man page:
-g, --groups GroupList
A comma-separated list of groups the connecting user is a member of. Used for access control by the AAA system in ConfD to authorize data and command access. Defaults to the UNIX groups that the user belongs to, i.e. the same as the
groups shell command returns.