Schema-free setup options, Minimum login flexibility, Better login flexibility – HP Integrated Lights-Out 4 User Manual
Page 259: Maximum login flexibility, Schema-free nested groups
For more information, see
“HP Directories Support for ProLiant Management Processors utility”
.
Schema-free setup options
The schema-free setup options are the same, regardless of the method you use to configure the
directory.
To review the available methods, see
“Schema-free setup using the iLO web interface” (page 258)
,
“Schema-free setup using scripts” (page 258)
, and
“Schema-free setup with HP Directories Support
for ProLiant Management Processors” (page 258)
.
After you enable directories and select the schema-free option, you have the following options:
Minimum login flexibility
•
Enter the directory server DNS name or IP address and LDAP port. Typically, the LDAP port
for an SSL connection is 636.
•
Enter the DN for at least one group. This group can be a security group (for example,
CN=Administrators,CN=Builtin,DC=HP,DC=com
) or any other group as long as the
intended iLO users are members of the group.
With a minimum configuration, you can log in to iLO by using your full DN and password.
You must be a member of a group that iLO recognizes.
Better login flexibility
In addition to the minimum settings, enter at least one directory user context.
At login time, the login name and user context are combined to make the user DN. For example,
if the user logs in as JOHN.SMITH, and a user context is set up as CN=USERS,DC=HP,DC=COM,
the DN that iLO tries is CN=JOHN.SMITH,CN=USERS,DC=HP,DC=COM.
Maximum login flexibility
Configure iLO with a DNS name, and not an IP address, for the directory server network address.
The DNS name must be resolvable to an IP address from both iLO and the client system.
Configuring iLO with maximum login flexibility enables you to log in using your full DN and
password, your name as it appears in the directory, NetBIOS format (domain/login_name), or
email format (login_name@domain).
In some cases, the maximum login flexibility option might not work. For example, if the client and
iLO are in different DNS domains, one of the two might not be able to resolve the directory server
name to an IP address.
Schema-free nested groups
Many organizations have users and administrators arranged in groups. This arrangement of existing
groups is convenient because you can associate them with one or more iLO management role
objects. When iLO devices are associated with the role objects, you can use the administrator
controls to access the devices associated with the role by adding or deleting members from the
groups.
When using Microsoft Active Directory, you can place one group in another group to create a
nested group. Role objects are considered groups and can include other groups directly. You can
add the existing nested group directly to the role and assign the appropriate rights and restrictions.
You can add new users to either the existing group or the role.
In schema-free integration, users who are indirect members (a member of a group that is a nested
group of the primary group) are allowed to log in to iLO.
Schema-free directory integration 259