Account authentication, Autologin to ilo – HP Onboard Administrator User Manual
Page 18
Command line 18
Account classification Capabilities
Account name /
Privilege level
Bays selected for this
account
information of
enclosure
•
Can view CLI history
bays selected, but the
capabilities for the other bays
are defined in user
user
•
Can view status and
information of
selected bays
•
Can view CLI history
•
Can set password for
own account
•
Can set user contact
information for own
account
•
Can show CLI
commands
username / user
No OA bays and some
device bays and interconnect
bays
*EBIPA and VLAN features allow access to all bays for an OA operator.
Account authentication
Local users
•
This is the default setting. Local user accounts are directly authenticated against a password for each
account stored on the active Onboard Administrator.
•
Account modifications are automatically synchronized between both Onboard Administrator modules
if two are present.
•
Local users may be disabled if LDAP is enabled, leaving the Administrator account as the only local
account that cannot be disabled.
LDAP users
•
The Enable/Disable LDAP is an optional setting. LDAP enabled can be used with local users enabled or
disabled.
•
The Onboard Administrator will use configured LDAP server and search context to request account
authentication.
•
Configuration of the LDAP group will determine the privileges instead of the username.
•
If a user is configured for multiple groups with different privileges and bay permissions, then the user will
have the highest privileges and the combination of all permitted bays.
•
In version 2.10 or higher, if the user logged into the Onboard Administrator is an LDAP user then the
Onboard Administrator enforces the iLO license and requires that the iLO have a Select license before
allowing the AutoLogin to iLO.
AutoLogin to iLO
The following table indicates Onboard Administrator account privileges mapped to iLO privileges when
using Onboard Administrator AutoLogin.