Hpqroletimerestriction – HP Integrated Lights-Out User Manual

Page 217

background image

Directory services schema 217


This attribute is only used on role objects.
IP restrictions are satisfied when the address matches and

general access is denied, and unsatisfied when the address

matches and general access is allowed.
Values are an identifier byte followed by a type-specific

number of bytes specifying a network address.

For IP subnets, the identifier is <0x01>, followed by the

IP network address in network order, followed by the IP

network subnet mask in network order. For example,
the IP subnet would be

represented as <0x01 0x7F 0x00 0x00 0x01 0xFF

0x00 0x00 0x00>. For IP ranges, the identifier is
<0x02>, followed by the lower bound IP address,

followed by the upper bound IP address. Both are

inclusive and in network order, for example the IP

range to would be represented
as <0x02 0x0A 0x00 0x00 0x01 0x0A 0x00 0x0A


For DNS names or domains, the identifier is <0x03>,

followed by the ASCII encoded DNS name. DNS

names can be prefixed with a * (ASCII 0x2A), to

indicate they should match all names which end with
the specified string, for example the DNS domain

* is represented as <0x03 0x2A 0x2E

0x61 0x63 0x6D 0x65 0x2E 0x63 0x6F 0x6D>.
General access is allowed.




A seven day time grid, with 30-minute resolution, which
specifies rights restrictions under a time constraint.


Octet String {42}—


Single Valued


This attribute is only used on ROLE objects.
Time restrictions are satisfied when the bit corresponding to

the current local side real time of the device is 1 and

unsatisfied when the bit is 0.

The least significant bit of the first byte corresponds to

Sunday, from 12 midnight to Sunday 12:30 AM.

Each more significant bit and sequential byte

corresponds to the next consecutive half-hour blocks

within the week.

The most significant (8th) bit of the 42nd byte

corresponds to Saturday at 11:30 PM to Sunday at 12
