beautypg.com

8 managing user passwords – HP OneView User Manual

Page 147

background image

Any user in the group can log in to the appliance, and each member of the group is assigned the
same role. On the login window, the user:

Enters their name (typically, the Common-Name attribute, CN).

Enters the password for the group.

Selects the authentication directory service. This box appears only if you have added an
authentication directory service to the appliance.

In the

Session control

, the user is identified by their name preceded by the authentication directory

service. For example:

CorpDir\pat

When you add an authentication directory service to the appliance, you provide search criteria
so that the appliance can find the group by its DN (Distinguished Name). For example, the following
attribute values identify a group of administrators in a Microsoft Active Directory:

distinguishedName CN=Administrator,CN=Users,DC=example,DC=com

The combination of LDAP attributes that make up the DN depends on the structure of the
authentication directory service, but typically, the CN attribute identifies the user or group.

NOTE:

If you specify a group that contains hierarchical levels of users, only users in that group

and in the next three levels lower can log in to the appliance.

A directory server is the physical or virtual machine that hosts the authentication directory service.
When you add the directory server, you configure the appliance by:

Specifying the IP address of the authentication directory service so that the appliance can
access it.

Specifying the LDAPS (LDAP over SSL) communication port.

LDAPS is the only protocol used for communication between the appliance and the
authentication directory service.

Installing a certificate to ensure integrity and authenticity between the appliance and the
authentication directory service.

If you replicate the authentication directory service for high availability or disaster tolerance, add
the replicated directory service as a separate directory service.

After configuring and adding a directory server, you can designate it as the default directory
service.

You can:

Allow local logins only, which is the default.

Allow both local logins and logins for user accounts authenticated by the directory service.

Disable local logins which restricts logins to user accounts authenticated by the directory
service.

20.8 Managing user passwords

A user with Infrastructure administrator privileges can manage the passwords of all local users on
the appliance using the UI or the REST APIs. Users without Infrastructure administrator privileges
can manage only their own passwords.

As Infrastructure administrator, you can view all users logged in to the appliance with the Users
and Groups screen or REST APIs. Select any user, and then edit their password or assigned role.

All other local users can edit their own passwords by using the UI or the REST APIs. In the UI, click
the Session icon in the top banner, and then click the Edit icon to change their current password
or contact information.

20.8 Managing user passwords

147