HP Integrated Lights-Out 2 User Manual
Page 52
User accounts and group memberships are used to authenticate and authorize users. After
entering the directory network information, to grant users access to iLO 2, click Administer
Groups, and enter one or more valid directory distinguished names and privileges.
•
Enable Local User Accounts – Enables you to limit access to local users.
If Local User Accounts are enabled, a user can login using locally stored user credentials.
—
— If Local User Accounts are disabled, user access is limited to valid directory credentials
only.
Access using Local User Accounts is enabled if Directory Support is disabled and/or the iLO
2 Select or iLO 2 Advanced License is revoked. You cannot disable local user access if you
are logged in using a local user account.
iLO 2 directory server settings enables you to identify the directory server address and port. These
settings include:
•
Directory Server Address – Enables you to specify the network DNS name or IP address of
the directory server. You can specify multiple servers, separated by a comma (,) or space ( ).
If Use Directory Default Schema is selected, enter a DNS name in the Directory Server Address
field to allow authentication with user ID. For example:
directory.hp.com
192.168.1.250, 192.168.1.251
•
Directory Server LDAP Port – Specifies the port number for the secure LDAP service on the
server. The default value for this port is 636. However, you can specify a different value if
your directory service is configured to use a different port.
•
iLO 2 Directory Properties – Identifies the LOM object in the directory tree. This information
is used to determine user access rights. You can configure iLO 2 with the password to the
LOM object at this time however, this information is not used until directory configuration
support is provided.
•
LOM Object Distinguished Name – Specifies where this LOM instance is listed in the directory
tree. For example: cn=iLO 2 Mail Server,ou=Management Devices,o=hp.
User search contexts are not applied to the LOM Object Distinguished Name when accessing
the directory server.
•
LOM Object Password – Specifies the password to the iLO 2 object that iLO 2 uses to verify
the directory for updates (LOM Object Distinguished Name).
•
Confirm Password – Verifies your LOM Object Password. If you alter the LOM Object Password,
reenter the new password in this field.
•
User Login Search Contexts enables you to specify common directory subcontexts so that users
do not need to enter their full distinguished name at login.
You can identify all objects listed in a directory using unique distinguished names. However,
distinguished names can be long and users might not know their distinguished names, or have
accounts in different directory contexts. iLO 2 attempts to contact the directory service by
distinguishing name, and then applies the search contexts in order until successful.
Directory User Contexts specify user name contexts that are applied to the login name.
Example 1:
Instead of logging in as cn=user,ou=engineering,o=hp a search context of
ou=engineering,o=hp
allows login as user.
Example 2:
If a system is managed by Information Management, Services, and Training, search contexts
like:
52
Configuring iLO 2