Schema-free directory integration – HP Integrated Lights-Out User Manual
Page 136
Directory services 136
•
Standards—Lights-Out directory support builds on top of the LDAP 2.0 standard for secure directory
access.
Advantages and disadvantages of schema-free
directories and HP schema directory
Directories enhance security, enabling you to manage access and rights from a centralized location.
Directories also enable flexible configuration. Some directory configuration practices work better with iLO
2 than others. Before configuring iLO 2 for directories, you must decide whether to use the schema-free
directory or the HP schema directory integration methods. Answer the following questions to help evaluate
your directory integration requirements:
1.
Can you apply schema extensions to your directory?
o
No—Are you using Microsoft Active Directory?
o
No—Directory integration might not fit your environment. Consider deploying an evaluation
directory server to assess the benefits of directory integration.
—
Yes—Use group-based schema-free directory integration.
o
Yes—Proceed to question 2.
2.
Is your configuration scalable?
o
No—Deploy an instance of the schema-free directory integration to evaluate whether or not this
directory integration method meets your policy and procedural requirements. If necessary, you
can deploy HP schema directory integration later.
o
Yes—Use HP schema directory integration.
The following questions can help you determine if your configuration is scalable:
o
Are you likely to changes the rights or privileges for a group of directory users?
o
Will you regularly script iLO 2 changes?
o
Do you use more than five groups to control iLO 2 privileges?
Schema-free directory integration
Using the schema-free directory integration method, users and group memberships reside in the directory,
but group privileges reside in the individual iLO 2. iLO 2 uses login credentials to read the user object in
the directory and retrieve the user group memberships, which are compared to those stored in iLO 2. If
there is a match, authorization is granted. For example: