Hp schema directory integration – HP Integrated Lights-Out User Manual

Directory services 137

Advantages of using schema-free directory integration:

o

There is no need to extend the directory schema.

o

When ActiveX controls are enabled in the browser and login, NetBIOS and e-mail formats are
supported.

o

Little or no setup is required for users in the directory. If there is no setup, the directory uses
existing users and group memberships to access iLO 2. For example, if you have a domain
admin named User1, you can copy the distinguished name of the domain admin security group

over to iLO 2 and give it full privileges. User1 would then have access to iLO 2.

Disadvantages of using schema-free directory integration

o

Supports only Microsoft® Active Directory

o

Group privileges are administered on each iLO 2. However, this disadvantage is minimized by
group privileges rarely changing, and the task of changing group membership is administered in

the directory and not on each separate iLO 2. HP provides tools that enable changes to a large
number of iLO 2 to be made at the same time.

HP schema directory integration

HP schema directory integration consists of a class called hpqRole (which is a sub-class HP schema
directory integration and consists of a class called hpqRole (a subclass of Group), one called hpqTarget

(a sub-class of User), along with other helper classes. An instance of an hpqRole is simply a role. An

instance of an hpqTarget is equivalent to one iLO 2.
A role contains one or more iLO 2 and one or more users, and has a list of privileges that these users
have with the iLO 2 in the role. All iLO 2 access is managed by adding and removing users and iLO 2 to

and from the role, and by managing the privileges on the role. For example:

Advantages of using HP schema directory integration:

o

Greater flexibility controlling access. For example, you can limit access to a time of day or by a
certain range of IP addresses.

o

Groups and permissions are maintained in the directory, not on each iLO 2, and HP provides the
snap-ins required for managing HP groups and targets for Active Directory Users and Computers,

and eDirectory ConsoleOne.

o

Integration with eDirectory

Disadvantages of HP schema directory integration

•

The directory schema must be extended. However, this task is minimized because HP provides the
.ldf file and a wizard to extend the schema, and later versions of Active Directory enable you to

undo schema changes.