Schema-free setup options, Schema-free nested groups – HP Integrated Lights-Out User Manual
Page 141
Directory services 141
processors for directories. For more information on using HPLOMIG, see "HPQLOMIG directory migration
)."
Schema-free setup options
Setup options are the same regardless of which method (browser, HPQLOMIG, or script) you use to
configure the directory.
After enabling directories and selecting the Schema-free option, you have the following options.
Minimum Login Flexibility
•
Enter the directory server’s DNS name or IP address and LDAP port. Typically, the LDAP port for an
SSL connection is 636.
•
Enter the distinguished name for at least one group. This group can be a security group (for
example: "CN=Administrators,CN=Builtin,DC=HP,DC=com") or any other group as long as the
intended iLO 2 users are members of the group.
With a minimum configuration, you can log into iLO 2 using your full distinguished name and
password. You must be a member of a group that iLO 2 recognizes.
Better Login Flexibility
•
In addition to the minimum settings, enter at least one directory user context.
At login time, the login name and user context are combined to make the user's distinguished name.
For instance, if the user logs in as "JOHN.SMITH" and a user context is set up as
"CN=USERS,DC=HP,DC=COM", then the distinguished name that iLO 2 will try will be
"CN=JOHN.SMITH,CN=USERS,DC=HP,DC=COM."
Maximum Login Flexibility
•
Configure iLO 2 as described.
•
Configure iLO 2 with a DNS name, not an IP address for the directory server's network address. The
DNS name must be resolvable to an IP address from both iLO 2 and the client system.
•
Enable ActiveX controls in your browser. The iLO 2 login script will attempt to call a Windows®
control to convert the login name to a distinguished name.
Configuring iLO 2 with maximum login flexibility enables you to login using your full distinguished
name and password, your name as it appears in the directory, NetBIOS format
(domain/login_name), or the e-mail format (login_name@domain).
NOTE:
Your system security settings or installed software might prevent the login script from
calling the Windows® ActiveX control. If this happens, your browser displays a warning
message in the status bar, message box, or might stop responding. To help identify what
software or setting is causing the problem, create another profile and log in to the system.
In some cases, it might not be possible to get the maximum login flexibility option to work. For instance, if
the client and iLO 2 are in different DNS domains, one of the two might not be able to resolve the
directory server name to an IP address.
Schema-free nested groups
Many organizations have users and administrators arranged into groups. Having this arrangement of
existing groups is convenient because you can associate them with one or more Integrated Lights-Out