HP Integrated Lights-Out User Manual

Configuring iLO 2 54

•

Use HP Extended Schema—Selects directory authentication and authorization using directory objects

created with HP schema. Select this option if the directory has been extended with HP schema, and

you plan to use it.

•

Use Directory Default Schema—Selects directory authentication and authorization using user

accounts in the directory. Select this option if the directory is not extended with HP schema. User
accounts and group memberships are used to authenticate and authorize users. After entering the

directory network information, click Administer Groups and enter one or more valid directory

distinguished names and privileges to grant users access to iLO 2.

•

Enable Local User Accounts—Enables you to limit access to local users.

o

If Local User Accounts are enabled, a user can login using locally stored user credentials.

o

If Local User Accounts are disabled, user access is limited to valid directory credentials only.

Access using Local User Accounts is enabled if Directory Support is disabled and/or the iLO 2 Select
or iLO 2 Advanced License is revoked. You cannot disable local user access if you are logged in

using a local user account.

iLO 2 directory server settings enables you to identify the directory server address and port. These settings
include:

•

Directory Server Address—Enables you to specify the network DNS name or IP address of the
directory server. You can specify multiple servers, separated by a comma (,) or space ( ). If Use

Directory Default Schema is selected, enter a DNS name in the Directory Server Address field to

allow authentication with user ID. For example:

directory.hp.com

192.168.1.250, 192.168.1.251

•

Directory Server LDAP Port—Specifies the port number for the secure LDAP service on the server. The
default value for this port is 636. However, you can specify a different value if your directory service

is configured to use a different port.

•

iLO 2 Directory Properties—Identifies the LOM object in the directory tree. This information is used to
determine user access rights. You can configure iLO 2 with the password to the LOM object at this

time however, this information is not used until directory configuration support is provided.

•

LOM Object Distinguished Name—Specifies where this LOM instance is listed in the directory tree.
For example: cn=iLO 2 Mail Server,ou=Management Devices,o=hp
User search contexts are not applied to the LOM Object Distinguished Name when accessing the
directory server.

•

LOM Object Password—Specifies the password to the iLO 2 object that iLO 2 uses to verify the
directory for updates (LOM Object Distinguished Name).

•

Confirm Password—Verifies your LOM Object Password. If you alter the LOM Object Password,
reenter the new password in this field.

•

User Login Search Contexts enables you to specify common directory subcontexts so that users do
not need to enter their full distinguished name at login.
You can identify all objects listed in a directory using their unique distinguished names. However,
distinguished names can be long and users might not know their distinguished names, or have
accounts in different directory contexts. iLO 2 attempts to contact the directory service by

distinguishing name, and then applies the search contexts in order until successful.
Directory User Contexts specify user name contexts that are applied to the login name.
Example 1: