Configuring directory groups – HP Systems Insight Manager User Manual
Page 146
Related procedure
▲
Related topics
•
•
Configuring directory groups
After configuring the directory server parameters, you must configure the containers and groups that contain
the computer objects of interest. A container is like a branch, where systems in the container are child objects
of the container object in the directory tree. For example, consider a computer container, whose distinguished
name (DN) looks like
CN=Computers, DC=insight, DC=lab. Another type of container is the Organizational
Unit (OU). This is expected to exist in enterprise-class environments because they can be used to apply Group
Policy settings, whereas CN containers cannot (at least, not easily). Lastly, a directory group object contains
a list of member systems. The list is static and consists of each system’s distinguished name (DN) in the
directory.
Configuration of a container or group requires the DN of the group object, which specifies the fully qualified
location of the object in the directory.
To determine the name of the Windows domain specified by the container, the directory domain object is
determined from the DN of the container. This domain object is the DC components of the DN. For example,
DC=Insight, DC=lab. This object is required to determine the Windows domain name. If a plain container
object (not an OU) is specified, only the Windows domain is discovered for member systems. The default
computer container (
CN=Computers, DC=Insight, DC=lab) falls into this category. If an OU container object
(object class is
organizationalUnit) is specified, the organizational unit name is determined through the OU
directory attribute, and both the OU and Windows Domain attributes are discovered for member systems.
To determine a system’s membership in a directory group object, the group object is queried for the system’s
DN, if available in HP SIM from a container search. If the DN is not available in HP SIM, the list of members
of the directory group is read, and each object’s DNS name queried from the directory (based on objects’
DN.) This object lookup is done since the object might not have been included in any of the configured
containers. The HP SIM system is matched against this list, again using the full DNS name.
When a system is considered to be a member of the configured container or group, its attributes (in HP SIM)
are modified accordingly, adding Windows Domain, Organizational Unit, and Directory Group attributes
as appropriate. If a system previously had these attributes, and the system was found to no longer be a
member of the corresponding container or group, the attribute is removed.
1.
Select Options
→Directory Service→Directory Groups. The Directory Groups page appears.
2.
Select target systems. See
for more information.
3.
Click Next. The Specify Group Locations page appears.
4.
Enter the Distinguished Name (DN) for the Group 1.
5.
(Optional) Select Search if you want to search subtrees. This applies only to container and OU objects,
not directory group objects, and only to those OU objects that are more than one level deep. If this
option is selected, HP Systems Insight Manager (HP SIM) searches the entire depth of the specified
branch. A match is based on the full DNS name of the system. If HP SIM does not have the full DNS
name of a system, a match is considered successful if the short system name matches (using the CN
attribute of the object) and no other partial match occurs. Systems having only an IP address available
as the system name will fail unless the IP address is the name in the directory object.
6.
(Optional) Click Add to add additional groups. Repeat steps 4 through 6 for each group.
7.
(Optional) To delete a group, click Delete next to the group to be deleted.
8.
Click Run Now
9.
In the Confirm field, reenter the password for the user name specified.
Related procedure
▲
Related topics
146 Directory Services