Setting up directory services, Setting up hp – HP Integrated Lights-Out 3 User Manual
Page 170
When you are using trustee or directory rights assignments to extend role membership, users must
be able to read the object that represents the iLO device. Some environments require that the
trustees of a role also be read trustees of the object to successfully authenticate users.
Setting up HP extended schema directory integration
When you are using HP schema directory integration, iLO supports both Active Directory and
eDirectory. However, these directory services require that the schema be extended.
Features supported by HP schema directory integration
Using the HP schema enables you to do the following:
•
Authenticate users from a shared, consolidated, scalable user database.
•
Control user privileges (authorization) by using the directory service.
•
Use roles in the directory service for group-level administration of iLO management processors
and iLO users.
A schema administrator must complete the task of extending the schema. The local user database
is retained. You can decide not to use directories, to use a combination of directories and local
accounts, or to use directories exclusively for authentication.
NOTE:
When you are connected through the Diagnostics Port, the directory server is not available.
You log in using a local account.
Advantages of using the HP extended schema include the following:
•
There is more flexibility in controlling access. For example, access can be limited to a time of
day or a certain range of IP addresses.
•
Groups are maintained in the directory, not on each iLO.
Setting up directory services
To successfully implement directory-enabled management on any iLO management processor:
1.
Plan
Review the following sections:
•
Directory services. For more information, see
“Directory services” (page 160)
•
Directory-enabled remote management. For more information, see
.
•
Directory services schema. For more information, see
2.
Install
a.
Download the HP Directories Support for ProLiant Management Processors package that
contains the schema installer, the management snap-in installer, and the migration utilities
from
.
b.
Run the schema installer once to extend the schema.
c.
Run the management snap-in installer and install the appropriate snap-in for your directory
service on one or more management workstations.
3.
Update
a.
Set directory server settings and the DN of the management processor objects on the
Directory Settings page in the iLO web interface. For more information, see
.
b.
If you are using the schema-free integration or Kerberos Zero Sign In, configure directory
groups. For more information, see
“Managing iLO users by using the iLO web interface”
170
Directory services