HP Integrated Lights-Out 3 User Manual
Page 57
Table 3 Directory tests (continued)
Description
Test
1. Verify that the configured directory server is the correct host.
2. Verify that iLO has a clear communication path to the directory server through port
636 (consider any routers or firewalls between iLO and the directory server).
3. Verify that any local firewall on the directory server is enabled to allow communications
through port 636.
iLO initiates SSL handshake and negotiation and LDAP communications with the directory
server through port 636.
Connect using SSL
If the test is successful, the SSL handshake and negotiation between iLO and the directory
server were successful.
If a failure occurs, the directory server is not enabled for SSL negotiations.
If you are using Microsoft Active Directory, verify that Active Directory Certificate Services
(Windows Server 2008) are installed.
This test binds the connection with the user name specified in the test boxes. If no user is
specified, iLO will do an anonymous bind.
Bind to Directory
Server
If the test is successful, the directory server accepted the binding.
If a failure occurs:
1. Verify that the directory server allows anonymous binding.
2. If you entered a user name in the test boxes, verify that the credentials are correct.
3. If you verified that the user name is correct, try using other user-name formats; for
example, [email protected], DOMAIN\username, username (called Display
Name in Active Directory), or userlogin.
4. Verify that the specified user is allowed to log in and is enabled.
If Directory Administrator Distinguished Name and Directory Administrator Password
were specified, iLO uses these values to log in to the directory server as an administrator.
These boxes are optional.
Directory
Administrator Login
iLO authenticates to the directory server with the specified user name and password.
User Authentication
If the test is successful, the supplied user credentials are correct.
If the test fails, the user name and/or password is incorrect.
If a failure occurs:
1. If you verified that the user name is correct, try using other user-name formats; for
example, [email protected], DOMAIN\username, username (called Display
Name in Active Directory), or userlogin.
2. Verify that the specified user is allowed to log in and is enabled.
3. Check to see if the specified user name is restricted by logon hours or IP-based logging.
This test verifies that the specified user name is part of the specified directory group, and
is part of the directory search context specified during directory services configuration.
User Authorization
If a failure occurs:
1. Verify that the specified user name is part of the specified directory group.
2. Check to see if the specified user name is restricted by logon hours or IP-based logging.
If Directory Administrator Distinguished Name was specified, iLO tries to search the
specified context.
Directory User
Contexts
If the test is successful, iLO found the context by using the administrator credentials to
search for the container in the directory.
Contexts that begin with "@" can be tested only by user login.
A failure indicates that the container could not be located.
This test searches for the iLO object in the directory server by using the LOM Object
Distinguished Name configured on the Security
→Directory page.
LOM Object Exists
Configuring iLO security
57