Add an ldap group – HP Onboard Administrator User Manual

Configuring the HP BladeSystem c7000 enclosure and enclosure devices 280

Column

Description

in unintended authorization.

Privilege Level

Used to determine which administrative functions the user is allowed to perform. A

user's privilege level can be administrator, operator, or user.

Description

0 to 58 characters, containing alphanumeric characters, the dash (-), the underscore

(_), and the space. The description of the LDAP group, a more readable version of the
group name, or other useful information.

•

New—To add a new Directory Group to the selected enclosure, click New. You can add a maximum of

30 Directory Groups. The Add LDAP Group screen appears.

•

Edit—Select a Directory Group to be edited by selecting the check box next to the name of the group.

To change the settings on the Edit LDAP Group screen, click Edit.

•

Delete—Select the Directory Group to be deleted by selecting the check box next to the name of the

group. To remove the group, click Delete.

Nested LDAP group support
When using Microsoft Active Directory, you can place one or more groups in another group. Groups that are

contained within another group are called nested groups. The group that contains nested groups is called a

nesting group. The advantage of nested groups is that users of a nested group can log in to the Onboard
Administrator if their nesting group is configured appropriately. For example, assume group2 is nested in

group1. Users in group2 are allowed to log in to the Onboard Administrator if the parent LDAP group

(group1) is added to the Onboard Administrator and can be found using one of the search contexts. The

search context is not restricted to the exact location: if the search context path is high in the LDAP directory

tree, subtree searching is used. The Onboard Administrator supports the security group type only.
Distribution group type is not supported.

Add an LDAP Group

Group information

NOTE:

A maximum of 30 Directory Groups can be added.

Field

Possible value

Description

Group Name

1 to 255 characters; all

characters except quotation
marks ("). The first character of

the group name must be an

alpha character.

The group name is used to determine LDAP

users' group membership. The group name must
match one of the following five properties of a

directory group: the name, distinguished name,

common name, Display Name, or SAM
Account Name. The distinguished name is

recommended to uniquely specify the LDAP

group. If the Onboard Administrator is
configured to search the GC port and a

distinguished name is not used, then an

incorrect match in multiple domains may occur
which could result in unintended authorization.

Description

0 to 58 characters, including

all alphanumeric characters,

the dash (-), the underscore (_),
and the space

Can contain a more readable version of the

group name, as well as other useful information