How directory integration works – HP Remote Insight Lights-Out Edition II Board User Manual
Page 76
Directory services 76
•
Standards—Lights-Out directory support builds on top of the LDAP 2.0 standard for secure directory
access.
How directory integration works
Schema-free
At the login page, enter a login name and a password. If ActiveX is enabled in the browser, the login
name is converted to the directories DN format and stored in a security cookie in the browser. The
browser then loads the home page for RILOE II.
RILOE II reads the security cookie and extracts the DN for each page displayed. RILOE II reads the
directory object pointed to by the DN. RILOE II then determines what groups the object is a member of
and compares this information with a list kept in RILOE II. If there is a match, then the privileges
associated with this group in RILOE II determine whether you have access to the page requested.
When using a schema-free directory configuration, after you attempt to log in to RILOE II, RILOE II
attempts to read your object in the directory to determine what groups you are a member of. RILOE II
compares the list of groups to group names RILOE II is configured to recognize. If RILOE II finds a match,
RILOE II determines what privileges you have based on the privileges configured for that group in RILOE
II.
If you are a member of any group that RILOE II recognizes, you have login rights to RILOE II, regardless of
what rights are associated with the group. User rights are a combination of all rights for the groups you
are a member of that RILOE II recognizes.
If at login the ActiveX control does not run, then the complete login name or the login name prepended
with a user context is used for the directory lookup process. For this to work, the login name must either
be in full DN format or in a format that the combination of the login name with a user context is made into
a full DN.
HP Extended schema
Refer to the "Directory-enabled remote management (on page
Advantages and disadvantages of schema-free and HP
Extended schema
Before configuring RILOE II for directories, you must decide whether to use the directory's schema-free
option (the default schema) or the HP Extended schema option.
The advantages of using the schema-free option are:
•
There is no need to extend the directory's schema.
•
When ActiveX controls are enabled on the browser, logging in using NetBIOS and e-mail formats is
supported.
The advantages of using the HP Extended schema option are:
•
There is much more flexibility in controlling access. For example, access can be limited to a time of
day or from a certain range of IP addresses.
•
Groups are maintained in the directory, not on each RILOE II.
•
eDirectory works only with RILOE II using the HP Extended schema.