Setting up hp schema directory integration, Setting up directory services – HP Remote Insight Lights-Out Edition II Board User Manual

Directory services 79

In some cases, you might not be able to get the maximum login flexibility option to work. For instance, if
the client and RILOE II are in different DNS domains, one of the two might not be able to resolve the
directory server name to an IP address.

Setting up HP schema directory integration

When using the HP schema directory integration, RILOE II supports both Active Directory and eDirectory.
However, these directory services require the schema being extended.

Features supported by HP schema directory integration

RILOE II Directory Services functionality enables you to:

•

Authenticate users from a shared, consolidated, scalable user database.

•

Control user privileges (authorization) using the directory service.

•

Use roles in the directory service for group-level administration of RILOE II management processors
and RILOE II users.

Extending the schema must be completed by a Schema Administrator. The local user database is retained.
You can decide not to use directories, to use a combination of directories and local accounts, or to use
directories exclusively for authentication.

NOTE: When connected through the Diagnostics Port, the directory server is not available. You can log in

using a local account only.

Setting up directory services

To successfully enable directory-enabled management on any Lights-Out management processor:

1.

Review the following sections:

•

"Directory services (on page

75

)"

•

"Directory services schema (on page

187

)"

•

"Directory-enabled remote management (on page

103

)"

2.

Install:

a.

Download the HP Lights-Out Directory Package containing the schema installer, the management
snap-in installer, and the migrations utilities from the HP website
(

http://www.hp.com/servers/lights-out

).

b.

Run the schema installer (on page

81

) once to extend the schema.

c.

Run the management snap-in installer (on page

83

), and install the appropriate snap-in for your

directory service on one or more management workstations.

3.

Update:

a.

Flash the ROM on the Lights-Out management processor with the directory-enabled firmware.

b.

Set directory server settings and the distinguished name of the management processor objects on
the Directory Settings (on page

99

) page in the RILOE II GUI.

4.

Manage:

a.

Create a management device object and a role object ("

Directory services objects

" on page

88

)

using the snap-in.

b.

Assign rights to the role object, as necessary, and associate the role with the management device
object.

c.

Add users to the role object.