HP Systems Insight Manager 5.3 Technical Reference Guide
Related procedure
▲ Configuring directory groups
Related topics
• Users and authorizations
• Directory Services
Configuring directory groups
After configuring the directory server parameters, you must configure the containers and groups that contain
the computer objects of interest. A container is like a branch, where systems in the container are child objects
of the container object in the directory tree. For example, consider a computer container, with a distinguished
name (DN) of
CN=Computers, DC=insight, DC=lab
. Another type of container is the Organizational Unit
(OU). This function is expected to exist in enterprise-class environments because it can be used to apply
Group Policy settings, whereas CN containers cannot (at least, not easily). Lastly, a directory group object
contains a list of member systems. The list is static and consists of each system’s DN in the directory.
Configuration of a container or group requires the DN of the group object, which specifies the fully qualified
location of the object in the directory.
To determine the name of the Windows domain specified by the container, the directory domain object is
determined from the container DN. This domain object is the DC components of the DN. For example,
DC=Insight, DC=lab
. This object is required to determine the Windows domain name. If a plain container
object (not an OU) is specified, only the Windows domain is discovered for member systems. The default
computer container (
CN=Computers, DC=Insight, DC=lab
) falls into this category. If an OU container object
(object class is
organizationalUnit
) is specified, the OU name is determined through the OU directory attribute,
and both the OU and Windows domain attributes are discovered for member systems.
To determine a system’s membership in a directory group object, the group object is queried for the system’s
DN (if available in HP SIM from a container search). If the DN is not available in HP SIM, the list of members
in the directory group is read, and each object’s
Domain Name Service
(DNS) name is queried from the
directory (based on DN of the object). This object lookup is performed because the object might not have
been included in any of the configured containers. The HP SIM system is matched against this list, also using
the full DNS name.
When a system is considered to be a member of a configured container or group, its attributes (in HP SIM)
are modified accordingly, adding Windows domain, OU, and directory group attributes as appropriate. If
a system previously had these attributes, and the system is found to no longer be a member of the
corresponding container or group, the attribute is removed.
To configure a directory group:
1. Select Options→Directory Service→Directory Groups. The Directory Groups page appears.
2. Select target systems. See “Creating a task” for more information.
3. Click Next. The Specify Group Locations page appears.
4. Enter the Distinguished Name (DN) for the Group 1.
5. (Optional) If you want to search subtrees, select Search. This applies only to container and OU objects,
not directory group objects, and only to those OU objects that are more than one level deep. If this
option is selected, HP SIM searches the entire depth of the specified branch. A match is based on the
full DNS name of the system. If HP SIM does not have the full DNS name of a system, a match is
considered successful if the short system name matches (using the CN attribute of the object) and no
other partial match occurs. Systems having only an IP address available as the system name will fail
unless the IP address is the name in the directory object.
6. (Optional) To add additional groups, click Add. Repeat steps 4 through 6 for each group.
7. (Optional) To delete a group, click Delete next to the group to be deleted.
8. Click Run Now.
9. In the Confirm field, reenter the password for the user name specified.
Related procedure
▲ Configuring directory groups
Related topics
152 Directory Services