HP Integrity and HP 9000 iLO MP Operations Guide, Fifth Edition

ManualsBrandsHP ManualsServerHP 9000 rp3440-4 Server

Table 6-17 LDAP Parameters Page Description

DescriptionField

Choosing enable or disable, activates or deactivates directory support on the iLO MP:

• Enable with Extended Schema: selects directory authentication and authorization

using directory objects created with HP schema. Select this option if the directory

server has been extended with the HP schema.

• Enable with Default Schema: selects directory authentication and authorization

using user accounts in the directory which has not been extended with the HP

schema. User accounts and group memberships are used to authenticate and

authorize users. Data in the Group Ad ministration page must be configured after

this option is selected.

Directory Authentication

Includes or excludes access to local iLO MP user accounts. Locally-stored user accounts

can be active while LDAP directory support is enabled. If local user accounts are

enabled, you can log into the iLO MP using locally-stored user credentials. If they are

disabled, access is limited to valid directory credentials only.

Local User Accounts

IP address of the directory server.Directory Server IP Address

Port number for the secure LDAP service on the server. The default value for this port

is 636.

Directory Server LDAP Port

Distinguished Name of the iLO MP. Specifies where this iLO MP instance is listed in

the directory tree. Example: cn=MP Server,ou=Management Devices,o=hp

Distinguished Name

User name contexts are used to locate an object in the tree structure of the directory

server and applied to the login name entered to access the iLO MP.

User Search Contexts (1,2,3)

Submits the information.Submit

Cancels the action.Cancel

Administration > Directory Settings > Group Administration

The Group Administration page (Figure 6-17) enables you to enter one or more directory groups

by specifying the distinguished name of the group and privileges that should be granted to users

who are members of that group. This page utilizes Lightweight Directory Access Protocol Light

(LDAP Lite), which provides user authentication for access to the iLO MP without extending

the schema on the LDAP server or snap-in installation on the client.

Not extending the schema on the directory server means the directory server will not know

anything about the iLO MP object or iLO MP privileges, and the only thing the iLO MP queries

from the directory server is to authenticate the user name and password.

NOTE: This functionality will only display if you have the iLO MP Advanced Pack license. For

more information on the iLO MP Advanced Pack license, see Section : “iLO MP Advanced Pack

License” (page 21).

You must configure group administration information when the directory is enabled with the

default schema.

When a user attempts to login into the iLO MP, the iLO MP reads that user’s directory name in

the directory to determine the groups the user is a member of. The iLO MP compares this

information with a list of groups configured by the user. The rights of all the matched groups

are combined and assigned to that user.

Web GUI 87