HP Integrity iLO 3 Operations Guide
Figure 64 Restricting general use
Alternatively, the directory administrator can create a role that grants the login right and restrict it
to the corporate network, create another role that grants only the server reset right and restrict it
to after-hours operation. This configuration is easier to manage but more unsecure because ongoing
administration can create another role that grants users from addresses outside the corporate
network the login right, which might unintentionally grant the iLO 3 administrators in the server
reset role the ability to reset the server from anywhere, provided they satisfy the time constraints
of that role.
CAUTION: The previous configuration satisfies corporate security policy. However, adding
another role that grants the login right can inadvertently grant server reset privileges from outside
the corporate subnet after hours. A more manageable solution might be to restrict the reset role,
as well as the general use role.
Figure 65 Restricting the reset role
Directory services schema (LDAP)
A directory schema specifies the types of objects that a directory can have and the mandatory and
optional attributes of each object type. The following sections describe both the HP management
core, and the LDAP object identifier classes and attributes that are specific to iLO 3.
HP management core LDAP object identifier classes and attributes
Object identifiers (OIDs) are unique numbers that are used by LDAP to identify object class, attribute,
syntaxes (data types), matching rules, protocol mechanisms, controls, extended operation and
supported features.
144 Installing and configuring directory services