Manualshelf

HP Integrity iLO 3 Operations Guide

ManualsBrandsHP ManualsServerHP Integrity BL890c i2 Server Blade
31323334353637383940
When LDAP is enabled with extended schema in iLO 3, after users enter their login and password,
the browser sends the cookie to iLO 3. The iLO 3 processor accesses the directory service to
determine which roles are available for that user login. The iLO 3 first uses the credentials to access
the iLO 3 device object in the directory. The directory service returns only the roles for which the
user has rights. If the user credentials allow read access to the iLO 3 device object and the role
object, iLO 3 determines the role object distinguished name and the associated user privileges.
The iLO 3 then calculates the current user privileges based on those roles and grants them to that
user.
Configuring schema-free LDAP
IMPORTANT: Due to command syntax changes in schema-free LDAP, some customer-developed
scripts may not run. You must change any scripts you developed to enable them to run with the
new schema-free LDAP syntax.
Integrity iLO 3 schema-free directory integration enables you to use the standard directory schema
instead of adding HP schema to the directory database. You accomplish this by authenticating
users from the directory database and authorizing iLO 3 privileges based on matching groups
stored on each iLO 3.
In addition to general directory integration benefits, iLO 3 schema-free integration provides the
following advantages:
Easy implementation without schema extensions.
iLO 3 schema-free integration is configured from any iLO 3 user interface (browser, command
line, or script).
Minimal administration and maintenance.
After initial setup, only groups and permissions require maintenance support on iLO 3;
typically group and permission changes occur infrequently.
The schema-free approach does not require updating directory databases with new iLO
3 devices objects.
Reliable security.
Integrity iLO 3 schema-free integration does not affect standard directory attributes, avoiding
conflicting use of attributes that can result over time.
NOTE: If you have already extended your directory with HP schema, there is no need to switch
to the schema-free approach. Schema extension provides the lowest maintenance approach for
directory integration. When this process has taken place, there is no advantage for the schema-free
approach until a schema change is required.
To configure schema-free LDAP:
1. Follow the procedure for “Configuring LDAP extended schema” (page 38), but omit Step 8.
It is not necessary to enter a new port number.
2. Set up directory security groups.
Setting up directory security groups
The following procedure describes how to set up directory security groups in schema-free LDAP
using the iLO 3 MP TUI. To use the web interface, see “Group Accounts” (page 101).
40 Configuring DHCP, DNS, LDAP, and schema-free LDAP