HP Integrity iLO 2 Operations Guide
Table Of Contents
- HP Integrity iLO 2 Operations Guide
- Contents
- About This Document
- 1 Introduction to iLO 2
- Features
- Standard Features
- Always-On Capability
- Virtual Front Panel
- Multiple Access Methods
- Security
- User Access Control
- Multiple Users
- IPMI over LAN
- System Management Homepage
- Firmware Upgrades
- Internal Subsystem Information
- DHCP and DNS Support
- Group Actions
- Group Actions Using HP SIM
- SNMP
- SMASH
- SM CLP
- Mirrored Console
- Remote Power Control
- Power Regulation
- Event Logging
- Advanced Features
- Standard Features
- Obtaining and Activating iLO 2 Advanced Pack Licensing
- Supported Systems and Required Components and Cables
- Integrity iLO 2 Supported Browsers and Client Operating Systems
- Security
- Features
- 2 Ports and LEDs
- 3 Getting Connected to iLO 2
- 4 Logging In to iLO 2
- 5 Adding Advanced Features
- Lights-Out Advanced KVM Card for sx2000 Servers
- Lights-Out Advanced KVM card Requirements
- Configuring the Lights-Out Advanced KVM Card
- Lights-Out Advanced KVM Card IRC Feature
- Lights-Out Advanced KVM Card vMedia Feature
- Installing the Lights-Out Advanced KVM Card in a Server
- Lights-Out Advanced KVM Card Quick Setup Steps
- Using Lights-Out Advanced KVM Features
- Mid Range PCI Backplane Power Behavior
- Troubleshooting the Lights-Out Advanced KVM Card
- Core I/O Card Configurations
- Supported PCI-X Slots
- Upgrading the Lights-Out Advanced KVM Card Firmware
- Lights-Out Advanced KVM Card for sx2000 Servers
- 6 Accessing the Host (Operating System) Console
- 7 Configuring DHCP, DNS, LDAP, and Schema-Free LDAP
- 8 Using iLO 2
- Text User Interface
- MP Command Interfaces
- MP Main Menu
- MP Main Menu Commands
- CO (Console): Leave the MP Main Menu and enter console mode
- VFP (Virtual Front Panel): Simulate the display panel
- CM (Command Mode): Enter command mode
- SMCLP (Server Management Command Line Protocol): Switch to the SMASH SMCLP
- CL (Console Log): View the history of the console output
- SL (Show Logs): View events in the log history
- HE (Help): Display help for the menu or command in the MP Main Menu
- X (Exit): Exit iLO 2
- MP Main Menu Commands
- Command Menu
- Command Line Interface Scripting
- Command Menu Commands and Standard Command Line Scripting Syntax
- BP: Reset BMC passwords
- BLADE: Display BLADE parameters
- CA: Configure asynchronous local serial port
- DATE: Display date
- DC (Default Configuration): Reset all parameters to default configurations
- DF: Display FRU information
- DI: Disconnect LAN, WEB, SSH, or Console
- DNS: DNS settings
- FW: Upgrade the MP firmware
- HE: Display help for menu or command in command menu interface
- ID: System information settings
- IT: Inactivity timeout settings
- LC: LAN configuration usage
- LDAP: LDAP directory settings
- LM: License management
- LOC: Locator UID LED configuration
- LS: LAN status
- PC: Power control access
- PM: Power regulator mode
- PR: Power restore policy configuration
- PS: Power status
- RB: Reset BMC
- RS: Reset system through the RST signal
- SA: Set access LAN/WEB/SSH/IPMI over LAN ports
- SNMP: Configure SNMP parameters
- SO: Security option help
- SS: System Status
- SYSREV: Firmware revisions
- TC: System reset through INIT or TOC signal
- TE: Send a message to other mirroring terminals
- UC: User Configuration (users, passwords, and so on)
- WHO: Display a list of iLO 2 connected users
- XD: iLO 2 Diagnostics or reset
- Web GUI
- System Status
- Remote Serial Console
- Integrated Remote Console
- Virtual Media
- Power Management
- Administration
- BL c-Class
- Help
- SMASH Server Management Command Line Protocol
- SM CLP Features and Functionality Overview
- Accessing the SM CLP Interface
- Using the SM CLP Interface
- SM CLP Syntax
- System1 Target
- System Reset Power Status and Power Control
- Map1 (iLO 2) Target
- Text Console Services
- Firmware Revision Display and Upgrade
- Remote Access Configuration
- Network Configuration
- User Accounts Configuration
- LDAP Configuration
- Text User Interface
- 9 Installing and Configuring Directory Services
- Directory Services
- Directory Services for Active Directory
- Directory Services for eDirectory
- Installing and Initializing Snap-In for eDirectory
- Example: Creating and Configuring Directory Objects for Use with iLO 2 Devices in eDirectory
- Directory Services Objects for eDirectory
- Setting Role Restrictions
- Setting Time Restrictions
- Setting Lights-Out Management Device Rights
- Installing Snap-Ins and Extending Schema for eDirectory on a Linux Platform
- Using the LDAP Command to Configure Directory Settings in iLO 2
- User Login Using Directory Services
- Certificate Services
- Directory-Enabled Remote Management
- Directory Services Schema (LDAP)
- Glossary
- Index
• Directory Server LDAP Port: Port number for the secure LDAP service on the server. The default
value for this port is 636.
• Distinguished Name: Specifies where this iLO 2 instance is listed in the directory tree. For
example: cn=MP Server,ou=Management Devices,o=hp
• User Search Contexts (1,2,3): User name contexts that are applied to the login name entered
to access iLO 2.
User name contexts are used to locate an object in the tree structure of the directory server
and applied to the login name entered to access iLO 2. All objects listed in the directory can
be identified using their unique distinguished name. However, distinguished names can be
long, users might not know their distinguished names, or they might have accounts in different
directory contexts. Search contexts enables users to specify common directory contexts, so
that they do not have to enter their full distinguished name at login. iLO 2 attempts to
authenticate a user in the directory first by the login name entered, and then by applying user
search contexts to that login name until login succeeds. For example:
Instead of logging in as cn=user,ou=engineering,o=hp, search context of
ou=engineering,o=hp enables a user to log in as user
When extended schema is selected and Active Directory is used as a directory server. Microsoft
Active Directory has an alternate user credential format. A user can log in as:
user@domain.hp.com, in which case a search context of @domain.hp.com enables the
user to login as user.
NOTE: For instances when user authentication uses the LDAP directory server that is configured
for Microsoft Active Directory, a user can log in using the username format
user@domain.hp.com. Currently, this user credential format is only supported on Internet
Explorer.
Command line usage and scripting:
LDAP [ -directory [ -ldap <d|x|s> ] [ -mp <e|d>]
[ -ip <hostname/ipaddr> ] [ -port <n>]
[ -dn <text> ] [ -1context <test>]
[ -2context <text>] [ -3context <text>]
| -groups [ -change <groupNo.> [ -dn <text>]
[ rights <e|d>]
<console|mp|power|user|virtual|all|none> ]
[ -list <groupNo.> ]]
| -nc ]
-?
See also: LOGIN, US
LDAP: LDAP group administration
LDAP enters one or more directory groups by specifying the distinguished name of the group and
privileges to be granted to users who are members of that group.
You must configure group administration information when the directory is enabled with the default
schema.
The group administration section of the LDAP command enables users to enter one or more directory
groups by specifying the distinguished name of the group and privileges to be granted to users
who are members of that group.
When a user attempts to log in to iLO 2, iLO 2 reads that user’s directory name in the directory
to determine which groups the user is a member of. iLO 2 compares this information with a list of
configured groups. The rights of all the matched groups are combined and assigned to that user.
92 Using iLO 2