Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)

281

282

283

284

285

286

287

288

289

290

compared to the group configuration stored in iLO. If the directory user account is verified as a

member of a configured iLO directory group, iLO login is successful.

Advantages of schema-free directory integration:

• Extending the directory schema is not required.

• Minimal setup is required for users in the directory. If no setup exists, the directory uses

existing users and group memberships to access iLO. For example, if you have a domain

administrator named User1, you can copy the DN of the domain administrator security group

to iLO and give it full privileges. User1 would then have access to iLO.

Disadvantage of schema-free directory integration

• Group privileges are administered on each iLO system. This disadvantage has minimal

impact because group privileges rarely change, and the task of changing group membership

is administered in the directory and not on each iLO system. Hewlett Packard Enterprise

provides tools that enable you to configure many iLO systems at the same time.

Schema-free configuration options

The schema-free setup options are the same, regardless of the method you use to configure the

directory. You can configure the directory settings for minimum login flexibility, better login

flexibility, or maximum login flexibility.

• Minimum login flexibility—With this configuration, you can log in to iLO by entering your

full DN and password. You must be a member of a group that iLO recognizes.

To use this configuration, enter the following settings:

◦ The directory server DNS name or IP address and LDAP port. Typically, the LDAP port

for an SSL connection is 636.

◦ The DN for at least one group. This group can be a security group (for example,

CN=Administrators,CN=Builtin,DC=HPE,DC=com for Active Directory) or any

other group, as long as the intended iLO users are group members.

• Better login flexibility—With this configuration, you can log in to iLO by entering your login

name and password. You must be a member of a group that iLO recognizes. At login time,

the login name and user context are combined to make the user DN.

To use this configuration, enter the minimum login flexibility settings and at least one directory

user context.

For example, if a user logs in as JOHN.SMITH, and the user context

CN=USERS,DC=HPE,DC=COM, is configured, iLO uses the following DN:

CN=JOHN.SMITH,CN=USERS,DC=HPE,DC=COM.

• Maximum login flexibility—With this configuration, you can log in to iLO by using your full

DN and password, your name as it appears in the directory, the NetBIOS format

(domain\login_name), or the email format (login_name@domain).

To use this configuration, configure the directory server address in iLO by entering the

directory DNS name instead of the IP address. The DNS name must be resolvable to an IP

address from both iLO and the client system.

Prerequisites for using schema-free directory integration

1. Install Active Directory and DNS.

Schema-free directory authentication 285