Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)

281

282

283

284

285

286

287

288

289

290

2. Use the set command (under oemhp_dirauth property) for the following directory settings

values:

• oemhp_dirauth—Enables or disables directory authentication.

• oemhp_dirsrvaddr—Sets the directory server IP address or DNS name. The

schema-free directory configuration requires a DNS name.

• oemhp_ldapport—Sets the directory server port.

• oemhp_usercntxt1—Sets the directory login search context 1.

• oemhp_group1_name—Sets the Security group DN.

• oemhp_group1_priv—Sets the group privileges.

For information about using the CLI to configure schema-free directory integration, see the iLO

scripting and CLI guide.

Setting up a schema-free configuration (Directories Support for ProLiant

Management Processors)

Hewlett Packard Enterprise recommends using Directories Support for ProLiant Management

Processors (HPLOMIG) to configure multiple iLO processors for directories.

For more information, see “Directories Support for ProLiant Management Processors utility

(HPLOMIG.exe)” (page 303).

Schema-free nested groups (Active Directory only)

Many organizations have users and administrators arranged in groups. This arrangement is

convenient because you can associate a group with one or more iLO systems. You can update

the configuration by adding or deleting group members.

Microsoft Active Directory supports placing one group in another group to create a nested group.

In a schema-free configuration, users who are indirect members (a member of a group that is a

nested group of the primary group) are allowed to log in to iLO.

HPE Extended Schema directory authentication

Using the HPE Extended Schema directory authentication option enables you to do the following:

• Authenticate users from a shared, consolidated, scalable user database.

• Control user privileges (authorization) by using the directory service.

• Use roles in the directory service for group-level administration of iLO management

processors and iLO users.

Advantages of HPE Extended Schema directory integration

• Groups are maintained in the directory, not on each iLO.

• Flexible access control—Access can be limited to a time of day or a certain range of IP

addresses.

Process overview: Configuring the HPE Extended Schema with Active Directory

1. Plan

Review the following:

• Directory-enabled remote management

• Directory services schema

• Active Directory requirements for the HPE Extended Schema configuration

HPE Extended Schema directory authentication 287