Manualshelf

Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)
81828384858687888990
When you use user contexts, iLO attempts to contact the directory service by DN, and then
applies the search contexts in order until login is successful.
Example 1—If you enter the search context ou=engineering,o=ab, you can log in as
user instead of logging in as cn=user,ou=engineering,o=ab.
Example 2—If the IM, Services, and Training departments manage a system, the following
search contexts enable users in these departments to log in by using their common names:
Directory User Context 1:ou=IM,o=ab
Directory User Context 2:ou=Services,o=ab
Directory User Context 3:ou=Training,o=ab
If a user exists in both the IM organizational unit and the Training organizational unit,
login is first attempted as cn=user,ou=IM,o=ab.
Example 3 (Active Directory only)—Microsoft Active Directory allows an alternate user
credential format. A user can log in as user@domain.example.com. Entering the search
context @domain.example.com allows the user to log in as user. Only a successful login
attempt can test search contexts in this format.
Local user accounts with Kerberos authentication and directory integration
Local user accounts can be active when you configure iLO to use a directory or Kerberos
authentication. In this configuration, you can use local and directory-based user access.
Consider the following:
When local user accounts are enabled, configured users can log in by using locally stored
user credentials.
When local accounts are disabled, user access is limited to valid directory credentials.
Do not disable local user access until you have validated access through Kerberos or a
directory.
When you use Kerberos authentication or directory integration, Hewlett Packard Enterprise
recommends enabling local user accounts and configuring a user account with administrator
privileges. This account can be used if iLO cannot communicate with the directory server.
Access through local user accounts is enabled when directory support is disabled or an iLO
license is revoked.
Running directory tests
Directory tests enable you to validate the configured directory settings. The directory test results
are reset when directory settings are saved, or when the directory tests are started.
1. Click Test Settings on the SecurityDirectory page.
The Directory Tests page displays the results of a series of simple tests designed to validate
the current directory settings. It also includes a log that shows test results and detected
issues. After your directory settings are configured correctly, you do not need to rerun these
tests. The Directory Tests page does not require you to log in as a directory user.
2. In the Directory Test Controls section, enter the DN and password of a directory
administrator in the Directory Administrator Distinguished Name and Directory
Administrator Password boxes.
HPE recommends that you use the same credentials that you used when creating the iLO
objects in the directory. These credentials are not stored by iLO; they are used to verify the
iLO object and user search contexts.
3. In the Directory Test Controls section, enter a test user name and password in the Test
User Name and Test User Password boxes.
Directory authentication and authorization 81