HP 336045-B21 Deploying HP KVM consoling solutions best practices - Page 13

The directory services option can be configured to operate in one of two basic modes: Authenticate Only and LDAP (for authentication and authorization). Note With LDAP operation, if the directory service of the domain controller is unavailable, the built-in, console switch administrator account still has access to the switch and all connected servers. However, a user must log into a connected server. Authenticate Only mode In Authenticate Only mode, the directory service of the domain controller validates switch users, but the switch itself grants access to the requested server. User data exists in the both the switch and the directory of the domain controller. Figure 11 illustrates how a switch user's query is processed in the Authenticate Only mode. Figure 11. Query processing in Authenticate Only mode Switch User 1. Request to view server console 2. User ID + password forwarded by LDAP Switch Domain Controller Server 6. Switch response 5. If valid, switch grants access to requested server based on KVM rights in switch. If invalid, KVM connection is denied. 4. Directory response 3. Directory checks User ID and password for validity. Note In the Authenticate Only mode, the user account data in the switch and the user account data in the directory must match exactly. 13