HP BladeSystem c7000 How to Enable LDAP Directory Services Authentication to M
HP BladeSystem c7000 Manual
View all HP BladeSystem c7000 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP BladeSystem c7000 manual content summary:
- HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 1
HP cClass Onboard Administrator I. Certificate Services a. Install a Certificate Authority onto a Windows server in the domain (Control Panel/Add Remove Programs/Windows Components). The CA must be set to process new cert requests automatically. For Enterprise Root CA's, this is the only option. For - HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 2
in the IP address or name of one of your DC's. This DC MUST be accepting LDAP connections over SSL (636 is the default port for LDAP over SSL in MS AD and it could possibly be an alternate port if it was changed). See the Troubleshooting section (below) for more information on - HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 3
certificates may be uploaded. For now, just upload the one that you know is allowing LDAP over SSL that was used in Step III. a. Click the Upload Certificate Tab as shown below a certificate as shown below. Click "View Certificate" c. Click the Details Tab and click the Copy to File button as shown - HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 4
d. As shown below, select Base-64 encoded x.509 (.CER) from the list of export options (this is important). Provide a name and location for the file (c:\dccert.cer) and finish the wizard. e. Locate the exported certificate file in explorer and rename it to a .txt - HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 5
Group names that exist in OA. We will create these OA Directory Groups in this step. The group name is used to determine LDAP users' group membership and must match one of the following five properties of a directory group: the name, distinguished name, common name, Display Name, or SAM Account Name - HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 6
d. Create a Second Directory Group called "OA Operators" to match the operator group we created in Active Directory. This time, give the group Operator privilege level instead of Administrator and do not give the group access to Server Bays but do allow access to Interconnect bays and click "Add" as - HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 7
DOMAIN\Admin And enter the corresponding password you used for this user account. The login should succeed and you should have full Administrative privileges. If the long does not succeed, see the troubleshooting section later in this paper. Now, logoff or sign out of OA and attempt to login is as - HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 8
Troubleshooting: If you are having trouble authenticating, the following steps or view the displayed" requires a reboot in some cases. To avoid the reboot, you can force this to happen by following these steps Services is added and removed and then added again. To resolve this, use the method in Step - HP BladeSystem c7000 | How to Enable LDAP Directory Services Authentication to M - Page 9
Document.jsp?objectID=PSD_EM 030604_CW01 A third problem could be that the domain controllers have not autoenrolled. The DC's take up to 8 hours to autoenroll and get their certificates issued because MS uses GPO to make the DC's aware of the newly installed the OA has all of the proper network
How to Enable LDAP Directory Services Authentication to Microsoft Active
Directory in the HP cClass Onboard Administrator
I.
Certificate Services
a.
Install a Certificate Authority onto a Windows server in the domain
(Control Panel/Add Remove Programs/Windows Components).
The CA must be set to process new cert requests automatically. For Enterprise
Root CA’s, this is the only option. For Stand-alone CA’s, it is set in: Admin
Tools/Certification Authority/Right click the CA/Properties. Click the “Policy
Module” and the “configure” button. The “Default Action” tab will be
displayed. Set the “Always issue the certificate” to on.
* HP strongly suggests you use an Enterprise root CA as the process for DC’s
to request and accept DC certificates from stand alone CA’s is not trivial.
II.
Preparing the Directory
Some liberty can be taken with the names used here, but if this is the first time
you are doing this, you should follow these steps so that you understand how the
process works. Once you have the hang of it, you can alter the names and
locations, etc. For a normal customer install, these types of groups already exist.
a.
Create a Windows group called “OA Admins” and put a user called
Admin in this group.
OS level permissions are not important for this user (i.e. he does not need to
be a member of Administrators in AD or anything for this to work).
b.
Create a group called “OA Operators” and put a user called Operator in
this group. Again, OS level permissions are not important for this user (i.e.
he does not need to be a member of Administrators in AD or anything for
this to work).
For the purposes of this paper, we’ll call this user “operator”
III.
Preparing the OA
a.
Navigate to the Directory Settings screen located under Users/
Authentications for the desired enclosure.