HP Integrity BL870c HP Integrity iLO 2 Operations Guide, Eleventh Edition - Page 76
Configuring Schema-Free LDAP
![]() |
View all HP Integrity BL870c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 76 highlights
It assists with installing the schema and snap-ins needed for Active Directory to work with iLO 2 products including Integrity iLO 2. This is for set up and management. It will not do automatic migration for you. For Integrity iLO 2, you must manually add iLO 2 objects to the directory server and set up user accounts and privileges. You can find the tool on the HP website at: http://h20000.www2.hp.com/bizsupport/TechSupport/ SoftwareDescription.jsp?lang=en&cc=US&swItem=MTX-UNITY-I23896 Using directory services after users enter their login and password, the browser sends the cookie to iLO 2. The iLO 2 processor accesses the directory service to determine which roles are available for that user login. iLO 2 first uses the credentials to access the iLO 2 device object in the directory. The directory service returns only the roles for which the user has rights. If the user credentials allow read access to the iLO 2 device object and the role object, iLO 2 determines the role object's distinguished name and the associated user privileges. iLO 2 then calculates the current user privileges based on those roles and grants them to that user. Configuring Schema-Free LDAP IMPORTANT: Due to command syntax changes in schema-free LDAP, some customer-developed scripts may not run. You must change any scripts you developed to enable them to run with the new schema-free LDAP syntax. Integrity iLO 2 schema-free directory integration enables you to use the standard directory schema instead of adding HP's schema to the directory database. You accomplish this by authenticating users from the directory database and authorizing iLO 2 privileges based on matching groups stored on each iLO 2. NOTE: Schema-Free LDAP is available only if you have the iLO 2 Advanced Pack license. In addition to general directory integration benefits, iLO 2 schema-free integration provides the following advantages: • Easy implementation without schema extensions. iLO 2 schema-free integration is configured from any iLO 2 user interface (browser, command line, or script). • Minimal administration and maintenance. - After initial setup, only groups and permissions require maintenance support on iLO 2; typically group and permission changes occur infrequently. - The schema-free approach does not require updating directory databases with new iLO 2 devices objects. • Reliable security. Integrity iLO 2 schema-free integration does not affect standard directory attributes, avoiding conflicting use of attributes that can result over time. • Complements two-factor authentication. Integrity iLO 2 schema-free integration can be used in conjunction with iLO 2 two-factor authentication to provide asset protection using strong authentication. NOTE: If you have already extended your directory with HP schema, there is no need to switch to the schema-free approach. Schema extension provides the lowest maintenance approach for directory integration. Once this process has taken place, there is no advantage for the schema-free approach until a schema change is required. To configure schema-free LDAP, follow these steps: 76 Configuring DHCP, DNS, LDAP, and Schema-Free LDAP
![](/manual_guide/products/hewlettpackard-integrity-bl870c-hp-integrity-ilo-2-operations-guide-eleventh-edition-30e0a7d/76.png)