Home » HP Manuals » Servers » HP Integrity rx2800 » Manual Viewer

HP Integrity rx2800 HP Integrity iLO 3 Operations Guide - Page 34

Login process using directory services with extended LDAP, Directory Settings

View all HP Integrity rx2800 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 34 highlights

NOTE: The LDAP connection times out after 30 minutes of inactivity in Active Directory. For Novell directory, there is no inactivity timeout. To configure using the web interface, see "Group Accounts" (page 91). To configure LDAP extended schema: 1. From the MP Main Menu, enter command mode. 2. At the CM:hpiLO-> prompt, enter LDAP. 3. To select Directory Settings, enter D. The current LDAP directory settings appear. 4. To select all parameters enter A. The current LDAP directory authentication status appears. The local iLO 3 user accounts database status also appears. If enabled, the local iLO 3 user database is used if there is an authentication failure using the LDAP Directory. 5. Enter D for disabled, or E for enabled. You must enter E if LDAP directory authentication is disabled. The current LDAP server IP address appears. 6. Enter the IP address of the LDAP server. The current LDAP server port address appears. 7. Enter a new port number. The screen displays the current object distinguished name. This specifies the full distinguished name of the iLO 3 device object in the directory service. For example, CN=RILOE2OBJECT, CN=Users, DC=HP, DC=com. Distinguished names are limited to 255 characters maximum plus one for the NULL terminator character. 8. Enter a new name. The Current User Search Context 1 appears. 9. Enter a new search setting. The Current User Search Context 2 appears. NOTE: The context settings 1, 2, and 3 point to areas in the directory service where users are located, so that users do not have to enter the complete tree structure when logging in. For example, CN=Users, DC=HP, DC=com. Directory user contexts are limited to 127 characters maximum plus one for the NULL terminator character for each directory user context. 10. Enter a new search setting. The screen displays the Current User Search Context 3. 11. When prompted, enter a new search setting. The updated LDAP configuration is as follows: New Directory Configuration (* modified values): * L - LDAP Directory Authentication : Enabled M - Local MP User database : Enabled * I - Directory Server IP Address : 192.0.2.1 P - Directory Server LDAP Port : 636 D - Distinguished Name (DN) : cn=mp,o=demo 1 - User Search Context 1 : o=mp 2 - User Search Context 2 : o=demo 3 - User Search Context 3 : o=test Enter Parameter(s) to revise, Y to confirm, or [Q] to Quit: y -> LDAP Configuration has been updated Login process using directory services with extended LDAP You can choose to enable directory services to authenticate users and authorize user privileges for groups of iLO 3s. The iLO 3 directory services feature uses the industry-standard LDAP. HP layers LDAP on top of SSL to transmit the directory services information securely to the directory servers. More information about using iLO with directory services is available from the HP website at http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/ c00190541.pdf?jumpid=reg_R1002_USEN. HP provides a tool for Active Directory support of HP MPs. This tool, HPQLOMIG.exe, is part of HP Directories Support for Management Processors softpaq (SP31581.exe). It assists with installing the schema and snap-ins needed for Active Directory to work with iLO 3 products including Integrity 34 Configuring DHCP, DNS, LDAP, and schema-free LDAP

Section	Page
HP Integrity iLO 3 Operations Guide	1
Contents	3
1 Introduction	9
Features	9
Integrity iLO 3 features	10
Always-on capability	10
Multiple access methods	10
Mirrored console	10
Remote power and reset	10
Virtual front panel	11
Security	11
User password access control	11
Multiple users	11
System management homepage	11
Firmware upgrades	12
Internal subsystem information	12
DHCP and DNS support	12
Group actions	12
Group actions using HP SIM	12
SNMP	12
Event logging	13
Directory-based secure authentication and authorization using LDAP	13
Schema-free LDAP	13
Integrated Remote Console	13
Virtual Media	13
Power Meter and Power Regulator	14
HP Insight Control power management	14
iLO 3 Advanced Pack licensing	14
Components and cables required for iLO 3 operation	15
Integrity iLO 3 supported browsers and client operating systems	15
Security	15
2 Ports, buttons, LEDs, and components	17
iLO 3 Physical Presence button	17
HP Integrity server blade components	17
HP BladeSystem Enclosures	17
c7000 Enclosure	17
c3000 Enclosure	18
Onboard Administrator	18
Integrity rx2800 i2 server	18
3 Getting connected to iLO 3	19
Rackmount server connection	19
Preparing to set up iLO 3	19
Determining the physical iLO 3 access method	19
Determining the iLO 3 MP LAN configuration method	20
Configuring the iLO 3 MP LAN using DHCP and DNS	20
Configuring the iLO 3 MP LAN using the console serial port	21
Server blade connection	22
Connecting the server blade to iLO 3 using the Onboard Administrator	22
DHCP and auxiliary blades	22
Auto login	23
Initiating an auto login session	24
Terminating an auto login session	24
User account cleanup during IPF blade initialization	24
Auto login troubleshooting	24
Connecting to a server blade iLO 3 using the console serial port	25
Connecting to iLO 3 using the Onboard Administrator	25
Additional setup	25
Modifying default account configuration settings	25
Changing the default password	26
Setting up user accounts	26
Setting up security	26
Setting security access	26
Setting iLO MP LAN from UEFI	26
4 Logging in to iLO 3	28
Logging in to iLO 3 using the web GUI	28
Logging in to iLO 3 using the command-line interface	28
Logging in to iLO 3 through the OA	28
5 Accessing the host (operating system) console	30
Accessing a text host console through iLO 3 virtual serial console	30
Accessing online help	31
Accessing a text host console using the TUI	31
Help system	31
6 Configuring DHCP, DNS, LDAP, and schema-free LDAP	32
Configuring DHCP	32
Configuring DNS	33
Configuring LDAP extended schema	33
Login process using directory services with extended LDAP	34
Configuring schema-free LDAP	35
Setting up directory security groups	36
Login process using directory services without schema extensions	36
7 Using iLO 3	37
Text user interface	37
MP command interfaces	37
MP main menu	37
MP Main Menu commands	38
CO (Console): Leave the MP Main Menu and enter console mode	38
Accessing UEFI or the OS from iLO 3	38
VFP (Virtual Front Panel): Simulate the display panel	38
CM (Command Mode): Enter command mode	39
CL Display console history	39
SL (Show Logs): Display the status logs	39
HE (Help): Display help for the menu or command in the MP Main Menu	42
X (Exit): Exit iLO 3	42
Command Menu	42
Command-line interface scripting	44
Expect script example	44
Command menu commands and standard command line scripting syntax	46
BLADE: Display enclosure, bay, and Onboard Administrator information	46
CA: Configure serial port parameters	47
DATE: Display date	48
DC (Default Configuration): Reset all parameters to default configurations	48
DF: Display FRUID information	49
DI: Disconnect remote or LAN console	49
DNS: DNS settings	50
FW: Upgrade the MP firmware	50
HE: Print Help Menu and MP hardware and firmware revision	51
ID: System information settings	51
IT: Modify MP inactivity timers	51
LC: LAN configuration usage	52
LDAP: LDAP directory settings	53
LDAP: LDAP group administration	54
LDAP: Schema-free LDAP	55
LM: License manager	55
LOC: Locator UID LED configuration	55
LS: LAN status	55
PC: Power control	55
PM: Power regulator mode	56
PR: Set power restore policy	57
PS: Power status	57
RS: Reset system through the RST signal	57
SA: Set access	57
SO: Security option help	58
SYSREV, SR: Firmware revisions	59
SS: System processor status	59
SYSSET: Display system settings	59
TC: System reset through INIT signal	59
TE: Send a message to other mirroring terminals	60
UC: User Configuration (users, passwords, and so on)	60
WHO: Display a list of connected iLO 3 users	62
WOL: Wake-On-LAN	62
XD: iLO 3 diagnostics and reset	62
Web GUI	62
Accessing the iLO 3 web GUI	63
System Status	63
Status Summary>Overview tab	63
Status Summary>Active Users	64
Status Summary>FW Revisions	65
System Health	66
System Event Log	67
Events	68
Forward Progress Log	68
System Inventory	69
iLO Health	69
iLO Event Log	70
Remote Serial Console	71
Remote Serial Console	73
Integrated Remote Console	73
IRC requirements	74
Instructions for importing the iLO certificate	74
Suggestions for configuring and using the IRC	74
IRC features	75
IRC limitations	75
Using the IRC	75
Virtual Media	76
Using iLO 3 virtual media devices	76
Virtual CD/DVD-ROM	77
Virtual Media CD/DVD-ROM operating system	79
Creating the iLO 3 disk image files	80
Virtual USB key	81
Performance	82
Server blade Onboard Administrator DVD	83
Virtual Media applet timeout	83
Supported operating systems and USB support for virtual Media	83
Java Plug-in version	83
Client operating system and browser support for virtual media	83
Power Management	83
Power & Reset	83
Power Meter Readings	85
Power regulator	86
Administration	87
Firmware Upgrade	87
Licensing	89
User Administration>Local Accounts	90
Group Accounts	91
Access Settings	92
LAN	92
Serial	94
Login Options	95
Directory Settings>Current LDAP Parameters	95
Network Settings	97
Network Settings>Standard	97
Domain Name Server	99
Onboard Administrator	100
Help	101
8 Installing and configuring directory services	102
Directory services	102
Features supported by directory integration	102
Directory services installation prerequisites	102
Installing directory services	103
Schema documentation	103
Directory services support	103
eDirectory installation prerequisites	104
Required schema software	104
Schema onstaller	104
Schema preview	105
Setup	105
Results	106
Management snap-in installer	106
Directory services for Active Directory	106
Active Directory installation prerequisites	107
Preparing directory services for Active Directory	107
Installing and initializing snap-ins for Active Directory	108
Example: creating and configuring directory objects for use with iLO 3 in Active Directory	109
Directory services objects	112
Active Directory snap-ins	112
Managing HP devices in a role	112
Managing users in a role	113
Setting login restrictions	114
Setting time restrictions	114
Defining client IP address or DNS name access	115
Setting user or group role rights	116
Directory services for eDirectory	116
Installing and initializing snap-ins for eDirectory	117
Example: creating and configuring directory objects for use with iLO 3 devices in eDirectory	117
Creating objects	117
Creating roles	118
Directory services objects for eDirectory	120
Adding role managed devices	120
Adding members	120
Setting role restrictions	121
Setting time restrictions	122
Defining client IP address or DNS name access	122
Setting Lights-Out management device rights	123
Installing snap-Ins and extending schema for eDirectory on a Linux platform	123
Installing the Java Runtime Environment	124
Installing snap-Ins	124
Extending schema	124
Verifying snap-in installation and schema extension	125
Using the LDAP command to configure directory settings	125
User login using directory services	126
Certificate services	127
Installing certificate services	127
Verifying directory services	127
Configuring an automatic certificate request	127
Directory-enabled remote management	128
Using existing groups	128
Using multiple roles	128
Creating roles that follow organizational structure	129
Restricting roles	129
Role time restrictions	130
IP address range restrictions	130
IP address and subnet mask restrictions	130
DNS-based restrictions	130
Role address restrictions	130
Enforcing directory login restrictions	131
Enforcing user time restrictions	131
User address restrictions	132
Creating multiple restrictions and roles	132
Directory services schema (LDAP)	133
HP management core LDAP object identifier classes and attributes	133
Core classes	134
Core attributes	134
Core class definitions	134
hpqTarget	134
hpqRole	135
hpqPolicy	135
Core attribute definitions	135
hpqPolicyDN	135
hpqRoleMembership	135
hpqTargetMembership	136
hpqRoleIPRestrictionDefault	136
hpqRoleIPRestrictions	136
hpqRoleTimeRestriction	136
iLO 3-secific LDAP OID classes and attributes	137
iLO 3 classes	137
iLO 3 attributes	137
iLO 3 class definitions	137
hpqLOMv100	137
iLO 3 attribute definitions	138
hpqLOMRightLogin	138
hpqLOMRightRemoteConsole	138
hpqLOMRightRemoteConsole	138
hpqLOMRightServerReset	138
hpqLOMRightLocalUserAdmin	139
hpqLOMRightConfigureSettings	139
9 Support and other resources	140
Contacting HP	140
Before you contact HP	140
HP contact information	140
Subscription service	140
Documentation feedback	140
Related information	141
Typographic conventions	141
Standard terms, abbreviations, and acronyms	142

Match case Limit results 1 per page

NOTE:

The LDAP connection times out after 30 minutes of inactivity in Active Directory. For Novell

directory, there is no inactivity timeout.

To configure using the web interface, see

“Group Accounts” (page 91)

To configure LDAP extended schema:

From the MP Main Menu, enter command mode.

At the

CM:hpiLO->

prompt, enter

LDAP

To select

Directory Settings

, enter

. The current LDAP directory settings appear.

To select all parameters enter

. The current LDAP directory authentication status appears.

The local iLO 3 user accounts database status also appears. If enabled, the local iLO 3 user

database is used if there is an authentication failure using the LDAP Directory.

Enter

for disabled, or

for enabled. You must enter

if LDAP directory authentication is

disabled. The current LDAP server IP address appears.

Enter the IP address of the LDAP server. The current LDAP server port address appears.

Enter a new port number. The screen displays the current object distinguished name. This

specifies the full distinguished name of the iLO 3 device object in the directory service. For

example,

CN=RILOE2OBJECT, CN=Users, DC=HP, DC=com

. Distinguished names are

limited to 255 characters maximum plus one for the

NULL

terminator character.

Enter a new name. The

Current User Search Context 1

appears.

Enter a new search setting. The

Current User Search Context 2

appears.

NOTE:

The context settings 1, 2, and 3 point to areas in the directory service where users

are located, so that users do not have to enter the complete tree structure when logging in.

For example,

CN=Users, DC=HP, DC=com

. Directory user contexts are limited to 127

characters maximum plus one for the

NULL

terminator character for each directory user context.

10. Enter a new search setting. The screen displays the Current User Search Context 3.

11.

When prompted, enter a new search setting.

The updated LDAP configuration is as follows:

New Directory Configuration (* modified values):

* L - LDAP Directory Authentication : Enabled

M - Local MP User database

: Enabled

* I - Directory Server IP Address

: 192.0.2.1

P - Directory Server LDAP Port

: 636

D - Distinguished Name (DN)

: cn=mp,o=demo

1 - User Search Context 1

: o=mp

2 - User Search Context 2

: o=demo

3 - User Search Context 3

: o=test

Enter Parameter(s) to revise, Y to confirm, or [Q] to Quit: y

-> LDAP Configuration has been updated

You can choose to enable directory services to authenticate users and authorize user privileges

for groups of iLO 3s. The iLO 3 directory services feature uses the industry-standard LDAP. HP

layers LDAP on top of SSL to transmit the directory services information securely to the directory

servers. More information about using iLO with directory services is available from the HP website

tp://h20000.w

.hp

.co

m/bc/doc

s/su

ppo

t/Su

ppo

tMan

ual/c00

c00

.pdf?j

d=r

eg_R1

2_U

SEN

HP provides a tool for Active Directory support of HP MPs. This tool,

HPQLOMIG.exe

, is part of

HP Directories Support for Management Processors

softpaq (SP31581.exe). It assists with installing

the schema and snap-ins needed for Active Directory to work with iLO 3 products including Integrity

Configuring DHCP, DNS, LDAP, and schema-free LDAP