Home » HP Manuals » Servers » HP rp3440 » Manual Viewer

HP rp3440 HP Integrity and HP 9000 iLO MP Operations Guide, Fifth Edition - Page 60

cn=MP Server, ou=Management Devices, o=hp, [email protected]

Add to My Manuals
Save this manual to your list of manuals

Page 60 highlights

NOTE: LDAP directory settings is an iLO MP Advanced Pack license feature that enables centralized user account administration using directory services. LDAP displays and enables modification of the following LDAP directory settings: • Directory Authentication: Activates or deactivates directory support on the iLO MP. - Enable with Extended Schema: Selects directory authentication and authorization using directory objects created with HP schema. Select this option if the directory server is extended with the HP schema and you plan to use it. - Enable with Default Schema: selects directory authentication and authorization using user accounts in the directory, which has not been extended with the HP schema. User accounts and group memberships are used to authenticate and authorize users. Data in the Group Administration page must be configured after you select this option. In the Group Administration page, configure one or more directory groups by entering the distinguished name of the group and privileges to be granted to users who are members of that group. - Disable: Deactivates directory support on the iLO MP. • Local User Accounts: Includes or excludes access to local iLO MP user accounts. If local user accounts are enabled, you can log into the iLO MP using locally stored user credentials. If they are disabled, access is limited to valid directory credentials only. NOTE: Locally stored user accounts can be active while directory support is enabled. This enables both local- and directory-based user access. If both directory authentication and local user accounts are enabled, login is attempted using the directory first, then using local accounts. • Directory Server IP Address: IP address of the directory server. • Directory Server LDAP Port: Port number for the secure LDAP service on the server. The default value for this port is 636. • Distinguished Name: Specifies where this iLO MP instance is listed in the directory tree. For example: cn=MP Server,ou=Management Devices,o=hp • User Search Contexts (1,2,3): User name contexts are used to locate an object in the tree structure of the directory server and applied to the login name entered to access the iLO MP. User name contexts are used to locate an object in the tree structure of the directory server and applied to the login name entered to access the iLO MP. All objects listed in the directory can be identified using their unique distinguished name. However, distinguished names can be long, users might not know their distinguished names, or they might have accounts in different directory contexts. Search contexts enables users to specify common directory contexts, so that they do not have to enter their full distinguished name at login. iLO MP attempts to authenticate a user in the directory first by the login name entered, and then by applying user search contexts to that login name until login succeeds. For example: Instead of logging in as cn=user,ou=engineering,o=hp, search context of ou=engineering,o=hp enables a user to log in as user When extended schema is selected and Active Directory is used as a directory server. Microsoft Active Directory has an alternate user credential format. A user can log in as: [email protected], in which case a search context of @domain.hp.com enables the user to login as user. Command line usage and scripting: LDAP [ -directory [ -ldap ] [ -mp ] [ -ip ] [ -port ] [ -dn ] [ -1context ] 60 Using iLO

Section	Page
HP Integrity and HP 9000	1
Table of Contents	3
About This Document	13
Intended Audience	13
New and Changed Information in This Edition	13
Publishing History	13
Document Organization	14
Typographic Conventions	15
HP-UX Release Name and Release Identifier	15
Related Documents	16
HP Encourages Your Comments	16
1 Introduction to iLO MP	17
Features	17
Standard Features	17
Always-on Capability	18
Virtual Front Panel	18
Multiple Access Methods	18
Security	18
User Access Control	18
Multiple Users	18
IPMI over LAN	19
Firmware Upgrades	19
Internal Subsystem Information	19
DHCP and DNS Support	19
SNMP	19
Mirrored Console	19
Remote Power Control	20
Event Logging	20
Advanced Features	20
SSH	20
HPSIM Group Actions	20
Directory-Based Secure Authorization Using LDAP	20
LDAP Lite	20
iLO MP Advanced Pack License	21
Obtaining and Activating iLO MP Advanced Pack Licensing	21
Supported Systems and Required Components and Cables	21
iLO MP Supported Browsers and Client Operating Systems	22
Security	22
Security Setup	23
Protecting SNMP Traffic	23
Help System	23
Accessing Help Using the Text User Interface	23
Accessing Help Using the Web GUI	24
2 Ports and LEDs	25
Console Serial Port	25
iLO MP LAN Port	25
iLO MP LAN LEDs (rx4640; rp4410/4440)	26
iLO MP LAN LEDs (rx1600; rx1620; rx2600; rx2620; rp3410/3440)	27
iLO MP Reset Button	27
Resetting Local User Accounts and Passwords to Default Values	28
3 Setting Up and Connecting the Console	29
Setup Checklist	29
Setup Flowchart	30
Preparing to Set Up iLO MP	31
Determining the Physical iLO MP Access Method	31
Determining the iLO MP LAN Configuration Method	32
Configuring the iLO MP LAN Using DHCP and DNS	32
Configuring the iLO MP LAN Using ARP Ping	33
Configuring the iLO MP LAN Using the Console Serial Port	34
Logging In to the iLO MP	35
Additional Setup	36
Modifying User Accounts and Default Password	36
Setting Up Security	36
Setting Security Access	37
4 Accessing the Host Console	39
Accessing the iLO MP Using the Web GUI	39
Accessing Online Help	40
Accessing the Host Console Using the TUI	40
Accessing the Graphic Console Using VGA	41
5 Configuring DHCP, DNS, LDAP, and LDAP Lite	43
Configuring DHCP	43
Configuring DNS	44
Configuring LDAP Extended Schema	44
Login Process Using Directory Services with Extended LDAP	46
Configuring LDAP Lite Default Schema	46
Setting up Directory Security Groups	47
Login Process Using Directory Services Without Schema Extensions	47
6 Using iLO	49
Text User Interface	49
MP Command Interfaces	49
MP Main Menu	49
MP Main Menu Commands	49
CO (Console) Leave the MP Main Menu and enter console mode	49
VFP (Virtual Front Panel) Displays the virtual front panel	50
CM (Command Mode) Enter command mode	50
CL (Console Log) View the history of the console output	50
SL (Show Logs) Display contents of the system status logs	50
HE (Help) Display help for the menu or command	51
X: Exit iLO MP	51
Command Menu Commands	51
Command Line Interface Scripting	52
Expect Script Example	53
Command Menu Commands and Standard Command Line Scripting Syntax	54
BP: Reset BMC passwords	55
CA: Configure asynchronous local and remote serial port parameters	55
DATE: Display the current date	56
DC (Default Configuration): Reset all parameters to default configurations	56
DF: Display FRUID information	56
DI: Disconnect remote/Modem or LAN/Remote Serial Console	57
DNS: Set DNS configuration	57
FW: Firmware upgrade	57
HE (Help): Display help for menu or command	57
ID: Display or modify system information	58
IT: Modify iLO MP inactivity timers	58
LC: LAN configuration	58
LDAP: LDAP configuration	59
LDAP: LDAP group administration	61
LDAP: LDAP Lite	61
LM: License management	61
LOC: Locator LED status	61
LS: LAN status	62
MR: Modem reset	62
MS: Modem status—display modem status	62
PC: Power control—turn system power on and off	62
PG: Paging parameter setup	63
PR: Power restore policy configuration	63
PS: Power status	63
RB: Reset BMC	64
RS: Reset system through RST signal	64
SA: Set access options	64
SNMP: Configure SNMP parameters	64
SO: Configure security options and access control	65
SS (System Status)	65
SYSREV: Firmware revisions	65
TC: System reset through INIT or TOC signal	66
TE (Tell): Send a message to other terminals	66
UC (User Configuration): Controls user access	66
VDP: Display virtual diagnostics panel LEDs	67
WHO: Display a list of iLO MP connected users	68
XD: Diagnostics or reset of the iLO MP	68
Web GUI	68
System Status	69
System Status > Status Summary General	69
System Status > Status Summary > Active Users	70
System Status > Server Status > General	70
System Status > Server Status > Identification	71
System Status > System Event Log	72
Events	73
Remote Console	74
Remote Console > Remote Serial Console	74
Virtual Serial Port	76
Virtual Devices	76
Administration	78
Administration >User Administration	78
Administration > Access Settings	79
Administration > Access Settings > LAN	80
Administration > Access Settings > Serial	81
Administration > Access Settings > Login Options	81
Administration > Network Settings	82
Administration > Network Settings > Standard	82
Administration > Network Settings > Domain Name Service	83
Administration > Firmware Upgrade	84
Administration > Licensing	85
Administration > Directory Settings > LDAP Parameters	86
Administration > Directory Settings > Group Administration	87
Administration > SNMP Settings	88
Accessing Online Help	89
7 Installing and Configuring Directory Services	91
Directory Services	91
Features Supported by Directory Integration	92
Directory Services Installation Prerequisites	92
Installing Directory Services Overview	92
Schema Documentation	93
Directory Services Support	93
eDirectory Installation Prerequisites	93
Required Schema Software	93
Schema Installer	94
Schema Preview	94
Setup	94
Results	95
Management Snap-In Installer	96
Directory Services for Active Directory	96
Active Directory Installation Prerequisites	96
Preparing Directory Services for Active Directory	97
Installing and Initializing Snap-Ins for Active Directory	98
Example: Creating and Configuring Directory Objects for Use with iLO MP in Active Directory	98
Directory Services Objects	102
Active Directory Snap-Ins	102
Managing HP Devices Within a Role	102
Managing Users in a Role	103
Setting Login Restrictions	104
Setting Time Restrictions	105
Defining Client IP Address or DNS Name Access	106
Setting User or Group Role Rights	106
Directory Services for eDirectory	107
Installing and Initializing Snap-Ins for eDirectory	107
Creating and Configuring Directory Objects for Use with iLO MP Devices in eDirectory	108
Creating Objects	108
Creating Roles	109
Directory Services Objects for eDirectory	111
Adding Role Managed Devices	111
Adding Members	111
Setting Role Restrictions	112
Setting Time Restrictions	112
Defining Client IP Address or DNS Name Access	113
Setting Lights-Out Management Device Rights	113
Installing Snap-Ins and Extending Schema for eDirectory on a Linux Platform	114
Installing the Java Runtime Environment	114
Installing Snap-Ins	115
Extending Schema	115
Verifying Snap-In Installation and Schema Extension	115
Using the LDAP Command to Configure Directory Settings in iLO MP	116
User Login Using Directory Services	117
Certificate Services	118
Installing Certificate Services	118
Verifying Directory Services	118
Configuring an Automatic Certificate Request	118
Directory-Enabled Management	118
Using Existing Groups	119
Using Multiple Roles	119
Creating Roles that Follow Organizational Structure	120
Restricting Roles	120
Role Time Restrictions	120
IP Address Range Restrictions	121
IP Address and Subnet Mask Restrictions	121
DNS-Based Restrictions	121
Role Address Restrictions	121
How Directory Login Restrictions Are Enforced	121
How User Time Restrictions Are Enforced	122
User Address Restrictions	122
Creating Multiple Restrictions and Roles	123
Directory Services Schema (LDAP)	124
HP Management Core LDAP Object Identifier Classes and Attributes	124
Core Classes	124
Core Attributes	124
Core Class Definitions	125
hpqTarget	125
hpqRole	125
hpqPolicy	125
Core Attribute Definitions	125
hpqPolicyDN	126
hpqRoleMembership	126
hpqTargetMembership	126
hpqRoleIPRestrictionDefault	126
hpqRoleIPRestrictions	127
hpqRoleTimeRestriction	127
iLO MP-Specific LDAP OID Classes and Attributes	127
iLO MP Classes	127
iLO MP Attributes	128
iLO MP Class Definitions	128
hpqLOMv100	128
iLO MP Attribute Definitions	128
hpqLOMRightLogin	128
hpqLOMRightRemoteConsole	129
hpqLOMRightServerReset	129
hpqLOMRightLocalUserAdmin	129
hpqLOMRightConfigureSettings	129
Glossary	131

Match case Limit results 1 per page

NOTE:

LDAP

directory settings is an iLO MP Advanced Pack license feature that enables

centralized user account administration using directory services.

LDAP

displays and enables modification of the following LDAP directory settings:

•

Directory Authentication: Activates or deactivates directory support on the iLO MP.

—

Enable with Extended Schema: Selects directory authentication and authorization using

directory objects created with HP schema. Select this option if the directory server is

extended with the HP schema and you plan to use it.

—

Enable with Default Schema: selects directory authentication and authorization using

user accounts in the directory, which has not been extended with the HP schema. User

accounts and group memberships are used to authenticate and authorize users. Data

in the Group Administration page must be configured after you select this option. In

the Group Administration page, configure one or more directory groups by entering

the distinguished name of the group and privileges to be granted to users who are

members of that group.

—

Disable: Deactivates directory support on the iLO MP.

•

Local User Accounts: Includes or excludes access to local iLO MP user accounts. If local user

accounts are enabled, you can log into the iLO MP using locally stored user credentials. If

they are disabled, access is limited to valid directory credentials only.

NOTE:

Locally stored user accounts can be active while directory support is enabled. This

enables both local- and directory-based user access. If both directory authentication and

local user accounts are enabled, login is attempted using the directory first, then using local

accounts.

•

Directory Server IP Address: IP address of the directory server.

•

Directory Server LDAP Port: Port number for the secure LDAP service on the server. The

default value for this port is 636.

•

Distinguished Name: Specifies where this iLO MP instance is listed in the directory tree.

For example:

cn=MP Server,ou=Management Devices,o=hp

•

User Search Contexts (1,2,3): User name contexts are used to locate an object in the tree

structure of the directory server and applied to the login name entered to access the iLO

MP.

User name contexts are used to locate an object in the tree structure of the directory server

and applied to the login name entered to access the iLO MP. All objects listed in the directory

can be identified using their unique distinguished name. However, distinguished names

can be long, users might not know their distinguished names, or they might have accounts

in different directory contexts. Search contexts enables users to specify common directory

contexts, so that they do not have to enter their full distinguished name at login. iLO MP

attempts to authenticate a user in the directory first by the login name entered, and then by

applying user search contexts to that login name until login succeeds.

For example: Instead of logging in as cn=user,ou=engineering,o=hp, search context of

ou=engineering,o=hp enables a user to log in as user

When extended schema is selected and Active Directory is used as a directory server.

Microsoft Active Directory has an alternate user credential format. A user can log in as:

[email protected]

, in which case a search context of

@domain.hp.com

enables the

user to login as

user

Command line usage and scripting

LDAP [ -directory [ -ldap <d|x|s> ] [ -mp <e|d>]

[ -ip <hostname/ipaddr> ] [ -port <n>]

[ -dn <text> ] [ -1context <test>]

Using iLO