HP rp3440 HP Integrity and HP 9000 iLO MP Operations Guide, Fifth Edition - Page 87
Administration > Directory Settings > Group Administration
View all HP rp3440 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 87 highlights
Table 6-17 LDAP Parameters Page Description Field Directory Authentication Description Choosing enable or disable, activates or deactivates directory support on the iLO MP: • Enable with Extended Schema: selects directory authentication and authorization using directory objects created with HP schema. Select this option if the directory server has been extended with the HP schema. • Enable with Default Schema: selects directory authentication and authorization using user accounts in the directory which has not been extended with the HP schema. User accounts and group memberships are used to authenticate and authorize users. Data in the Group Ad ministration page must be configured after this option is selected. Local User Accounts Includes or excludes access to local iLO MP user accounts. Locally-stored user accounts can be active while LDAP directory support is enabled. If local user accounts are enabled, you can log into the iLO MP using locally-stored user credentials. If they are disabled, access is limited to valid directory credentials only. Directory Server IP Address IP address of the directory server. Directory Server LDAP Port Port number for the secure LDAP service on the server. The default value for this port is 636. Distinguished Name Distinguished Name of the iLO MP. Specifies where this iLO MP instance is listed in the directory tree. Example: cn=MP Server,ou=Management Devices,o=hp User Search Contexts (1,2,3) User name contexts are used to locate an object in the tree structure of the directory server and applied to the login name entered to access the iLO MP. Submit Submits the information. Cancel Cancels the action. Administration > Directory Settings > Group Administration The Group Administration page (Figure 6-17) enables you to enter one or more directory groups by specifying the distinguished name of the group and privileges that should be granted to users who are members of that group. This page utilizes Lightweight Directory Access Protocol Light (LDAP Lite), which provides user authentication for access to the iLO MP without extending the schema on the LDAP server or snap-in installation on the client. Not extending the schema on the directory server means the directory server will not know anything about the iLO MP object or iLO MP privileges, and the only thing the iLO MP queries from the directory server is to authenticate the user name and password. NOTE: This functionality will only display if you have the iLO MP Advanced Pack license. For more information on the iLO MP Advanced Pack license, see Section : "iLO MP Advanced Pack License" (page 21). You must configure group administration information when the directory is enabled with the default schema. When a user attempts to login into the iLO MP, the iLO MP reads that user's directory name in the directory to determine the groups the user is a member of. The iLO MP compares this information with a list of groups configured by the user. The rights of all the matched groups are combined and assigned to that user. Web GUI 87