Extending The Directory Schema; Roles - HP AB500A - Integrated Lights-Out Advanced Configuration

Software
http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lan
HP Smart
g=en&cc=us&prodTypeId=18964&prodSeriesId=1146658&prodNameId=1135772
Component
&swEnvOID=1005&swLang=8&mode=2&taskId=135&swItem=MTX-UNITY-I23896
installation for
directories support
Note:
The directory integration package runs under Windows only but has general
content applicable to other OS.
This software includes:
• Schema Installer, which extends the existing directory schema.
• Management Snap-in Installer, which provides snap-ins to manage iLO objects in an existing
directory-enabled IT environment.
• Migration Utilities (HPQLOMIG.EXE and HPQLOMGC.EXE), which automate the process of
upgrading the firmware. The utilities also configure the iLO management processors (objects), turn
on directory authentication, and create the iLO objects in the directory.

Extending the directory schema

The schema is a set of rules that define the directory (in terms of tree structure), object types, object
attributes, and relationships. However, the base (or initial) schema does not define all of the objects
that can be stored within the directory. For example, the base schema does not recognize an iLO
management processor as an object and is not aware of its attributes or relationships. Therefore, the
schema must be extended to define the iLO management processor in terms of object classes and
attributes within the schema.
HP recommends that the administrator carefully review the document Integrating HP ProLiant Lights-
Out processors with Microsoft® Active Directory before deploying any iLO management processors
within the directory. This schema works on all directories that are compliant with LDAP version 3.
These integration notes are available in 'For more information' section at the end of this paper.
When using Microsoft Active Directory and the HP schema extensions, the administrator must make
changes to the directory server before extending the schema. The schema extensions cannot be
removed after they are installed. Therefore, it is very important that the administrator understands the
changes that will be made before extending the schema. The schema extension tool will require the IP
address or DNS name of the server that owns the schema master role. The administrator must use the
Active Directory Schema Tool to configure that server to allow schema updates.
When deploying iLO to use Microsoft Active Directory with the default schema method, it is not
necessary to install the HP schema extensions as the iLO will use native Active Directory groups.
If the Microsoft Active Directory schema has already been extended with the HP schema, this will not
prevent iLOs that use the default schema method from authenticating. Therefore, some iLO devices
can be configured to use the HP schema, and others can be configured for the default schema.
However, a single iLO device cannot be configured to use both simultaneously.

Roles

Using role-based access allows the administrator to control user access to iLO objects and the rights
and privileges available to them in that role. For example, the administrator might set up a role called
"local admin" and another role called "regional admin." Someone defined as having the role of
Location
16