How Directory Login Restrictions Are Enforced; Restricting Roles - HP AB500A - Integrated Lights-Out Advanced User Manual

Hp integrated lights-out 2 user guide for firmware 1.75 and 1.77

Hide thumbs Also See for AB500A - Integrated Lights-Out Advanced:

Technology brief (43 pages)

Configuration (39 pages)

Technology brief (24 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

Table of Contents

How directory login restrictions are enforced

Two sets of restrictions potentially limit a directory user's access to LOM devices. User access restrictions

limit a user's access to authenticate to the directory. Role access restrictions limit an authenticated user's

ability to receive LOM privileges based on rights specified in one or more Roles.

Restricting roles

Restrictions allow administrators to limit the scope of a role. A role only grants rights to those users that

satisfy the role's restrictions. Using restricted roles results in users with dynamic rights that can change

based on the time of day or network address of the client.

IMPORTANT:

the user has read access to a Role object that contains the corresponding iLO 2 object. This

includes but is not limited to the members listed in the role object. If the Role is set up to allow

inheritable permissions to propagate from a parent, then members of the parent which have

read access privileges will also have access to iLO 2. To view the access control list, navigate

to Users and Computers, open the properties screen for the Role object and select the Security

tab.

For step-by-step instructions on how to create network and time restrictions on a role, refer to "Active

Directory Role Restrictions (on page 154)" or "eDirectory Role Restrictions (on page 162)" sections.

Role time restrictions

Administrators can place time restrictions on LOM roles. Users are granted the rights specified for the

LOM devices listed in the role, only if they are members of the role and meet the time restrictions for that

role.

LOM devices use local host time to enforce time restrictions. If the LOM device clock is not set, the role

time restriction fails unless no time restrictions are specified on the role.

Role-based time restrictions can only be satisfied if the time is set on the LOM device. The time is normally

set when the host is booted, and it is maintained by running the agents in the host operating system,

which allows the LOM device to compensate for leap year and minimize clock drift with respect to the

When directories are enabled, access to a particular iLO 2 is based on whether

Directory-enabled remote management 168

Table of Contents

Troubleshooting

This manual is also suitable for:

Xw460c - proliant - blade workstation

How Directory Login Restrictions Are Enforced; Restricting Roles - HP AB500A - Integrated Lights-Out Advanced User Manual

How directory login restrictions are enforced

Restricting roles

Troubleshooting

Related Manuals for HP AB500A - Integrated Lights-Out Advanced

Related Content for HP AB500A - Integrated Lights-Out Advanced

This manual is also suitable for:

Table of Contents