Using Existing Groups; Using Multiple Roles - HP Integrated Lights-Out User Manual

Integrated lights-out firmware 1.91

Hide thumbs Also See for Integrated Lights-Out:

User manual (410 pages)

Technology brief (24 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

Table of Contents

Using existing groups

Many organizations will have their users and administrators arranged into groups. In many cases, it is

convenient to use the existing groups and associate the groups with one or more Lights-Out Management

role objects. When the devices are associated with the role objects, the administrator controls access to

the Lights-Out devices associated with the role by adding or deleting members from the groups.

When using Microsoft® Active Directory, it is possible to place one group within another or nested

groups. Role objects are considered groups and can include other groups directly. Add the existing

nested group directly to the role, and assign the appropriate rights and restrictions. New users can be

added to either the existing group or the role.

Novell eDirectory does not allow nested groups. In eDirectory, any user that can read a role is considered

a member of that role. When adding an existing group, organizational unit or organization to a role,

add the object as a read trustee of the role. All the members of the object are considered members of the

role. New users can be added to either the existing object or the role.

When using trustee or directory rights assignments to extend role membership, users must be able to read

the LOM object representing the LOM device. Some environments require the same trustees of a role to

also be read trustees of the LOM object to successfully authenticate users.

Using multiple roles

Most deployments do not require the same user to be in multiple roles managing the same device.

However, these configurations are useful for building complex rights relationships. When building

multiple-role relationships, users receive all the rights assigned by every applicable role. Roles can only

grant rights, never revoke them. If one role grants a user a right, then the user has the right, even if the

user is in another role that does not grant that right.

Typically, a directory administrator creates a base role with the minimum number of rights assigned and

then creates additional roles to add additional rights. These additional rights are added under specific

circumstances or to a specific subset of the base role users.

For example, an organization can have two types of users, administrators of the LOM device or host

server and users of the LOM device. In this situation, it makes sense to create two roles, one for the

administrators and one for the users. Both roles include some of the same devices but grant different

rights. Sometimes, it is useful to assign generic rights to the lesser role and include the LOM administrators

in that role, as well as the administrative role.

An admin user gains the login right from the regular user group. More advanced rights are assigned

through the Admin role, which assigns additional rights—Server Reset and Remote Console.

Directory-enabled remote management 135

Table of Contents

Using Existing Groups; Using Multiple Roles - HP Integrated Lights-Out User Manual

Using existing groups

Using multiple roles

Troubleshooting

Related Manuals for HP Integrated Lights-Out

Related Content for HP Integrated Lights-Out

Table of Contents