Table of Contents
Advertisement
To use this format, you must enable Generic LDAP on the Security - Directory page.
Directory Server CA Certificate
During LDAP authentication, iLO validates the directory server certificate if the CA certificate is already
imported. For successful certificate validation, make sure that you import the correct CA certificate. If
certificate validation fails, iLO login is denied and an event is logged. If no CA certificate is imported, the
directory server certificate validation step is skipped.
To verify SSL communication between the directory server and iLO, click Test Settings.
Local user accounts with Kerberos authentication and directory integration
Local user accounts can be active when you configure iLO to use a directory or Kerberos authentication.
In this configuration, you can use local and directory-based user access.
Consider the following:
•
When local user accounts are enabled, configured users can log in by using locally stored user
credentials.
•
When local accounts are disabled, user access is limited to valid directory credentials.
•
Do not disable local user access until you have validated access through Kerberos or a directory.
•
When you use Kerberos authentication or directory integration, Hewlett Packard Enterprise
recommends enabling local user accounts and configuring a user account with administrator
privileges. This account can be used if iLO cannot communicate with the directory server.
•
Access through local user accounts is enabled when directory support is disabled or an iLO license is
revoked.
Running directory tests
Directory tests enable you to validate the configured directory settings. The directory test results are reset
when directory settings are saved, or when the directory tests are started.
Procedure
1. Click Security in the navigation tree, and then click the Directory tab.
2. At the bottom of the Directory page, click Test Settings.
iLO displays the results of a series of simple tests designed to validate the directory settings. After
your directory settings are configured correctly, you do not need to rerun these tests. The Directory
Tests page does not require you to log in as a directory user.
3. In the Directory Test Controls section, enter the DN and password of a directory administrator in the
Directory Administrator Distinguished Name and Directory Administrator Password boxes.
Hewlett Packard Enterprise recommends that you use the same credentials that you used when
creating the iLO objects in the directory. iLO does not store these credentials; they are used to verify
the iLO object and user search contexts.
4. In the Directory Test Controls section, enter a test user name and password in the Test User Name
and Test User Password boxes.
5. Click Start Test.
Several tests begin in the background, starting with a network ping of the directory user by
establishing an SSL connection to the server and evaluating user privileges.
254
Directory Server CA Certificate
Advertisement
Table of Contents
Troubleshooting
