Ldap: Ldap Group Administration - HP Integrity BL870c Operation Manual
Hp integrity ilo 2 operations guide, eleventh edition
Hide thumbs
Also See for Integrity BL870c:
- User's & service manual (179 pages) ,
- Installation manual (31 pages) ,
- Quickspecs (27 pages)
Table of Contents
Advertisement
NOTE:
enables both local- and directory-based user access. If both directory authentication and
local user accounts are enabled, login is attempted using the directory first, then using local
accounts.
•
Directory Server IP Address: IP address or host name of the directory server.
•
Directory Server LDAP Port: Port number for the secure LDAP service on the server. The
default value for this port is 636.
•
Distinguished Name: Specifies where this iLO 2 instance is listed in the directory tree. For
example: cn=MP Server,ou=Management Devices,o=hp
•
User Search Contexts (1,2,3): User name contexts that are applied to the login name entered
to access iLO 2.
User name contexts are used to locate an object in the tree structure of the directory server
and applied to the login name entered to access iLO 2. All objects listed in the directory can
be identified using their unique distinguished name. However, distinguished names can be
long, users might not know their distinguished names, or they might have accounts in
different directory contexts. Search contexts enables users to specify common directory
contexts, so that they do not have to enter their full distinguished name at login. iLO 2
attempts to authenticate a user in the directory first by the login name entered, and then by
applying user search contexts to that login name until login succeeds. For example:
Instead of logging in as cn=user,ou=engineering,o=hp, search context of
ou=engineering,o=hp enables a user to log in as user
When extended schema is selected and Active Directory is used as a directory server.
Microsoft Active Directory has an alternate user credential format. A user can log in as:
user@domain.hp.com, in which case a search context of @domain.hp.com enables the
user to login as user.
Command line usage and scripting:
LDAP [ -directory [ -ldap <d|x|s> ] [ -mp <e|d>]
| -groups
| -nc ]
-?
See also: LOGIN, US
LDAP: LDAP group administration
LDAP enters one or more directory groups by specifying the distinguished name of the group
and privileges to be granted to users who are members of that group.
You must configure group administration information when the directory is enabled with the
default schema.
The group administration section of the LDAP command enables users to enter one or more
directory groups by specifying the distinguished name of the group and privileges to be granted
to users who are members of that group.
When a user attempts to log in to iLO 2, iLO 2 reads that user's directory name in the directory
to determine which groups the user is a member of. iLO 2 compares this information with a list
of configured groups. The rights of all the matched groups are combined and assigned to that
user.
100
Using iLO 2
Locally stored user accounts can be active while directory support is enabled. This
[ -ip <hostname/ipaddr> ] [ -port <n>]
[ -dn <text> ] [ -1context <test>]
[ -2context <text>] [ -3context <text>]
[ -change <groupNo.> [ -dn <text>]
[ rights <e|d>]
<console|mp|power|user|virtual|all|none> ]
[ -list <groupNo.> ]]
Advertisement
Table of Contents
Troubleshooting
