Login Process Using Directory Services With Hp Schema Extensions - HP AB500A - Integrated Lights-Out Advanced Technology Brief
Hp integrated lights-out security, 6th edition
Hide thumbs
Also See for AB500A - Integrated Lights-Out Advanced:
- User manual (235 pages) ,
- Configuration (39 pages) ,
- Technology brief (24 pages)
Table of Contents
Advertisement
(Figure 6). The iLO Status Summary screen provides general information about iLO, such as all logged
in users, server name and status, iLO IP address and name, and latest log entry data. At that point,
the login process is complete. The iLO processor has fully authenticated the user who can then
perform authorized functions.
Figure 6. Example of iLO Status Summary page
Login process using directory services with HP schema extensions
Administrators can choose to enable directory services to authenticate users and authorize user
privileges for groups of iLO management processors. The iLO directory services feature uses the
industry-standard Lightweight Directory Access Protocol (LDAP). Information about LDAP is provided in
"
Appendix C: LDAP/LDAPS definitions
directory services information securely to the directory servers. More information about directory
services is available from the HP website at:
http://h18004.www1.hp.com/products/servers/management/directorysupp/index.html
Using directory services, the login process includes the steps illustrated in Figure 7. After the web
browser sends the cookie to iLO, the iLO processor extracts the user credentials from the cookie and
accesses the directory service to determine which roles are available. First, iLO uses the credentials to
access the iLO device object in the directory. The directory service returns only the roles for which the
user has rights. If the user credentials allow read access to the iLO device object and the role object,
iLO determines the distinguished name
Then, iLO calculates the current user privileges based on those roles and returns the iLO Status
Summary page to the client browser.
5
This happens when the user is a member of the role object or if the user is granted read access to the iLO and
role objects.
6
The distinguished name is the name that LDAP uses to access devices or objects in the directory.
" of this document. HP layers LDAP on top of SSL to transmit the
(DN) of the role object and the associated user privileges.
6
.
5
13
Advertisement
Table of Contents
