Schema-free directory integration
Using the schema-free directory integration method, users and group memberships reside in the directory,
but group privileges reside in the individual iLO 2. iLO 2 uses login credentials to read the user object in
the directory and retrieve the user group memberships, which are compared to those stored in iLO 2. If
there is a match, authorization is granted. For example:
Advantages of using schema-free directory integration:
There is no need to extend the directory schema.
o
When ActiveX controls are enabled in the browser and login, NetBIOS and e-mail formats are
o
supported.
Little or no setup is required for users in the directory. If there is no setup, the directory uses
o
existing users and group memberships to access iLO 2. For example, if you have a domain
admin named User1, you can copy the distinguished name of the domain admin security group
over to iLO 2 and give it full privileges. User1 would then have access to iLO 2.
Disadvantages of using schema-free directory integration
Supports only Microsoft® Active Directory
o
Group privileges are administered on each iLO 2. However, this disadvantage is minimized by
o
group privileges rarely changing, and the task of changing group membership is administered in
the directory and not on each separate iLO 2. HP provides tools that enable changes to a large
number of iLO 2 to be made at the same time.
HP schema directory integration
HP schema directory integration consists of a class called hpqRole (which is a sub-class HP schema
directory integration and consists of a class called hpqRole (a subclass of Group), one called hpqTarget
(a sub-class of User), along with other helper classes. An instance of an hpqRole is simply a role. An
instance of an hpqTarget is equivalent to one iLO 2.
Directory services 136