Table of Contents
Advertisement
Directory services
In this section
Overview of directory integration ........................................................................................................... 104
Benefits of directory integration.............................................................................................................. 104
Advantages and disadvantages of schema-free directories and HP schema directory ................................... 105
Setup for Schema-free directory integration ............................................................................................. 107
Setting up HP schema directory integration ............................................................................................. 111
Overview of directory integration
iLO can be configured to use a directory to authenticate and authorize its users. Before configuring iLO
for directories, you must decide whether or not you want to use the HP Extended schema option.
The advantages of using the HP Extended schema option are:
There is much more flexibility in controlling access. For example, access can be limited to a time of
day or from a certain range of IP addresses.
Groups are maintained in the directory, not on each iLO.
RILOE and RILOE II only work with HP Extended schema. (Schema-free will be added to RILOE II at
later date.)
iLO, RILOE, and RILOE II will only work with eDirectory with HP Extended schema.
See the comprehensive list of benefits in the "Benefits of directory integration (on page 104)" section. The
"Directory-enabled remote management (on page 134)" section details how roles, groups, and security is
enabled and enforced using directories. There are also white papers available for more information on
directory integration on the HP website (http://www.hp.com/servers/lights-out).
Benefits of directory integration
Scalability—The directory can be leveraged to support thousands of users on thousands of iLOs.
Security—Robust user password policies are inherited from the directory. User password complexity,
rotation frequency, and expiration are policy examples.
Anonymity (lack thereof)—In some environments, users share Lights-Out accounts, which results in the
lack of knowing who performed an operation, instead of knowing what account (or role) was used.
Role-based administration—You can create roles (for instance, clerical, remote control of the host,
complete control) and associate users or user groups with those roles. A change at a single role
applies to all users and Lights-Out devices associated with that role.
Single point of administration—You can use native administrative tools like MMC and ConsoleOne
to administrate Lights-Out users.
Immediacy—A single change in the directory rolls-out immediately to associated Lights-Out
processors. This eliminates the need to script this process.
Directory services 104
Advertisement
Table of Contents
Troubleshooting
