HP Integrated Lights-Out User Manual page 106

Schema-free directory integration—Using the schema-free directory integration method, users and group
memberships reside in the directory, but group privileges reside in the individual iLO. iLO uses login
credentials to read the user object in the directory and retrieve the user group memberships. These groups
are compared to those stored in iLO. If there is a match, authorization is granted. For example:
Advantages of using schema-free directory integration:
There is no need to extend the directory schema.
o
When ActiveX controls are enabled on the browser and login, NetBIOS and e-mail formats are
o
supported.
Little or no setup is required for users in the directory. If there is no setup,the directory uses
o
existing users and group memberships to access iLO. For example, if you have a domain admin
named User1, you can copy the distinguished name of the domain admin's security group over
to iLO and give it full privileges. User1 would then have access to iLO.
Disadvantages of using schema-free directory integration
Supports Microsoft Active Directory only
o
Group privileges are administered on each iLO. However, this disadvantage is minimized by
o
group privileges rarely changing, and the task of changing group membership is administered in
the directory and not on each separate iLO. HP provides tools that enable changes to a large
number of iLO to be made at the same time.
HP schema directory integration consists of a class called hpqRole (which is a sub-class of Group), one
called hpqTarget (a sub-class of User), along with other helper classes. An instance of an hpqRole is
simply a role. An instance of an hpqTarget is equivalent to one iLO.
A role contains one or more iLO and one or more users, and has a list of privileges that these users have
with the iLO in the role. All iLO access is managed by adding and removing users and iLO to and from
the role, and by managing the privileges on the role. For example:
Directory services 106