Setup For Schema-Free Directory Integration; Integration" On - HP Integrated Lights-Out User Manual

Integrated lights-out firmware 1.91

Hide thumbs Also See for Integrated Lights-Out:

User manual (410 pages)

Technology brief (24 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

Table of Contents

Advantages of using HP schema directory integration:

Greater flexibility controlling access. For example, you can limit access to a time of day, or from

a certain range of IP addresses.

Groups and permissions are maintained in the directory, not on each iLO, and HP provides the

snap-ins required for managing HP groups and targets for Active Directory Users and Computers,

and eDirectory ConsoleOne.

Integration with eDirectory

Disadvantages of HP schema directory integration

The directory schema must be extended. However, this task is minimized because HP provides the

.kdf file and a wizard to extend the schema, and later versions of Active Directory enable you to

undo schema changes.

For information on how to extend the schema and configuration of directory settings information, see

"Integrating HP ProLiant Lights-Out processors with Microsoft® Active Directory

(http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf)."

Certificate requirements

iLO must communicate with the directory using LDAP over SSL. This communication requires the

directory server to have a certificate. Installing the certificate for the domain replicates it throughout

the domain controllers in the domain. For information about installing the certificate, refer to the

Customer Advisory available on the HP website

(http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_EM030604_

CW01&locale=en_US).

Failover options

To enable failover (redundancy), use the domain name as the directory server name when

configuring iLO. Most DNS servers resolve a domain name to a working directory server (domain

controller).

NetBIOS, UPN, and distinguished name formats are accepted for login names. The login script for

iLO calls down to the operating system of the client system and attempts to translate the login name

into a directory distinguished name. For the login script to do this, the directory name must be a

DNS name, not an IP address. Also, both the client and iLO must be able to access the directory

server using the same name. Both the client and iLO must be in the same DNS domain.

Multiple targets

You do not need to use multiple targets in the directory. HP schema directory integration only

requires one hpqTarget object, which can represent many LOM devices.