Table of Contents
Advertisement
NOTE:
calling the Windows® ActiveX control. If this happens, your browser displays a warning
message in the status bar, message box, or might stop responding. To help identify what
software or setting is causing the problem, create another profile and log in to the system.
In some cases, it might not be possible to get the maximum login flexibility option to work. For instance, if
the client and iLO are in different DNS domains, one of the two might not be able to resolve the directory
server name to an IP address.
Schema-free nested groups
Many organizations have users and administrators arranged into groups. Having this arrangement of
existing groups is convenient because you can associate them with one or more Integrated Lights-Out
Management role objects. When the devices are associated with the role objects, you can use the
administrator controls to access the Lights-Out devices associated with the role by adding or deleting
members from the groups.
When using Microsoft® Active Directory, you can place one group within another group, creating a
nested group. Role objects are considered groups and can include other groups directly. You can add the
existing nested group directly to the role and assign the appropriate rights and restrictions. New users
can be added to either the existing group or the role.
In previous implementations, only a schema-less user who was a direct member of the primary group was
allowed to log in to iLO. Using schema-free integration, users who are indirect members (a member of a
group which is a nested group of the primary group) are allowed to login to iLO.
Novell eDirectory does not allow nested groups. In eDirectory, any user that can read a role is considered
a member of that role. When adding an existing group, organizational unit or organization to a role,
add the object as a read trustee of the role. All the members of the object are considered members of the
role. New users can be added to either the existing object or the role.
When using trustee or directory rights assignments to extend role membership, users must be able to read
the LOM object representing the LOM device. Some environments require the same trustees of a role to
also be read trustees of the LOM object to successfully authenticate users.
Setting up HP schema directory integration
When using the HP schema directory integration, iLO supports both Active Directory and eDirectory.
However, these directory services require the schema being extended.
Features supported by HP schema directory integration
iLO Directory Services functionality enables you to:
Authenticate users from a shared, consolidated, scalable user database.
Control user privileges (authorization) using the directory service.
Use roles in the directory service for group-level administration of iLO management processors and
iLO users.
Extending the schema must be completed by a Schema Administrator. The local user database is
retained. You can decide not to use directories, to use a combination of directories and local accounts, or
to use directories exclusively for authentication.
Your system security settings or installed software might prevent the login script from
Directory services 111
Advertisement
Table of Contents
Troubleshooting
