Secure Web Server And Secure Ldap - IBM BladeCenter Management Module User Manual

Secure Web server and secure LDAP

Secure Sockets Layer (SSL) is a security protocol that provides communication
privacy. SSL enables applications to communicate in a way that is designed to
prevent eavesdropping, tampering, and message forgery.
You can configure the management module to use SSL support for two types of
connections: secure Web server (HTTPS) and secure LDAP connection (LDAPS).
The management module takes on the role of SSL client or SSL server depending
on the type of connection. The following table shows that the management module
42
BladeCenter Management Module: User's Guide
read-only and all other bits are mutually exclusive, with read-only
having the lowest precedence. That is, if any other bit is set, this bit
will be ignored.
– Networking and Security (bit position 3): If set, a user can modify the
settings in the Security, Network Protocols, and Network Interface
pages for MM Control. If set, a user can also modify the settings in
the Management page for I/O Module Tasks.
– User Account Management (bit position 4): If set, a user can add,
modify, and delete users and change the Global Login Settings in the
Login Profiles page.
– Blade server Remote Console Access (bit position 5): If set, a user
can access the remote server console.
– Blade server Remote Console and Virtual Media Access (bit position
6): If set, a user can access the remote server console and the virtual
media functions for the remote server.
– Blade and I/O Module Power/Restart Access (bit position 7): If set, a
user can access the power on and restart functions for the remote
blades servers and I/O Modules. These functions are available in the
Power/Restart pages.
– Basic Configuration (MM, I/O Modules, Blades) (bit position 8): If set,
a user can modify the General Settings and Alerts pages for MM
Control, and the Configuration page for Blade Tasks.
– Ability to Clear Event Logs (bit position 9): If set, a user can clear the
event logs. Everyone can look at the event logs, but this particular
permission is required to clear the logs.
– Advanced Configuration (MM, I/O Modules, Blades (bit position 10): If
set, a user has no restrictions when configuring the management
module, blade servers, I/O Modules, and VPD. This user can also
perform firmware upgrades on the management module or blade
servers, restore the management module to its factory default
settings, modify and restore the management-module configuration
from a configuration file, and restart or reset the management module.
– Reserved (bit position 11): Reserved for future use.
v If none of the bits are set, the default will be set to read-only for the user.
v Priority is given to login permissions retrieved directly from the user
record. If the user does not have the login permission attribute in its
record, an attempt will be made to retrieve the permissions from the
groups to which the user belongs. This is done as part of the group
authentication phase. The user will be assigned the inclusive OR of all
the bits for all of the groups. The Browser Only bit will be set only if all
the other bits are zero. If the Deny Always bit is set for any of the
groups, the user will be refused access. The Deny Always bit always has
precedence over every other bit.