Table of Contents
Advertisement
Login Process Using Directory Services with Extended LDAP
You can choose to enable directory services to authenticate users and authorize user privileges
for groups of iLO 2 MPs. The iLO 2 MP directory services feature uses the industry-standard
LDAP. HP layers LDAP on top of SSL to transmit the directory services information securely to
the directory servers. More information about directory services is available from the HP website
at:
http://www.hp.com/servers/lights-out
Using directory services after users enter their login and password, the browser sends the cookie
to the iLO 2 MP. The iLO 2 MP processor accesses the directory service to determine which roles
are available for that user login. The iLO 2 MP first uses the credentials to access the iLO 2 MP
device object in the directory. The directory service returns only the roles for which the user has
rights. If the user credentials allow read access to the iLO 2 MP device object and the role object,
the iLO 2 MP determines the role object's distinguished name and the associated user privileges.
The iLO 2 MP then calculates the current user privileges based on those roles and grants them
to that user.
Configuring LDAP Lite Default Schema
IMPORTANT:
may not run. You must change any scripts you developed to enable them to run with the new
LDAP Lite syntax.
The iLO 2 MP schema-free directory integration enables you to use the standard directory schema
instead of adding HP's schema to the directory database. You accomplish this by authenticating
users from the directory database and authorizing iLO 2 MP privileges based on matching groups
stored on each iLO 2 MP.
NOTE:
The LDAP Lite feature is available only if you have the iLO 2 MP Advanced Pack license.
In addition to general directory integration benefits, the iLO 2 MP schema-free integration
provides the following advantages:
56
Configuring DHCP, DNS, LDAP, and LDAP Lite
Due to command syntax changes in LDAP Lite, some customer-developed scripts
Advertisement
Table of Contents
