Configuring iLO 2 53
•
Directory Server Address—Enables you to specify the network DNS name or IP address of the
directory server. You can specify multiple servers, separated by a comma (,) or space ( ). If Use
Directory Default Schema is selected, enter a DNS name in the Directory Server Address field to
allow authentication with user ID. For example:
directory.hp.com
192.168.1.250, 192.168.1.251
•
Directory Server LDAP Port—Specifies the port number for the secure LDAP service on the server. The
default value for this port is 636. However, you can specify a different value if your directory service
is configured to use a different port.
•
iLO 2 Directory Properties—Identifies the LOM object in the directory tree. This information is used to
determine user access rights. You can configure iLO 2 with the password to the LOM object at this
time however, this information is not used until directory configuration support is provided.
•
LOM Object Distinguished Name—Specifies where this LOM instance is listed in the directory tree.
For example: cn=iLO 2 Mail Server,ou=Management Devices,o=hp
User search contexts are not applied to the LOM Object Distinguished Name when accessing the
directory server.
•
LOM Object Password—Specifies the password to the iLO 2 object that iLO 2 uses to verify the
directory for updates (LOM Object Distinguished Name).
•
Confirm Password—Verifies your LOM Object Password. If you alter the LOM Object Password,
reenter the new password in this field.
•
User Login Search Contexts enables you to specify common directory subcontexts so that users do
not need to enter their full distinguished name at login.
You can identify all objects listed in a directory using their unique distinguished names. However,
distinguished names can be long and users might not know their distinguished names, or have
accounts in different directory contexts. iLO 2 attempts to contact the directory service by
distinguishing name, and then applies the search contexts in order until successful.
Directory User Contexts specify user name contexts that are applied to the login name.
Example 1:
Instead of logging in as cn=user,ou=engineering,o=hp a search context of
ou=engineering,o=hp
allows login as
user
Example 2:
If a system is managed by Information Management, Services, and Training, search contexts like:
Directory User Context 1:ou=IM,o=hp
Directory User Context 2:ou=Services,o=hp
Directory User Context 3:ou=Training,o=hp
Allow users in any of these organizations to log in using just their common names. If a user exists in
both the IM organizational unit and the Training organizational unit, login is first attempted as
cn=user,ou=IM,o=hp.
Example 3 (Active Directory only):
Microsoft Active Directory allows an alternate user credential format. Search contexts in this format
cannot be tested except by successful login attempt. A user may login as:
in which case a search context of
@domain.hp.com
allows the user to login as
user