242
and then click Import.
10. Enter valid search contexts in one or more of the Directory User Context boxes.
11. Click Apply Settings.
12. To test the communication between the directory server and iLO, click Test Settings.
13. Optional: To configure directory groups, click Administer Groups to navigate to the
Directory Groups page.
Schema-free directory settings
• Generic LDAP—Specifies that this configuration uses the OpenLDAP supported BIND
method.
• Directory Server Address—Specifies the network DNS name or IP address of the directory
server. The directory server address can be up to 127 characters.
If you enter the FQDN, ensure that the DNS settings are configured in iLO.
NEC Corporation recommends using DNS round-robin when you define the directory server.
• Directory Server LDAP Port—Specifies the port number for the secure LDAP service on the
server. The default value is 636. If your directory service is configured to use a different port,
you can specify a different value. Make sure that you enter a secured LDAP port. iLO cannot
connect to an unsecured LDAP port.
• Directory User Contexts—These boxes enable you to specify common directory
subcontexts so that users do not need to enter their full DNs at login. Directory user
contexts can be up to 128 characters.
• Certificate Status—Specifies whether a directory server CA certificate is loaded.
If the status is Loaded, click View to display the CA certificate details. If no CA certificate is
loaded, the status Not Loaded is displayed. iLO supports SSL certificates up to 4 KB in size.
Directory user contexts
You can identify the objects listed in a directory by using unique DNs. However, DNs can be long,
users might not know their DNs, or users might have accounts in different directory contexts.
When you use user contexts, iLO attempts to contact the directory service by DN, and then
applies the search contexts in order until login is successful.
• Example 1—If you enter the search context ou=engineering,o=ab, you can log in as user
instead of logging in as cn=user,ou=engineering,o=ab.
• Example 2—If the IM, Services, and Training departments manage a system, the following
search contexts enable users in these departments to log in by using their common names:
◦ Directory User Context 1:ou=IM,o=ab
◦ Directory User Context 2:ou=Services,o=ab
◦ Directory User Context 3:ou=Training,o=ab
If a user exists in both the IM organizational unit and the Training organizational unit, login is
first attempted as cn=user,ou=IM,o=ab.
• Example 3 (Active Directory only)—Microsoft Active Directory allows an alternate user
To Next Page
Loading...
