243
credential format. A user can log in as user@domain.example.com. Entering the search
context @domain.example.com allows the user to log in as user. Only a successful login
attempt can test search contexts in this format.
• Example 4 (OpenLDAP user)—If a user has the DN UID=user,ou=people,o=ab, and you
enter the search context ou=people,o=ab, the user can log in as user instead of entering
the DN.
Directory Server CA Certificate
During LDAP authentication, iLO validates the directory server certificate if the CA certificate is
already imported. For successful certificate validation, make sure that you import the correct CA
certificate. If certificate validation fails, iLO login is denied and an event is logged. If no CA
certificate is imported, the directory server certificate validation step is skipped.
To verify SSL communication between the directory server and iLO, click Test Settings.
Local user accounts with Kerberos authentication and directory integration
Local user accounts can be active when you configure iLO to use a directory or Kerberos
authentication. In this configuration, you can use local and directory-based user access.
Consider the following:
• When local user accounts are enabled, configured users can log in by using locally stored
user credentials.
• When local accounts are disabled, user access is limited to valid directory credentials.
• Do not disable local user access until you have validated access through Kerberos or a
directory.
• When you use Kerberos authentication or directory integration, NEC Corporation
recommends enabling local user accounts and configuring a user account with administrator
privileges. This account can be used if iLO cannot communicate with the directory server.
• Access through local user accounts is enabled when directory support is disabled or an iLO
license is revoked.
Running directory tests
Directory tests enable you to validate the configured directory settings. The directory test results
are reset when directory settings are saved, or when the directory tests are started.
Procedure
1. Click Security in the navigation tree, and then click the Directory tab.
To Next Page
Loading...
