- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Help configure Active Directory on iLO 5
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2024 03:27 AM
тАО02-28-2024 03:27 AM
Hi!
I am fairly new in my job and I've been tasked with configuring Active Directory in iLO5. Is there anyone that could help me a bit? I'm fairly new to Active Directory but have an okay understanding and I have managed to set it up on another server we use (in iRMC).
- Should I use "Directory Default Schema?"
- Generic LDAP?
- Do I need to use a certificate?
I have entered the Directory Server Address (IP), using Non-SSL port, and for Directory User Context 1 i put @my.domain
In the user guide, when searching for "Active Directory" I only seemed to find guide for using HSE Extended Schema, but my understanding is that I then need some sort of plugin, which is out of the question for our use case.
Any help would be much appreciated
Solved! Go to Solution.
- Tags:
- Active Directory
- iLO5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2024 04:28 AM
тАО02-28-2024 04:28 AM
Query: Help configure Active Directory on iLO 5
System recommended content:
Please click on "Thumbs Up/Kudo" icon to give a "Kudo".
Thank you for being a HPE valuable community member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2024 10:54 PM
тАО02-28-2024 10:54 PM
Re: Help configure Active Directory on iLO 5
Hello,
You may refer to the following section of the iLO 5 User Guide for more information:
Creating and configuring directory objects for use with iLO in Active Directory
Management options added by the HPE Active Directory snap-ins
Directory authentication and authorization settings in iLO
User login using directory services
Directory services objects
Directory user contexts
Installing the iLO directory support software
iLO directory groups
Regards,
Views expressed herein are my personal opinion and are not the views of HPE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-29-2024 11:31 AM
тАО02-29-2024 11:31 AM
SolutionHello,
Should I use "Directory Default Schema?"
I would recommend against using the extended schema unless you know for sure that is what you want. This option will permanently change your LDAP schema. You cannot back out of the extended schema easily.
Generic LDAP?
If it is active directory, then you should not use Generic LDAP.
Do I need to use a certificate?
You do not have to import the certificate and that step is optional.
1. You will need security group(s) configured in your AD.
2. You will need to ensure that your users that you want to provide access to are members of one of those security groups you have created.
3. Go to your iLO and specify the groups on the Administration -> Directory Groups page. You will need to supply the group DNs and SID for the security groups you put on this page, so you will need to get it from your AD. In MS AD, you can get the this by just using the Get-AdGroup <group name> command. You should then assign the appropriate permissions for the security group.
4. On the Security -> Directory settings page in the iLO you will need to enter the directory server address. You can use the IP, but it's best to use the FQDN of your domain (make sure DNS is configured on the iLO)
5. I would say it is very unlikely insecure LDAP is being used, so you should specify the secure port (normally 636).
6. Enter the search context where your LDAP users reside. You can get the DN from the same command used in step 3.
The above will normally work to get you connected to the LDAP server. If you run the test settings option on this page and it fails on "Connect using SSL" then you may have a problem with the SSL cert on your domain controller. It is sometimes necessary to install one in that case.
1. You will need security group(s) configured in your AD for the iLO access.
2. You will need to ensure that your users that you want to provide access to are members of one of those security groups you have created above.
3. Go to your iLO and specify the groups created in #1 on the Administration -> Directory Groups page. You will need to supply the group DNs and SID for the security groups you put on this page. You will need to get this information from your AD. In MS AD, you can get the this by just using the Get-AdGroup <group name> powershell command.
4. For each of the security groups created in #3, you will need to assign the appropriate permissions for their access to the iLO.
5. On the Security -> Directory settings page in the iLO you will need to enter the directory server address. You can use the IP, but it's best to use the FQDN of your domain (make sure DNS is configured on the iLO)
6. I would say it is very unlikely insecure LDAP is being used, so you should specify the secure port (normally 636).
7. Enter the search context where your LDAP users reside. You can get the DN from the same command used in step 3. One thing to be careful of when specifying the search context is making it too deep. If the active directory structure is very large it can cause iLO search queries to timeout. If the users in you AD are in multiple locations it is better to specify multiple search contexts.
The above will normally work to get you connected to the LDAP server. If you run the test settings option on this page and it fails on "Connect using SSL" then you may have a problem with the SSL cert on your domain controller. It is sometimes necessary to install one in that case.
Regards
I am an HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2024 01:16 AM
тАО03-08-2024 01:16 AM
Re: Help configure Active Directory on iLO 5
Hello @bleep,
Let us know if you were able to resolve the issue.
If you have no further query and you are satisfied with the answer then kindly mark the topic as Solved so that it is helpful for all community members.
Sunitha G
I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2024 01:29 AM
тАО03-08-2024 01:29 AM
Re: Help configure Active Directory on iLO 5
Thanks a lot of the thorough reply! Was very helpful and i got it working!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-11-2024 12:00 AM
тАО03-11-2024 12:00 AM
Re: Help configure Active Directory on iLO 5
Hello @bleep,
That's Awesome!
We are extremely glad to know the problem has been resolved and we appreciate you for keeping us posted.
Sunitha G
I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]