SOLVED
System recommended content:
Please click on "Thumbs Up/Kudo" icon to give a "Kudo".
Thank you for being a HPE valuable community member.
Hello,
You may refer to the following section of the iLO 5 User Guide for more information:
Creating and configuring directory objects for use with iLO in Active Directory
Management options added by the HPE Active Directory snap-ins
Directory authentication and authorization settings in iLO
User login using directory services
Directory services objects
Directory user contexts
Installing the iLO directory support software
iLO directory groups
Regards,
Views expressed herein are my personal opinion and are not the views of HPE
Hello,
Should I use "Directory Default Schema?"
I would recommend against using the extended schema unless you know for sure that is what you want. This option will permanently change your LDAP schema. You cannot back out of the extended schema easily.
Generic LDAP?
If it is active directory, then you should not use Generic LDAP.
Do I need to use a certificate?
You do not have to import the certificate and that step is optional.
1. You will need security group(s) configured in your AD.
2. You will need to ensure that your users that you want to provide access to are members of one of those security groups you have created.
3. Go to your iLO and specify the groups on the Administration -> Directory Groups page. You will need to supply the group DNs and SID for the security groups you put on this page, so you will need to get it from your AD. In MS AD, you can get the this by just using the Get-AdGroup <group name> command. You should then assign the appropriate permissions for the security group.
4. On the Security -> Directory settings page in the iLO you will need to enter the directory server address. You can use the IP, but it's best to use the FQDN of your domain (make sure DNS is configured on the iLO)
5. I would say it is very unlikely insecure LDAP is being used, so you should specify the secure port (normally 636).
6. Enter the search context where your LDAP users reside. You can get the DN from the same command used in step 3.
The above will normally work to get you connected to the LDAP server. If you run the test settings option on this page and it fails on "Connect using SSL" then you may have a problem with the SSL cert on your domain controller. It is sometimes necessary to install one in that case.
1. You will need security group(s) configured in your AD for the iLO access.
2. You will need to ensure that your users that you want to provide access to are members of one of those security groups you have created above.
3. Go to your iLO and specify the groups created in #1 on the Administration -> Directory Groups page. You will need to supply the group DNs and SID for the security groups you put on this page. You will need to get this information from your AD. In MS AD, you can get the this by just using the Get-AdGroup <group name> powershell command.
4. For each of the security groups created in #3, you will need to assign the appropriate permissions for their access to the iLO.
5. On the Security -> Directory settings page in the iLO you will need to enter the directory server address. You can use the IP, but it's best to use the FQDN of your domain (make sure DNS is configured on the iLO)
6. I would say it is very unlikely insecure LDAP is being used, so you should specify the secure port (normally 636).
7. Enter the search context where your LDAP users reside. You can get the DN from the same command used in step 3. One thing to be careful of when specifying the search context is making it too deep. If the active directory structure is very large it can cause iLO search queries to timeout. If the users in you AD are in multiple locations it is better to specify multiple search contexts.
The above will normally work to get you connected to the LDAP server. If you run the test settings option on this page and it fails on "Connect using SSL" then you may have a problem with the SSL cert on your domain controller. It is sometimes necessary to install one in that case.
Regards
I am an HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hello @bleep,
Let us know if you were able to resolve the issue.
If you have no further query and you are satisfied with the answer then kindly mark the topic as Solved so that it is helpful for all community members.
Sunitha G
I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hello @bleep,
That's Awesome!
We are extremely glad to know the problem has been resolved and we appreciate you for keeping us posted.
Sunitha G
I'm an HPE employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]