HP 232664-006 Directory-enabledremote management, Introduction to directory-enabledremote management, Creating roles to follow organizational structure

Directory-enabled remote management

In this section
Introduction to directory-enabled remote management ..............................................................................	103
Creating roles to follow organizational structure ......................................................................................	103
How directory login restrictions are enforced...........................................................................................	105
Using bulk import tools..........................................................................................................................	108

Introduction to directory-enabled remote management

This section is for administrators who are familiar with directory services and the RILOE II product and want to use the HP schema directory integration option for RILOE II. You must be familiar with the “Directory services (on page 75)" section and comfortable with setting up and understanding the examples.

Directory-enabled remote management enables you to:

•Create Lights-Out Management Objects

You must create one LOM device object to represent each device that will use the directory service to authenticate and authorize users. Refer to the "Directory services (on page 75)" section for additional information on creating LOM device objects for Active Directory ("Directory services for Active Directory" on page 83) and eDirectory ("Directory services for eDirectory" on page 92 ). In general, you can use the HP provided snap-ins to create objects. It is useful to give the LOM device objects meaningful names, such as the device network address, DNS name, host server name, or serial number.

•Configure the Lights-Out management devices

Every LOM device that uses the directory service to authenticate and authorize users must be configured with the appropriate directory settings. Refer to "Configuring directory settings" for details on the specific directory settings. In general, you can configure each device with the appropriate directory server address, LOM object distinguished name, and any user contexts. The server address is either the IP address or DNS name of a local directory server or, for more redundancy, a multi-host DNS name.

Creating roles to follow organizational structure

Often, the administrators within an organization are placed into a hierarchy in which subordinate administrators must assign rights independently of ranking administrators. In this case, it is useful to have one role that represents the rights assigned by higher-level administrators and to allow the subordinate administrators to create and manage their own roles.

Using existing groups

Many organizations will have their users and administrators arranged into groups. In many cases, it is convenient to use the existing groups and associate the groups with one or more Lights-Out Management role objects. When the devices are associated with the role objects, the administrator controls access to the Lights-Out devices associated with the role by adding or deleting members from the groups.

Directory-enabled remote management 103