Standards—Lights-Out directory support builds on top of the LDAP 2.0 standard for secure directory access.

How directory integration works

Schema-free

At the login page, enter a login name and a password. If ActiveX is enabled in the browser, the login name is converted to the directories DN format and stored in a security cookie in the browser. The browser then loads the home page for RILOE II.

RILOE II reads the security cookie and extracts the DN for each page displayed. RILOE II reads the directory object pointed to by the DN. RILOE II then determines what groups the object is a member of and compares this information with a list kept in RILOE II. If there is a match, then the privileges associated with this group in RILOE II determine whether you have access to the page requested.

When using a schema-free directory configuration, after you attempt to log in to RILOE II, RILOE II attempts to read your object in the directory to determine what groups you are a member of. RILOE II compares the list of groups to group names RILOE II is configured to recognize. If RILOE II finds a match, RILOE II determines what privileges you have based on the privileges configured for that group in RILOE II.

If you are a member of any group that RILOE II recognizes, you have login rights to RILOE II, regardless of what rights are associated with the group. User rights are a combination of all rights for the groups you are a member of that RILOE II recognizes.

If at login the ActiveX control does not run, then the complete login name or the login name prepended with a user context is used for the directory lookup process. For this to work, the login name must either be in full DN format or in a format that the combination of the login name with a user context is made into a full DN.

HP Extended schema

Refer to the "Directory-enabled remote management (on page 103)" section.

Advantages and disadvantages of schema-free and HP Extended schema

Before configuring RILOE II for directories, you must decide whether to use the directory's schema-free option (the default schema) or the HP Extended schema option.

The advantages of using the schema-free option are:

There is no need to extend the directory's schema.

When ActiveX controls are enabled on the browser, logging in using NetBIOS and e-mail formats is supported.

The advantages of using the HP Extended schema option are:

There is much more flexibility in controlling access. For example, access can be limited to a time of day or from a certain range of IP addresses.

Groups are maintained in the directory, not on each RILOE II.

eDirectory works only with RILOE II using the HP Extended schema.

Directory services 76

Page 76
Image 76
HP 232664-006 manual How directory integration works, Schema-free, HP Extended schema