162 User Guide Integrated Lights-Out

User rights to any iLO are calculated as the sum of all the rights assigned by all the roles in which the user is a member, and in which the iLO is a Managed Device. Following the preceding examples, if a user is in both the remoteAdmins and remoteMonitors roles, they will have all the rights, because the remoteAdmins role has those rights.

To configure iLO and associate it with a Lights-Out Management object used in this example, use settings similar to the following on the Directory Settings screen.

RIB Object DN = cn=rib-email- server,ou=RILOES,dc=testdomain,dc=local Directory User Context 1 = cn=Users,dc=testdomain,dc=local

For example, to gain access, user Mel Moore, with the unique ID MooreM, located in the users organizational unit within the testdomain.local domain, who is also a member of one of the remoteAdmins or remoteMonitors roles, would be allowed to log in to the iLO. They would enter testdomain\moorem, or moorem@testdomain.local, or Mel Moore, in the Login Name field of the iLO login screen, and use their Active Directory password in the Password field of that screen.

Directory Services Objects

One of the keys to directory-based management is proper virtualization of the managed devices in the directory service. This virtualization allows the administrator to build relationships between the managed device and user or groups already contained within the directory service. User management of iLO requires three basic objects in the directory service:

Lights-Out Management object

Role object

User objects

Each object represents a device, user, or relationship that is required for directory-based management.

NOTE: After the snap-ins are installed, ConsoleOne and MMC must be restarted to show the new entries.