10.Click Apply and OK. Members of the remoteMonitors role are able to authenticate and view the server status.

User rights to any iLO 2 are calculated as the sum of all the rights assigned by all the roles in which the user is a member and the iLO 2 is a managed device. Following the preceding examples, if a user is included in both the remoteAdmins and remoteMonitors roles, he or she has all the rights of those roles, because the remoteAdmins role also has those rights.

To configure iLO 2 and associate it with an iLO 2 object, use settings similar to the following (based on the preceding example) in the iLO 2 Directory Settings text user interface:

RIB Object DN = cn=lpmp,ou=MPs,dc=mpiso,dc=com

Directory User Context 1 = cn=Users,dc=mpiso,dc=com

For example, user Mel Moore (with the unique ID MooreM, located in the Users organizational unit within the mpiso.com domain, and a member of one of the remoteAdmins or remoteMonitors roles) would be allowed to log in to the iLO 2. To log in, he would enter mpiso moorem, or moorem@mpiso.com, or Mel Moore, in the Login Name field of the iLO 2 login, and use his Active Directory password in the Password field.

Directory Services Objects

One of the keys to directory-based management is proper virtualization of the managed devices in the directory service. This virtualization enables the administrator to build relationships between a managed device and user or groups already contained within the directory service. The iLO 2 user management requires the following basic objects in the directory service:

iLO 2

Role

User

Each object represents a device, user, or relationship that is required for directory-based management.

NOTE: After you install the snap-ins, restart ConsoleOne and MMC to display the new entries.

After the snap-in is installed, you can create iLO 2 objects and roles in the directory. Using the Users and Computers tool, you can:

Create iLO 2 objects and role objects.

Add users to the role objects.

Set the rights and restrictions of the role objects.

Active Directory Snap-Ins

The following sections discuss the additional management options available in Active Directory Users and Computers after you have installed the HP snap-ins.

Managing HP Devices In a Role

To add HP devices to be managed in a role, use the HP Devices tab (Figure 7-8).

To browse to a specific HP device and add it to the list of member devices, click Add.

To browse to a specific HP device and remove it from the list of member devices, click

Remove.

158 Installing and Configuring Directory Services

Page 157 Page 159
Page 158
Image 158
HP Integrity iLO 2 MP 5991-6005 manual Directory Services Objects, Active Directory Snap-Ins, Managing HP Devices In a Role
Page 157 Page 159
Top Page Image Contents