- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- How to set the Directory User Context
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2013 03:50 PM
03-14-2013 03:50 PM
How to set the Directory User Context
I would like to hook our HP DL380 G7's (ILO3) to our 389 Directory Server.
I've attempted to add the server under Administration->Directory->Security->Directory,
But I'm not sure how to set the Directory User Context.
Also, when I try to test the settings, it succeeds at contacting the LDAP server, but fails at the SSL step.
Do you have any example configs for how to set up ILO3 with 389 Directory/Red Hat Directory, or OpenLDAP?
To hook the ILO up to our 389 Directory installation. I have the following set:
LDAP Directory Authentication: Use Directory Default Schema
Port: 636
Directory Server Address: la1-ldap01.w.warnerbros.com
Directory user Context 1: dc=warnerbros,dc=com
When I attempt to test the connection, I get an SSL error which says: "You may need to install a certificate for your server to allow SSL connections." I tried to install the directory server root certificate onto the "SSL Certificate" tab, but it would not import since it was generated on a different server.
I also tried HP SIM SSO, and imported the Root CA certificate, and set “Single Sign-On trust Mode” to “Trust All”. The SSL test is still failing when I run it. I’ve used the same certificate to configure some of our Dell iDracs, so I’m confident that it works. I’m just not sure why it isn’t taking on the ILO.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2013 04:18 PM
03-14-2013 04:18 PM
Re: How to set the Directory User Context
Hi,
Do refer to this document, page# 37.
http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02111169/c02111169.pdf
Also mention the operating system and the service pack installed.
Thank You!
I am a HP employee.
I work for HPE.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2013 04:27 AM
03-15-2013 04:27 AM
Re: How to set the Directory User Context
I'have got OpenLDAP integration working with ILO2 using below steps. You can perform same for ILo3.
On OpenLDAP:
Adding ‘memberOf’ attribute and ‘user’ objectclass into openldap
Allow version 2 binding in /etc/openldap/slapd.conf which is ‘allow bind_v2’
Slapd must also listen on port 636(ldaps)
On ILO2:
Using schema-free configuration in ILO
Specify port 636 and OpenLDAP servername or IP address
Configuring user context and group DN
-----
Special schema for ilo auth in /etc/openldap/slapd.conf
[root@Test openldap]# grep -e ilo.schema -e bind_v2 /etc/openldap/slapd.conf
include /etc/openldap/schema/ilo.schema
allow bind_v2
[root@Test openldap]# grep TLS /etc/openldap/slapd.conf
TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
TLSCertificateFile /usr/share/ssl/certs/slapd.pem
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
Note: must enable TLS for listening on port 636 for ilo ldaps connection
[root@Test openldap]# more /etc/openldap/schema/ilo.schema
attributetype ( 1.3.6.1.4.1.15959.9.1.1
NAME 'memberOf'
DESC 'Group which user belongs to'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
objectclass ( 1.3.6.1.4.1.15959.9.2.1
NAME 'memberOf'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP '
MUST ( memberOf )
)
objectclass ( 1.3.6.1.4.1.15959.9.2.2
NAME 'user'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP '
)
Import ldif
Note: replace ou=iss and dc=gcc,dc=com with your organization ones.
[root@Test ldif]# more base.ldif
dn: dc=gcc,dc=com
dc: gcc
description: Root LDAP entry
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=iss,dc=gcc,dc=com
objectclass: top
objectclass: organizationalunit
ou: iss
dn: ou=groups,ou=iss,dc=gcc,dc=com
objectclass: top
objectclass: organizationalunit
ou: groups
dn: ou=users,ou=iss,dc=gcc,dc=com
objectclass: top
objectclass: organizationalunit
ou: users
[root@Test ldif]# more user.ldif
dn: cn=jephe.wu,ou=users,ou=iss,dc=gcc,dc=com
cn: john
uid: john.p
sn: p
uidnumber: 1000
homedirectory: /home/john.p
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectclass: inetorgperson
objectClass: memberOf
objectClass: user
shadowLastChange: 13650
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
gidNumber: 100
displayname: John P
userPassword: {SSHA}7znBGbK5/GMGWVryUuunxgQ87N8L38/b
memberOf: cn=iloadmin,ou=groups,ou=iss,dc=gcc,dc=com
[root@Test ldif]# more groups.ldif
dn: cn=iloadmin,ou=groups,ou=iss,dc=gcc,dc=com
cn: iloadmin
objectClass: top
objectClass: groupofnames
member: cn=jephe.wu,ou=iss,dc=gcc,dc=com
ILO Configuration
Enable the following options on ILO2 (Administration-Security- Directory Settings)
Use Directory Default Schema
Local User Accounts Enabled
Directory Server Address: FQDN of openldap server or ip address
Directory Server LDAP Port 636
Directory User Context 1 ou=users,ou=iss,dc=gcc,dc=com
Then go to ‘Administrator Groups’:
Security Group Distinguished Name cn=iloadmin,ou=groups,ou=iss,dc=gcc,dc=com
Administer User Accounts Allowed
Remote Console Access Allowed
Virtual Power and Reset Allowed
Virtual Media Allowed
Configure iLO Settings Allowed
Login Privilege Allowed
Follow these steps, it should work for ILo3 as well.
--------
I am an HP employee.
Was this post useful? - You may click the KUDOS! Star.
I work for HPE