- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- Re: iLO AD integration
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2020 10:03 AM
тАО09-20-2020 10:03 AM
Hi
I see lots of people attempting to integrate iLO with their AD server and I'm also having issues - but I first have a very basic question to help me on my way.
I've have found the following technote from HPE - it's quite old but I believe still relevent as I'm using iLO 4 currently but will be upgrading to iLO 5 over the coming weeks.
https://slice2.files.wordpress.com/2013/03/integrating-hp-ilo-with-ad-and-cs1.pdf
The article first talks about upgrading the iLO firmware on page 1 and then on page 2 talks about how to configure certificates and then finally towards the bottom of page 5 about creating an AD security group and downloading the utility for the AD integration.
My simple question is "Do I need to complete the steps on page 2 for configuring a certificate in order to be able to integrate iLO into AD?" If I start on page 5 and ignore the steps about configuring certificates should it still work - but I'll just continue to get the browser warning saying the site is not secure?
Thanks
C
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2020 05:26 AM
тАО09-21-2020 05:26 AM
Re: iLO AD integration
Hi
Directory Server CA Certificate
During LDAP authentication, iLO validates the directory server certificate if the CA certificate is already imported. For successful certificate validation, make sure that you import the correct CA certificate. If certificate validation fails, iLO login is denied and an event is logged. If no CA certificate is imported, the directory server certificate validation step is skipped.
To verify SSL communication between the directory server and iLO, click Test Settings.
For more information please refer HPE iLO 4 and 5 User Guides.
HPE iLO 4 User Guide
https://support.hpe.com/hpesc/public/docDisplay?docId=c03334051
HPE iLO 5 User Guide
https://support.hpe.com/hpesc/public/docDisplay?docId=a00026409en_us
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-21-2020 12:29 PM
тАО09-21-2020 12:29 PM
Re: iLO AD integration
Many thanks
So importing the LDAP CA certificate into iLO is optional? even with iLO5?
If I don't import the LDAP CA certificate then it should just work or is it mandatory to add the LDAP CA cert??
And....if I configure this directly in the iLO interface, .As well as putting in the AD server address and user context in the Security --> Direcotry tab. must I also add a directory group into the Administration --> Directory Groups tab for authenication to be successful
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-23-2020 06:44 PM
тАО09-23-2020 06:44 PM
Re: iLO AD integration
Hello,
I would suggest you to have a proper case be logged with HPE, and share the appropriate logs for further analysis.
Regards,
I am a HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-23-2020 11:37 PM
тАО09-23-2020 11:37 PM
SolutionI set it up in a test environment and experimented with different settings myself until I better understood how it works.
The answers to my questions we're actually quite simple in the end.
No - you don't need to add the SSL certificate as detailed in the first page of the utility guide this is to prevent the self-signed browser warning
No - you don't need to import the LDAP CA certificate for this to work but iLO will valaidate it's connected to the correct AD server if you do
No - you don't need add the directory groups for it to work as it already has the 'Administrators' and 'Authenticated Users' groups defined. However, you will probably want to add a dedicated directory group for iLO admins and remove one or both of the other groups for better security. Neither do you need to add a user context but, again, you need a mechanism to ensure that only a defined subset of users can access iLO.