iLO4 with LDAP

 
carlbinns
Visitor

iLO4 with LDAP

Hi,

I'm trying to get LDAP working from iLO4 v2.77.

When I test the LDAP configuration User Authentication fails with "not authenticated, or does not have login rights".

This is my LDAP user, viewed via ldapsearch:

dn: cn=cabbulab_gb,l=amer,dc=xxxxxx,dc=com
loginShell: /bin/bash
objectClass: account
objectClass: networkInfo
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
gidNumber: 999
uid: cabbulab
shadowLastChange: 13168
shadowMax: 99999
uidNumber: 1436853
gecos: CABBULAB_GB@XXXXXX.COM
shadowWarning: 7
cn: cabbulab_gb
description: CABBULAB_GB@XXXXXX.COM_Managed_by_APS_ROLE_REFRESH
homeDirectory: /home/cabbulab

Is there anything missing from the LDAP response that prevents user authentication from working? 

3 REPLIES 3
BH_S
HPE Pro

Re: iLO4 with LDAP

Hi Carl,

As I understand you are trying LDAP configuration in ILO4. Please clarify on which server model you are trying to configure?

Kindly refer the below document for Directory Server Settings and ensure all pre-requisites and configuration is met.

Pg: 70 - Directory Server Authentication and Authorization.

https://support.hpe.com/hpesc/public/docDisplay?docId=c03334051

Directory Group Settings:

https://support.hpe.com/hpesc/public/docDisplay?docId=a00045203en_us&docLocale=en_US

IF still authentication issue seen, kindly log a support case to investigate this further.

Thanks,

HPE Employee.

 


I am an HP Employee

Accept or Kudo

carlbinns
Visitor

Re: iLO4 with LDAP

Hi,

Thank you for your response.

This is on a DL360p Gen8.

Before I submit a support ticket would you be able to supply a trace (Wireshark PCAP or flat text file) showing the LDAP server response for a successful OpenLDAP authentication? I'd like to see what needs to be in a LDAP response for iLO to "recognize" the user is authenticated. I suspect the server has to send back a group name in it's response!

Alternatively, I suspect the LDAP server must return the "memberOf" attribute for this to work. Can you confirmn that? 

Thanks again.

carlbinns
Visitor

Re: iLO4 with LDAP

FYI, I ran a test against the directory from iLO and everything was successful except:

1. "User Authorization" was successful but no "User Group" was returned by the server.

2. "User Authentication" had a warning status with message "Test user xxxx not authenticated, or does no have login rights".

The user is provisioned on the LDAP server and works for other LDAP authenticated apps.

Is there some way to debug this on the iLO side?