HPE Community
Server Management - Remote Server Management
1752292 Members
5135 Online
108786 Solutions
New Discussion юеВ

Re: ILO with AD integration

 
David Partow
New Member

тАО07-22-2006 01:33 PM

тАО07-22-2006 01:33 PM

ILO with AD integration

I can not seem to integrate my ILO adncaed pack with AD directory services.

I do not want to install extended schema.
I only want to use LDAP.

Why is it so hard to make it work?

Can anyone give me some simple instructions to implement ILO with AD in a Use Directory Default Schema?

Thanks,
David
0 Kudos
Reply
18 REPLIES 18
M.S.Srivatsa
Valued Contributor

тАО07-23-2006 08:16 PM

тАО07-23-2006 08:16 PM

Re: ILO with AD integration

What is the format of the login name you
are trying to use.
Is it
1.short name
Ex : sriv s
2.Distinguished name
Ex : CN=sriv s,CN=Users,DC=mycompu,DC=com
3.loginname@domain.com format
Ex : sriv@mycompu.com
4.Netbios name


Please configure iLO with the appropriate directory settings and Group
distinguished name.
Follow the steps below.

1.Logon to iLO with the appropriate login and password.
2.Click Administration->Directory settings.
3.Configure "directory settings" with appropriate parameters as under
1.Directory Server address
Ex : dlilo1.india.hp.com
2.LDAP port as "636".
3.Fill in appropriate "Directory User Context 1
Ex:CN=Users,DC=mycompu,DC=com
4.Click "Apply Settings" to save the directory settings.

5.Repeat "Step 2" to go back to directory
settings page.
4.Now click on "Administer Groups".
5.Select the appropriate group.
Ex : custom1
6.Fill in the Group distinguished name.
Ex : CN=newgroup,CN=Users,DC=mycompu,DC=com
NOTE : Please don't give any extra space.
7.Enable the appropriate access rights for this group.

8.Click on "Save Group Information" save the group settings.

Please ensure the following.
1.In windows Active directory setup
the same group(Ex:newgroup) exists.
2.User who tries to login to iLO is
present in this group.

0 Kudos
Reply
Jack Roberts
New Member

тАО08-11-2006 03:30 AM

тАО08-11-2006 03:30 AM

Re: ILO with AD integration

M.S.Srivatsa,

I am having trouble following your instructions.

I entered the information you suggested, of course substituting the correct information, for Directory User Context 1. However, when I click Apply Settings, I get an alert box with the message: "LOM Object distinguished name is not specified. Applying these settings will prevent directory authentication."

I also tried entering the information in the LOM ODM field, but authentication still does not work.

Under Modify Group, I listed the CN for the lowest level of the group, and moved up to dc=com. Ex: cn=IT,cn=LoginScripts,cn=groups,dc=[domain],dc=com. (no real CN's listed here.)

I have tried loging in with the following:
doman\username
username@domain.com

The directory server address is resolved.
It accepts the certificate.
Unable to authenticate domain\user [object not found].
-OR-
Unable to authenticate test user, user@domain.com.

Thank you for your help.
Jack Roberts

0 Kudos
Reply
M.S.Srivatsa
Valued Contributor

тАО08-13-2006 07:15 PM - last edited on тАО11-13-2020 04:12 AM by

тАО08-13-2006 07:15 PM - last edited on тАО11-13-2020 04:12 AM by

Re: ILO with AD integration

Please use the HP Lights Out directory migration utility(HPQLOMIG.exe) which helps you to configure iLO for either
Default Schema or Extended Schema.This is a
GUI based tool.

HPQLOMIG.exe is part of "HP Directories Support for Management Processors" softpaq
(SP31581.exe) which is downloadable from the
following web site.
https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_13aa310d9f23432a8d02d5ad56

iLO directory configuration pictures
I have attached the ZIP file which has the pictures of the iLO directory configuration for your reference.
1.iLOdirsettings.bmp
This picture shows the directory settings
for default schema.
NOTE: Please ensure you fill in the
hostname field in "Directory server
address" field.
This is required for logging using
"loginname@domain.com" and Netbios
name format(Domain name\loginname)

Assuming "sriv" is the login name
Ex : loginname@domain.com
sriv@mycompu.com
Ex : Netbios name (domain\loginmame)
MYCOMPU\sriv

0 Kudos
Reply
TienDNguyen
Occasional Contributor

тАО04-17-2007 07:06 AM

тАО04-17-2007 07:06 AM

Re: ILO with AD integration

M.S.Srivatsa...I see that you have password for the "LOM object password". That would only be needed for the HP Schema extension right? Since I am doing the schema-free, no objects for the iLO are create in AD?
0 Kudos
Reply
M.S.Srivatsa
Valued Contributor

тАО04-17-2007 07:59 PM

тАО04-17-2007 07:59 PM

Re: ILO with AD integration

QUESTION ASKED
I see that you have password for the "LOM object password".
That would only be needed for the HP Schema extension right?

ANSWER
YES.
LOM Object Distinguished Name,LOM Object Password and LOM Object Password
Confirm fields in "iLO directory settings page" are needed only for HP
Extended schema.
For "Schema-free directory integration" these fields can be ignored.


0 Kudos
Reply
TienDNguyen
Occasional Contributor

тАО04-18-2007 02:49 AM

тАО04-18-2007 02:49 AM

Re: ILO with AD integration

Thank you M.S.Srivatsa.

2nd Question.

For "Directory User Context 1:", is this field required to be filled out for schema-free, the white papers on iLO AD skipped this section using the GUI utility.

And if required, so far I've placed the container which the user/group resided in AD as such:

CN=Users,DC=ibx,DC=com

Is this correct?
0 Kudos
Reply
TienDNguyen
Occasional Contributor

тАО04-18-2007 07:21 AM

тАО04-18-2007 07:21 AM

Re: ILO with AD integration

For schema-free should we use port 636 or 389. Here is a comment from Microsoft. The LDAP "Well-known" ports have been established as 389 for LDAP and 636 for LDAP SSL.

I think since I am not using SSL at all, I should use port 389?
0 Kudos
Reply
M.S.Srivatsa
Valued Contributor

тАО04-18-2007 07:32 PM - last edited on тАО11-13-2020 04:13 AM by

тАО04-18-2007 07:32 PM - last edited on тАО11-13-2020 04:13 AM by

Re: ILO with AD integration

QUERY 1
For schema-free "Directory User Context 1" field is required.
CN=Users,DC=ibx,DC=com is correct as long as it matches with Active
directory server configuration.

QUERY 2
iLO supports LDAP over SSL.So default LDAP port should be 636

Refer the whitepaper
"Integrating HP ProLiant Lights-Out processors with Microsoft├В┬о Active
Directory"
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c00190541


0 Kudos
Reply
Dan Fitzgerald
Advisor

тАО03-13-2008 09:05 AM

тАО03-13-2008 09:05 AM

Re: ILO with AD integration

I know that this has been along time but I am having a ton of problems setting up schema free integration. I have ILO 2 and want to make sure the ldap over ssl is working but unfortunatelly for some reason ilo 2 does not have the option through the web interface. Is there another way to test the connectivity?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.