HPE Community
BladeSystem - General
1850499 Members
2054 Online
104054 Solutions
New Discussion

HP Onboard Admin Integration w/ AD

 
LarryM
Occasional Contributor

‎10-28-2008 11:16 AM

‎10-28-2008 11:16 AM

HP Onboard Admin Integration w/ AD

I am having exact same problem as:
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1277300

I followed all the instructions and I can authenticate but get error from Test Settings: Unable to authorize test user.
We have extended the AD schema with HP ilo objects and it works fine, but we need to get the OAs to work with AD to avoid local ids on the OA gaining access to the blades. Any help?
0 Kudos
Reply
6 REPLIES 6
Raghuarch
Honored Contributor

‎10-31-2008 12:50 PM

‎10-31-2008 12:50 PM

Re: HP Onboard Admin Integration w/ AD

Try to give the Context properly.
In context You have to point till the Group where the user is Present.
If user " TEST" is under different OU specify the OU in the context.
0 Kudos
Reply
LarryM
Occasional Contributor

‎11-03-2008 11:29 AM

‎11-03-2008 11:29 AM

Re: HP Onboard Admin Integration w/ AD

I created Group Names on the iLO with the correct context of a group that the user belongs to, as well as context of the OU that the user is in but still getting same error.
0 Kudos
Reply
Adrian Clint
Honored Contributor

‎11-04-2008 04:08 AM

‎11-04-2008 04:08 AM

Re: HP Onboard Admin Integration w/ AD

Also check the ILO forum as AD integrating ILO and OA is very similary and there have been many questions on there.
0 Kudos
Reply
Neal Bowman
Respected Contributor

‎11-20-2008 02:35 PM

‎11-20-2008 02:35 PM

Re: HP Onboard Admin Integration w/ AD

From what I have seen, the user account must exist somewhere in the exact direct path you have listed in the search context. This is supposed to be corrected in OA 2.30 and VC2.00, which will allow searching 30 level levels deep from your search contexts. The group does not have to be in the search context, only the user.

example: user is in group HPOA-ADMINS. Group HPOA-ADMINS is an object in OU=Admins, DC=domain, DC=com.

User object is in OU=Users, OU=Corp, DC=domain, DC=com.

Set your search context to point to the user object.

I was also unable to test until I added HPOA-ADMINS as a group member prior to testing the test feature. once I performed that, all was good. I do have not enabled the checkbox "Use NT Account Name Mapping (DOMAIN\username)". I simply login with my AD account of nb001.

Hope this helps,
Neal
0 Kudos
Reply
Lars Heuser
New Member

‎02-13-2009 07:09 AM

‎02-13-2009 07:09 AM

Re: HP Onboard Admin Integration w/ AD

Hi

I have the same problem adding my LDAP user. My user is also authenticated but not authorized. I've saw what Neal wrote but it does not make any sense to me (sorry). Neal, could you please explain to me why and to what you are adding your group HPOA-ADMINS? Any help will be much appreciated...

Cheers
Lars
0 Kudos
Reply
Neal Bowman
Respected Contributor

‎02-13-2009 12:26 PM

‎02-13-2009 12:26 PM

Re: HP Onboard Admin Integration w/ AD

Hi Lars,

Hi

I have the same problem adding my LDAP user. My user is also authenticated but not authorized. I've saw what Neal wrote but it does not make any sense to me (sorry). Neal, could you please explain to me why and to what you are adding your group HPOA-ADMINS? Any help will be much appreciated...

Cheers
Lars
========

My login account is a member of HPOA-ADMINS group. In OA, I have added this group to have Administrator privileges in OA. Here are the LDAP settings I have in my OAs:
SET LDAP SERVER "domain.com"
SET LDAP PORT 636
SET LDAP NAME MAP ON
SET LDAP SEARCH 1 "OU=Admins, DC=domain, DC=com"
SET LDAP SEARCH 2 "OU=Domain Admins, DC=domain, DC=com"
SET LDAP SEARCH 3 "OU=Users, OU=Corp, DC=domain, DC=com"

As long as my login account is somewhere in one of the three LDAP searches, I will be able to authenticate and login. If my login account is not in these three search contexts, I will never authenticate to OA, even though I am in an authorized group HPOA-ADMINS.

Hope this helps to clear the water for you.

Neal
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.