ProLiant Servers (ML,DL,SL)
1748169 Members
4125 Online
108758 Solutions
New Discussion юеВ

Re: iLO AD integration

 
SOLVED
Go to solution
CadenLange
Regular Advisor

iLO AD integration

Hi

I see lots of people attempting to integrate iLO with their AD server and I'm also having issues - but I first have a very basic question to help me on my way.

I've have found the following technote from HPE - it's quite old but I believe still relevent as I'm using iLO 4 currently but will be upgrading to iLO 5 over the coming weeks.

https://slice2.files.wordpress.com/2013/03/integrating-hp-ilo-with-ad-and-cs1.pdf

The article first talks about upgrading the iLO firmware on page 1 and then on page 2 talks about how to configure certificates and then finally towards the bottom of page 5 about creating an AD security group and downloading the utility for the AD integration.

My simple question is "Do I need to complete the steps on page 2 for configuring a certificate in order to be able to integrate iLO into AD?" If I start on page 5 and ignore the steps about configuring certificates should it still work -  but I'll just continue to get the browser warning saying the site is not secure?

Thanks

C

4 REPLIES 4
AmRa
HPE Pro

Re: iLO AD integration

Hi

Directory Server CA Certificate

During LDAP authentication, iLO validates the directory server certificate if the CA certificate is already imported. For successful certificate validation, make sure that you import the correct CA certificate. If certificate validation fails, iLO login is denied and an event is logged. If no CA certificate is imported, the directory server certificate validation step is skipped.

To verify SSL communication between the directory server and iLO, click Test Settings.

For more information please refer HPE iLO 4 and 5 User Guides.

HPE iLO 4 User Guide

https://support.hpe.com/hpesc/public/docDisplay?docId=c03334051

HPE iLO 5 User Guide

https://support.hpe.com/hpesc/public/docDisplay?docId=a00026409en_us

 

 

I am an HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo
CadenLange
Regular Advisor

Re: iLO AD integration

Many thanks

So importing the LDAP CA certificate into iLO is optional? even with iLO5?

If I don't import the LDAP CA certificate then it should just work or is it mandatory to add the LDAP CA cert??

And....if I configure this directly in the iLO interface, .As well as putting in the AD server address and user context in the Security --> Direcotry tab. must I also add a directory group into the Administration --> Directory Groups tab for authenication to be successful

thanks

SanjeevGoyal
HPE Pro

Re: iLO AD integration

Hello,

I would suggest you to have a proper case be logged with HPE, and share the appropriate logs for further analysis.

Regards,


I am a HPE Employee.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

Accept or Kudo

CadenLange
Regular Advisor
Solution

Re: iLO AD integration

I set it up in a test environment and experimented with different settings myself until I better understood how it works.

The answers to my questions we're actually quite simple in the end.

No - you don't need to add the SSL certificate as detailed in the first page of the utility guide this is to prevent the self-signed browser warning

No - you don't need to import the LDAP CA certificate for this to work but iLO will valaidate it's connected to the correct AD server if you do

No  - you don't need add the directory groups for it to work as it already has the 'Administrators' and 'Authenticated Users' groups defined. However, you will probably want to add a dedicated directory group for iLO admins and remove one or both of the other groups for better security. Neither do you need to add a user context but, again, you need a mechanism to ensure that only a defined subset of users can access iLO.