- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Remote Server Management
- >
- Re: Using HP Roles with iLO2 LDAP integration
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2009 12:14 PM
тАО03-24-2009 12:14 PM
Using HP Roles with iLO2 LDAP integration
I have Active Directory extended with the HP management schemas and I have followed all the necessary steps to configure LDAP authentication to AD. My setup even works, for the most part. My problem is that I created two roles, and no matter what I do, users get the combination of permissions from both roles.
In my setup, I created two roles:
-- iLOAdmins (Full Control)
-- iLOUsers (Login Only)
I have assigned users to each role, and each role is assigned to the iLO device I would like to manage. Whenever I login with a user from the iLOUsers group, they earn full admin rights. If I delete or remove the iLOAdmins role, then they only have login permissions. It seems like iLO is combining permissions unnecessarily.
Can anyone help with this issue?
Thanks in advance,
--Brandon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-24-2009 07:39 PM
тАО03-24-2009 07:39 PM
Re: Using HP Roles with iLO2 LDAP integration
When users are part of multiple roles, users will get combination of all the permissions set for each role. I don't think it is wise for iLO to randomly decide to provide permissions set for a Role when user is part of multiple Roles. Is there a way to decide which Roles should be given preference given a combination of Roles?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 03:39 AM
тАО03-25-2009 03:39 AM
Re: Using HP Roles with iLO2 LDAP integration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 06:58 PM
тАО03-25-2009 06:58 PM
Re: Using HP Roles with iLO2 LDAP integration
Is it happening only with test settings? Which permissions are assigned when the user logs into iLO2? Say if a member of iLOUsers logs into iLO2 which permission is he getting?
What is the version of iLO2 you are using and which directory server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-25-2009 07:08 PM
тАО03-25-2009 07:08 PM
Re: Using HP Roles with iLO2 LDAP integration
Keep in mind though, that both sets of permissions are only inherited when both roles are assigned to the device i'm testing on. If I remove the device from the iLOAdmin group, and only have it associated with the iLOUsers group, then Jsmith (iLOUsers) gets the correct permissions. If both iLOAdmins and iLOUsers have the device associated, then Jsmith will get admin permissions even though he's not a member of the iLOAdmins group.