HPE Community
Server Management - Systems Insight Manager
1833430 Members
3313 Online
110052 Solutions
New Discussion

Directory services feature in SIM 5.1

 
SOLVED
Go to solution
NJK-Work
Honored Contributor

‎01-16-2007 08:23 AM

‎01-16-2007 08:23 AM

Directory services feature in SIM 5.1

I know SIM 5.1 in brand new (OK - it was released today), so I am actually hoping someone from HP can answer this question:

What exactly would I use the Directory services feature of SIM 5.1 for. I can already add users from AD as named users to login into SIM. Is this just for using Groups instead of user accounts? For example I can now add "Domain Admins"? If so, why do I have to setup LDAP and all that jazz when I could already search the directory for users in the past without having to do so. So I am thinking this must be for something else. All I could find in the documentation is this:

The Directory Service Groups tool is used to determine a system's membership in a Windows domain, organizational unit (OU), or group. You must first configure the directory server parameters on the Directory Server Configuration page. After you configure the directory server, the Directory Groups tool must be configured with the distinguished name (DN) of the desired container objects in the directory.

OK...but that does not really tell me WHY I would want to do this. What do I get from this? Again, I could already specify AD user accounts in the past without having to setup all this stuff. So why do I have to do it now? Or is this for Netware...

Thanks
Nelson
0 Kudos
7 REPLIES 7
Rob Buxton
Honored Contributor

‎01-16-2007 08:33 AM

‎01-16-2007 08:33 AM

Re: Directory services feature in SIM 5.1

Not finished downloading yet, but here's a guess as it might be similar to ILO.

You'd no longer need to set up users directly in HPSIM?

At the moment HPSIM just uses the AD for password authentication. With the integration all control is handed to AD. That allows for a consistent User Administration regime.

It's very useful for ILO's as there's a lot of them and user maintenance with AD integration is a pain.
0 Kudos
Rob Buxton
Honored Contributor

‎01-16-2007 09:14 AM

‎01-16-2007 09:14 AM

Re: Directory services feature in SIM 5.1

That last line should be user maintenance WITHOUT AD integration is a pain.... Saying that you're not likely to have too many HPSIM installations, but if you have a live and DR it still might make some of the admin a bit easier.
0 Kudos
NJK-Work
Honored Contributor

‎01-17-2007 02:02 AM

‎01-17-2007 02:02 AM

Re: Directory services feature in SIM 5.1

OK. Thanks.

I guess I was getting thrown by the use of the word "system" in the following statement from the help file:

The Directory Service Groups tool is used to determine a system's membership in a Windows domain, organizational unit (OU), or group.

I was thinking (hoping) that it might be able to do a system discovery based on an AD OU contents. For example, if we have an OU just for Servers, have SIM scan the OU and import all devices it finds there.

Thanks
Nelson
0 Kudos
Aravindh Rajaram
Honored Contributor

‎01-17-2007 05:26 AM

‎01-17-2007 05:26 AM

Solution

Re: Directory services feature in SIM 5.1

When the tool is run against managed nodes that are part of an OU, its system attribute gets updated in SIM.

Now, you can create a collection based on these attributes, associate it with user's authorization and opt for automatic track change of updates to collection. So, when a system enters or leaves the collection (OU), the authorization in SIM gets updated automatically.

This will let SIM user's manage systems only from Specific OU, Domain etc.
0 Kudos
NJK-Work
Honored Contributor

‎01-17-2007 06:15 AM

‎01-17-2007 06:15 AM

Re: Directory services feature in SIM 5.1

Kewl! Thanks!

Nelson
0 Kudos
NJK-Work
Honored Contributor

‎01-17-2007 06:27 AM

‎01-17-2007 06:27 AM

Re: Directory services feature in SIM 5.1

Answer provided in previous comments.
0 Kudos
jameskrolak
Advisor

‎06-15-2009 01:56 PM

‎06-15-2009 01:56 PM

Re: Directory services feature in SIM 5.1

This is really useful information. I thought the LDAP stuff was needed just in order to tie authentication to LDAP groups, but that doesn't appear to even be necessary. This is apparently more for grouping your servers based upon AD OUs or groups.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.