iLO 2 Scripting and Command Line Guide

ManualsBrandsHP ManualsComputer AccessoriesHP Integrated Lights-Out 2 (iLO 2) Firmware for ProLiant G6 Servers

111

112

113

114

115

116

117

118

119

120

CERT_OWNER_SUBJECT – Causes iLO 2 to derive the user's distinguished name from the subject

name. For example, if the subject name is "/DC=com/DC=domain/OU=organization/

CN=user", iLO 2 derives: "CN=user,OU=organization,DC=domain,DC=com".

CERT_OWNER_SAN and CERT_OWNER_SUBJECT – These settings are only used if directory

authentication is enabled.

IMPORT_CA_CERTIFICATE – Imports the certificate into iLO 2 as the trusted Certificate Authority.

iLO 2 will only allow client certificates that are issued by this CA. A Trusted CA certificate must be

configured in iLO 2 for Two-Factor authentication to function.

IMPORT_USER_CERTIFICATE – Imports the certificate into iLO 2 and maps it to the specified local

user. Any client that authenticates with this certificate authenticates as the local user to which it is

mapped. The SHA1 hash of this certificate displays on the Modify User website for the user to

whom it is mapped. If iLO 2 is using directory authentication, client certificate mapping to local

user accounts is optional and only necessary if authentication with local accounts is desired.

IMPORT_CA_CERTIFICATE and IMPORT_USER_CERTIFICATE – These settings require that

base64-encoded certificate data be included between the BEGIN and END tags.

MOD_TWOFACTOR_SETTINGS runtime errors

The possible MOD_TWOFACTOR_SETTINGS error messages include:

• RIB information is open for read-only access. Write access is

required for this operation.

• This setting cannot be changed while Shared Network port is enabled.

iLO 2 has been configured to use shared network port, which will

not function if Two-factor authentication is enabled.

• This setting cannot be enabled unless a trusted CA certificate has

been imported.

A CA certificate must be imported before enabling Two-factor

authentication.

• User does not have correct privilege for action. CONFIG_ILO_PRIV

required.

DIR_INFO

The DIR_INFO command can only appear within a LOGIN command block. When the command

is parsed, it reads the local directory information database into memory and prepares to edit it.

Only commands that are DIR_INFO type commands are valid inside the DIR_INFO command

block. The DIR_INFO command generates a response that indicates to the host application whether

the database was successfully read or not. If the database is open for writing by another application,

then this call will fail.

DIR_INFO requires the MODE parameter with a value of read or write. MODE is a specific string

parameter with a maximum length of 10 characters that specifies what you intend to do with the

information.

Write mode enables both reading and writing of iLO 2 information. Read mode prevents

modification of the iLO 2 information.

Example:

<DIR_INFO MODE="read">

……… DIR_INFO commands ……

</DIR_INFO>

DIR_INFO 119