Manualshelf

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory HOWTO

ManualsBrandsHP ManualsComputer AccessoriesHP Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers
21222324252627282930
21
User login considerations
The Name field on the iLO login page can accept Directory user names in the following forms:
LDAP fully distinguished name such as cn=John Smith, cn=Users, dc=MyCompany, dc=COM
DOMAIN\user name form such as MyCompany\jsmith
Username@domain form such as jsmith@MyCompany.com
User name form such as John Smith
You can use a maximum of 1024 characters (1 kilobyte) for the Directory Services/user/names.
Active Directory will accept non-LDAP forms of the user name such as “domain\username” or
“username@subdomain.domain.” However, iLO cannot use these forms to read the user object. iLO
must use search contexts to convert the username to the LDAP form.
You can use iLO Directory User Context fields to pre-define user organizations so users can log in
with only their common names. The section “Preventing Lights-Out user access issues” in this paper
describes how iLO authenticates users. iLO 3 (v 1.0 and greater) uses the Default Naming Context
from the directory server as an additional Directory User Context.
Checking for LDAP over SSL
For authentication to work correctly between iLO and the domain controller in AD, the domain
controller must have LDAP over SSL capabilities. This means the domain controller must have a
certificate assigned by a Certificate Authority. See the Microsoft Knowledge Base for more
information on installing a Certificate Server on a domain controller so that other domain controllers
can automatically obtain certificates.
You can also use existing PKI infrastructure to obtain certificates. For information about this, refer to
Microsoft Knowledge Base article at
http://support.microsoft.com/kb/321051/