Directory services 75
Directory services
In this section
Overview of directory integration............................................................................................................. 75
Benefits of directory integration................................................................................................................ 75
How directory integration works .............................................................................................................. 76
Advantages and disadvantages of schema-free and HP Extended schema .................................................... 76
Setup for Schema-free directory integration ............................................................................................... 77
Setting up HP schema directory integration ............................................................................................... 79
Directory settings.................................................................................................................................... 99
Overview of directory integration
RILOE II can be configured to use a directory to authenticate and authorize its users. There are two
configuration options available: using a directory that has been extended with HP Schema or using the
directory’s default schema (schema-free.)
There are white papers available for more information on directory integration on the HP website
(http://www.hp.com/servers/lights-out
).
Benefits of directory integration
Directory integration benefits include:
• Scalability—The directory can be leveraged to support thousands of users on thousands of RILOE IIs.
• Security—Robust user password policies are inherited from the directory. User password complexity,
rotation frequency, and expiration are policy examples.
• Anonymity (lack thereof)—In some environments, users share Lights-Out accounts, which results in not
knowing who performed an operation, instead of knowing what account (or role) was used.
• Role-based administration (when using HP Extended schema)—You can create roles (for instance,
clerical, remote control of the host, complete control) and associate users or user groups with those
roles. A change to a role applies to all users and Lights-Out devices associated with that role.
• Single point of administration—You can use native administrative tools, such as MMC and
ConsoleOne to administrate Lights-Out users.
• Immediacy—A single change in the directory rolls-out immediately to associated Lights-Out
processors, which eliminates the need to script the change process.
• Elimination of another username and password—You can use existing user accounts and passwords
in the directory without having to record or remember a new set of credentials for Lights-Out.
• Flexibility—When configured for HP Extended schema, you can create a single role for a single user
on a single RILOE II, you can create a single role for multiple users on multiple RILOEs, or you can
use a combinations of roles as is suitable for your enterprise.
• Compatibility—Lights-Out directory integration applies to iLO, RILOE, and RILOE II products. The
integration supports the popular Active Directory and eDirectory.