Choosing a directory configuration to use with iLO
Before you configure iLO for directories, you must choose between the schema-free and HPE Extended
Schema configuration options.
Consider the following questions:
1. Can you apply schema extensions to your directory?
•
Yes
—Continue to question 2.
•
No
—You are using Active Directory, and your company policy prohibits applying extensions.
No
—You are using OpenLDAP. The HPE Extended Schema is not currently supported with
OpenLDAP.
No
—Directory integration with the HPE Extended Schema does not fit your environment.
Use group-based schema-free directory integration. Consider deploying an evaluation server to
assess the benefits of directory integration with the HPE Extended Schema configuration.
2. Is your configuration scalable?
The following questions can help you determine whether your configuration is scalable:
• Are you likely to change the rights or privileges for a group of directory users?
• Will you regularly script iLO changes?
• Do you use more than five groups to control iLO privileges?
Depending on your answer to these questions, choose from the following options:
•
No
—Deploy an instance of the schema-free directory integration to evaluate whether this method
meets your policy and procedural requirements. If necessary, you can deploy an HPE Extended
Schema configuration later.
•
Yes
—Use the HPE Extended Schema configuration.
Schema-free directory authentication
When you use the schema-free directory authentication option, users and groups reside in the directory,
and group privileges reside in the iLO settings. iLO uses the directory login credentials to read the user
object in the directory and retrieve the user group memberships, which are compared to the group
configuration stored in iLO. If the directory user account is verified as a member of a configured iLO
directory group, iLO login is successful.
Advantages of schema-free directory integration
• Extending the directory schema is not required.
• Minimal setup is required for users in the directory. If no setup exists, the directory uses existing users
and group memberships to access iLO. For example, if you have a domain administrator named
User1, you can copy the DN of the domain administrator security group to iLO and give it full
privileges. User1 would then have access to iLO.
Choosing a directory configuration to use with iLO
313