To use this format, you must enable
Generic LDAP
on the
Security - Directory
page.
Directory Server CA Certificate
During LDAP authentication, iLO validates the directory server certificate if the CA certificate is already
imported. For successful certificate validation, make sure that you import the correct CA certificate. If
certificate validation fails, iLO login is denied and an event is logged. If no CA certificate is imported, the
directory server certificate validation step is skipped.
To verify SSL communication between the directory server and iLO, click
Test Settings
.
Local user accounts with Kerberos authentication and directory integration
Local user accounts can be active when you configure iLO to use a directory or Kerberos authentication.
In this configuration, you can use local and directory-based user access.
Consider the following:
• When local user accounts are enabled, configured users can log in by using locally stored user
credentials.
• When local accounts are disabled, user access is limited to valid directory credentials.
• Do not disable local user access until you have validated access through Kerberos or a directory.
• When you use Kerberos authentication or directory integration, Hewlett Packard Enterprise
recommends enabling local user accounts and configuring a user account with administrator
privileges. This account can be used if iLO cannot communicate with the directory server.
• Access through local user accounts is enabled when directory support is disabled or an iLO license is
revoked.
Running directory tests
Directory tests enable you to validate the configured directory settings. The directory test results are reset
when directory settings are saved, or when the directory tests are started.
Procedure
1.
Click
Security
in the navigation tree, and then click the
Directory
tab.
2.
At the bottom of the
Directory
page, click
Test Settings
.
iLO displays the results of a series of simple tests designed to validate the directory settings. After
your directory settings are configured correctly, you do not need to rerun these tests. The
Directory
Tests
page does not require you to log in as a directory user.
3.
In the
Directory Test Controls
section, enter the DN and password of a directory administrator in the
Directory Administrator Distinguished Name
and
Directory Administrator Password
boxes.
Hewlett Packard Enterprise recommends that you use the same credentials that you used when
creating the iLO objects in the directory. iLO does not store these credentials; they are used to verify
the iLO object and user search contexts.
4.
In the
Directory Test Controls
section, enter a test user name and password in the
Test User Name
and
Test User Password
boxes.
5.
Click
Start Test
.
Several tests begin in the background, starting with a network ping of the directory user by
establishing an SSL connection to the server and evaluating user privileges.
254
Directory Server CA Certificate