No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

X6800 Server Node iBMC (Earlier Than V250) User Guide 30

This document describes the underlying management software Intelligent Baseboard Management Controller (iBMC) of the servers.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the LDAP Function

Configuring the LDAP Function

Scenario

Enable and configure the Lightweight Directory Access Protocol (LDAP) function on the iBMC WebUI. The LDAP allows domain users to access the iBMC.

NOTE:
  • The LDAP is a unified authentication solution that enables the system to quickly respond to user queries.
  • For details about how to create a domain controller, a user domain, and LDAP users, see domain controller documents. The iBMC only allows access from LDAP users.

Prerequisites

Data

Obtain the following data before the configuration:

  • Information about an available LDAP server
    • LDAP server address
    • LDAP server domain name
    • LDAP server host name
    • LDAP server user application folder
  • Password for logging in to the iBMC WebUI
  • Name of the LDAP group to which the LDAP user belongs

Procedure

    Configure an LDAP server.

    The iBMC only supports interconnection with Windows active directory (AD) servers. The following use Windows Server 2008 as an example to describe how to configure the LDAP server. If the LDAP server is available, skip over this step.

    NOTE:
    • If the iBMC version is 2.46 or earlier, the group names, user names, and CN configured on the LDAP server for the iBMC cannot contain the following special characters: \";<>#+=,

    • On the LDAP server, DisplayName and CN must be the same.

    1. Install Windows Server 2008 on the server to be configured.
    2. Choose Start > Computer > Manage.

      The Server Manager dialog box is displayed.

    3. Add a user to the Users organization.

      For example, set the user name to test and the password to Huawei12#$.

    4. Right-click Active Directory Users and Computers to add a domain name, for example, softest.com.
    5. Right-click the domain name softest.com and choose New > Organizational Unit to add an organizational unit, for example Huawei.
    6. Right-click the newly added organizational unit (Huawei), and choose New > Organizational Unit to add a lower-level organizational unit, for example test1.

      You can use the same method to create multi-level organizational units, for example Huawei -> test1 -> IThelpdesk.

    7. Right-click the organizational unit of the lowest level (for example IThelpdesk), and choose New > Group to create an LDAP group, for example BMC User.

      You can create multiple LDAP groups, such as BMC admin and BMC Operator, as shown in Figure 3-31.

      Figure 3-31 Newly created organizational units and LDAP groups

    8. Right-click BMC User and choose Properties from the shortcut menu.
    9. Select the Member Of tab and click Add.

      The dialog box shown in Figure 3-32 is displayed.

      Figure 3-32 Adding a user

    10. Enter the user created in 3, for example test, and click OK.

    Log in to the iBMC WebUI.

    For details, see Logging In to the iBMC WebUI.

    Configure the LDAP server on the iBMC.

    1. On the iBMC WebUI, choose Configure > LDAP Settings.
    2. Set LDAP to to enable the LDAP function.
    3. In LDAP Server Address, enter the LDAP server IP address, for example 192.168.66.66.
    4. Enter the port number of the LDAP server.
    5. Enter the LDAP server domain name, for example, softest.com.

      This domain name must be the same as the domain name set on the LDAP server.

    6. In User Folder, enter the user application folder of the LDAP server, for example CN=Users.

      The user folder name must be the same as the name of the application member data folder set on the LDAP server.

    7. In User Password, enter the password for logging in to the iBMC.
    8. Click Save.

    (Optional) Import an LDAP root certificate.

    You can determine whether to import an LDAP root certificate. It is recommended that certificate verification be enabled for sake of security.

    1. Set the DNS address to the LDAP server address. For details, see Configuring the DNS on the iBMC WebUI (Manually).
    2. On the LDAP Settings page, set Certificate Verification to Enable.
    3. Click Browse next to Upload Certificate, and select the root certificate to be uploaded.

      The root certificate must be in .cer, .pem, .cert, or .crt format.

    4. Click Upload.

      After the root certificate is successfully uploaded, "The certificate has been uploaded" is displayed.

    Configure the LDAP group.

    1. In the Set LDAP Groups area, click or .
    2. Enter the iBMC user password in User Password.

      Before setting LDAP information, enter the password for logging in to the iBMC.

    3. In LDAP Group, enter the LDAP user group name, for example BMC User (that is, the LDAP group name set in 7).
    4. In LDAP Group Folder, enter the name of the folder in which the LDAP group applications are stored.

      The LDAP group folder must be the same as the organizational unit set for the user on the LDAP server, for example, Huawei/test1/IThelpdesk (that is, the organizational unit of the lowest level set in 7). The maximum length is 255 characters.

    5. Select the login rules.
    6. Select the login interface.
    7. Select the LDAP group rights.
    8. Click Save.

    Use the domain account to log in to the iBMC.

    1. Enter the user name (test) and password (test/Huawei12#$) that have taken effect on the LDAP server.
    2. In the domain name drop-down list box, select the domain name of the LDAP server, for example, softest.com.
    3. Click Log In.
Translation
Download
Updated: 2019-06-04

Document ID: EDOC1000066341

Views: 144617

Downloads: 1083

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next