Directory Settings

The HPE Moonshot Chassis Manager 2.0 firmware supports directory integration with an Active Directory server.

The HPE Moonshot Chassis Manager 2.0 firmware connects to directory services by using SSL connections to the directory server LDAP port.

Configuring the authentication and directory server settings is one step in the process of configuring HPE Moonshot Chassis Manager 2.0 to use LDAP.

Configuring directory settings

Prerequisites

  • Role: Administrator with chassis access

  • Environment configured to support directory integration.

Procedure
  1. Click Administration in the navigation tree, and then click the Directory Settings tab.
  2. Select Enable LDAP.
  3. Enter the FQDN or IP address of a directory server in the Directory Server Address box.
  4. Enter the directory server port number in the Directory Server LDAP Port box. The standard port number for LDAP over secure TLS/SSL is 636.
  5. Enter valid search contexts in one or more of the Directory User Context boxes.
  6. Click Apply Settings.
  7. To test the communication between the directory server and HPE Moonshot Chassis Manager 2.0, click Test LDAP Configuration.
  8. To configure directory groups, click the Directory Groups tab.

Directory user contexts

You can identify the objects listed in a directory by using unique Distinguished Names (DNs). However, DNs can be long, users might not know their DNs, or users might have accounts in different directory contexts. When you use user contexts, HPE Moonshot Chassis Manager 2.0 attempts to contact the directory service by DN, and then applies the search contexts in order until login is successful.

To add more directory contexts, click the plus sign in the Directory Context Settings section.

  • Example 1—If you enter the search context ou=engineering,o=ab, you can log in as user instead of logging in as cn=user,ou=engineering,o=ab.
  • Example 2—If the IM, Services, and Training departments manage a system, the following search contexts enable users in these departments to log in by using their common names:

    • Directory User Context 1:OU=IM,DC=ctxmoon,DC=net

    • Directory User Context 2:CN=Services,DC=ctxmoon,DC=net

    • Directory User Context 3:OU=Training,DC=ctxmoon,DC=net

    If a user exists in both the IM organizational unit and Training organizational unit, login is first attempted as cn=user and ou=IM.

  • Example 3 (Active Directory only)—Microsoft Active Directory allows two alternate methods of user login. A user can login as user@domain.example.com or domain\user. HPE Moonshot Chassis Manager 2.0 uses the DC= part of the user context to determine the domain name to perform the logins, so no additional user contexts are needed for this form of login.

Running directory tests

Directory tests enable you to validate the configured directory settings. The directory test results are reset when a new set of directory tests are started. For previously run tests, the last results are displayed until the Clear Results button is clicked, a new test is started, or the Moonshot hardware is power cycled.

Directory tests can be used to:

  • Verify that the network connection to the LDAP server is properly configured and the network is working.

  • Verify that a test user is a member of a directory group that is allowed to log in to HPE Chassis Manager 2.0.

  • Display the user privileges to make sure that the user is a member of the correct LDAP group listed in the HPE Chassis manager 2.0 directory groups.

Prerequisites

  • Role: Administrator with chassis access

  • Settings to be tested are entered into the appropriate fields on the page

Procedure
  1. Click Administration in the navigation tree, and then click the Directory Settings tab.
  2. At the bottom of the Directory page, click Test LDAP Configuration.
    The LDAP test now requests for directory administrator and test user credentials. Some LDAP servers are set up to only allow searching for users when given a directory administrator account and password. For those configurations, enter the administrator username and password, followed by the test username and password that would be used to log in to HPE Chassis Manager 2.0. For most configurations, all users that can log in can also search for users. In this case, enter the login username and password for both the Directory Administrator and Test Username.

    HPE Moonshot Chassis Manager 2.0 displays the results of a series of simple tests designed to validate the directory settings.

    While the tests are running, the page refreshes periodically. You can stop the tests or manually refresh the page at any time.

Directory test results

The Directory Test Results section shows the directory test status with the date and time of the last update.

  • Overall Status—Summarizes the results of the tests. The summary reflects the worst case of the Test Result from each test.  For example, if most tests passed, but, one test failed, and one test had a warning, the summary would be failed.

    • Not Run— An LDAP test has never been run, or the previous test is cleared.

    • Running— Tests are currently in progress.

    • Success— No failures were reported and the test is finished.

    • User Aborted— The stop button has stopped testing.

    • Failed—A specific subtest failed. To identify the problem, check the onscreen log.

    • Warning—One or more of the directory tests reported a Warning status.

      An example of a warning, consider a user context is entered but the current test user is not associated with that context. The context could be incorrect, or it just might require a different test user to verify the user context.

  • Test Name—The name of each test.

  • Test Result—Reports status for a specific directory setting or an operation that uses one or more directory settings. These results are generated when a sequence of tests is run. The results stop when:

    • The tests run to completion.

    • A test failure prevents further progress.

    • The tests are stopped.

    Possible test results follow:

    • Success—The test ran successfully. If more than one directory server was tested, all servers that ran this test were successful.

    • Not Run—The test was not run.

    • Failed—The test was unsuccessful on one or more directory servers. Directory support might not be available on those servers.

    • Warning—The test ran and reported a warning condition, for example, a certificate error. Check the Notes column for suggested actions to correct the warning condition.

  • Test Notes—Indicates the results of various phases of the directory tests.

  • Completed on — Indicates the time stamp of the directory tests.