<!-- RIBCL Sample Script for HP Lights-Out Products -->
<!--Copyright (c) 2003,2011 Hewlett-Packard Development Company, L.P.--> <!-- Description: This is a sample XML script to modify the current -->
<!-- schemaless directory configuration on following -->
<!-- device: -->
<!-- Integrated Lights-Out 4 (iLO 4) -->
<!-- Integrated Lights-Out 3 (iLO 3) -->
<!-- Integrated Lights-Out 2 (iLO 2) -->
<!-- NOTE: You will need to replace the USER_LOGIN and PASSWORD -->
<!-- values with values that are appropriate for your -->
<!-- environment. -->
<!-- NOTE: Run Mod_directory.xml to enable Directory login, -->
<!-- And to set the directory server address. -->
<!-- The Privilege values are: -->
<!-- 1 = Administer User Accounts -->
<!-- 2 = Remote Console Access -->
<!-- 3 = Virtual Power and Reset -->
<!-- 4 = Virtual Media -->
<!-- 5 = Configure iLO settings -->
<!-- 6 = Login Privilege -->
<!-- Values "6" is supported by iLO 3 and iLO 4 -->
<!-- firmware only. -->
<!-- This script was written for iLO 3 firmware version 1.20 -->
<!-- release. -->
<!-- See "HP Integrated Lights-Out Management Processor --> <!-- Scripting and Command Line Resource Guide" for more --> <!-- information on scripting and the syntax of the RIBCL -->
<!-- XML. -->
<!-- Firmware support information for this script: -->
<!-- iLO 4 - All versions. -->
<!-- iLO 3 - All versions. -->
<!-- iLO 2 - Version 1.10 or later. -->
<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="admin" PASSWORD="admin123"> <DIR_INFO MODE = "write">
<MOD_DIR_CONFIG>
<DIR_ENABLE_GRP_ACCT value = "Yes"/> <DIR_GRPACCT1_NAME value = "test1"/> <DIR_GRPACCT1_PRIV value = "3,4,5"/>
<!-- Firmware support information for next tag: -->
<!-- iLO 4 - All versions. -->
<DIR_GRPACCT1_SID value= "S-1-0"/> <DIR_GRPACCT2_NAME value = "test2"/> <DIR_GRPACCT2_PRIV value = "2,3,5"/>
<!-- Firmware support information for next tag: -->
<!-- iLO 4 - All versions. -->
<!-- iLO 3 - Version 1.20 or later only -->
<DIR_GRPACCT2_SID value= "S-2-0"/> <DIR_GRPACCT3_NAME value = "test3"/> <DIR_GRPACCT3_PRIV value = "1,3,4"/>
<!-- Firmware support information for next tag: -->
<!-- iLO 4 - All versions. -->
<!-- iLO 3 - Version 1.20 or later only -->
<DIR_GRPACCT3_SID value= "S-3-0"/> <DIR_GRPACCT4_NAME value = "test4"/> <DIR_GRPACCT4_PRIV value = "3,6"/>
<!-- Firmware support information for next tag: -->
<!-- iLO 4 - All versions. -->
<!-- iLO 3 - Version 1.20 or later only -->
<DIR_GRPACCT4_SID value= "S-4-0"/> <DIR_GRPACCT5_NAME value = "test5"/> <DIR_GRPACCT5_PRIV value = "2,3"/>
<!-- Firmware support information for next tag: -->
<!-- iLO 4 - All versions. -->
<!-- iLO 3 - Version 1.20 or later only -->
<DIR_GRPACCT5_SID value= "S-5-0"/> <DIR_GRPACCT6_NAME value = "test6"/> <DIR_GRPACCT6_PRIV value = "1,3,4,6"/>
<!-- Firmware support information for next tag: -->
<!-- iLO 4 - All versions. -->
<!-- iLO 3 - Version 1.20 or later only -->
<DIR_GRPACCT6_SID value= "S-6-0"/>
<!-- alternative method for ilo3/4 only --> <!-- <DIR_GRPACCT INDEX="1"> --> <!-- <NAME VALUE="string"/> --> <!-- <SID VALUE="S-1-0"/> --> <!-- <LOGIN_PRIV VALUE="Y"/> --> <!-- </DIR_GRPACCT> --> </MOD_DIR_CONFIG> </DIR_INFO> </LOGIN> </RIBCL>
MOD_DIR_CONFIG parameters
All of the following parameters are optional. If a parameter is not specified, then the parameter value for the specified setting is preserved.
DIR_AUTHENTICATION_ENABLED enables or disables directory authentication. The possible values areYesandNo.
DIR_ENABLE_GRP_ACCT causes iLO to use schema-less directory integration. The possible values areYesandNo.
When using schema-free directory integration, iLO supports variable privileges associated with different directory groups. These groups are contained in the directory, and the corresponding member iLO privileges are stored in iLO.
DIR_KERBEROS_ENABLED enables or disables Kerberos authentication. The possible values areYesandNo.
DIR_KERBEROS_REALM specifies the Kerberos realm for which the domain controller is configured. By convention, the Kerberos realm name for a given domain is the domain name converted to uppercase.
DIR_KERBEROS_KDC_ADDRESS specifies the location of the domain controller. The domain controller location is specified as an IP address or DNS name.
DIR_KERBEROS_KDC_PORT specifies the port number used to connect to the domain controller. The Kerberos port number is 88, but the domain controller can be configured for a different port number.
DIR_KERBEROS_KEYTAB specifies the contents of the keytab file which is a binary file containing pairs of principals and encrypted passwords. In the Windows environment, the keytab file is generated with a ktpass utility. After generating a binary keytab file using the appropriate utility, use a Base64 encoder to convert the binary file to ASCII format.
Place the Base64 contents between:
---BEGIN KEYTAB---
and
---END KEYTAB---
• DIR_GRPACCT1_NAME identifies a group container in the directory, such as Administrators, Users, or Power Users.
• DIR_GRPACCT1_PRIV numerically identifies iLO privileges for members of the group. You can mix and match privileges by including more than one value. These privileges are expressed as a comma separated list of numbers (1,2,3,4,5,6) which correlate to: 1—Administer Group Accounts
2—Remote Console Access 3—Virtual Power and Reset 4—Virtual Media
5—Configure iLO 4 Settings 6—Login Privilege
NOTE: Do not use the following tags when using directory integration with schema extension:
◦
DIR_ENABLE_GRP_ACCT◦
DIR_GRPACCT1_NAME◦
DIR_GRPACCT1_PRIVDo not use the following tags when using schema-free directories
◦
DIR_OBJECT_DN◦
DIR_OBJECT_PASSWORDDIR_LOCAL_USER_ACCT enables or disables local user accounts. The possible values are
YesandNo.
DIR_SERVER_ADDRESS specifies the location of the directory server. The directory server location is specified as an IP address or DNS name.
DIR_SERVER_PORT specifies the port number used to connect to the directory server. This value is obtained from the directory administrator. The secure LDAP port is 636, but the directory server can be configured for a different port number.
DIR_OBJECT_DN specifies the unique name of iLO 4 in the directory server. This value is obtained from the directory administrator. Distinguished names are limited to 256 characters. DIR_OBJECT_PASSWORD specifies the password associated with the iLO 4 object in the directory server. Passwords are limited to 39 characters.
DIR_USER_CONTEXT_1, DIR_USER_CONTEXT_2, and DIR_USER_CONTEXT_15 specify searchable contexts used to locate the user when the user is trying to authenticate using directories. If the user is not located using the first path, then the parameters specified in the second and third paths are used. The values for these parameters are obtained from the directory administrator. Directory User Contexts are limited to 128 characters each.