HP c7000 Onboard Administrator LDAP Active Directory authentication

HPe c7000 Enclosure

Since quite a long time I have a pleasure to work with HP Enclosures c7000 and c3000. HP Blades with enclosures is the really great enterprise solution. Over the years I found difficult to manage multiple enclosures with local users and this is where integration with Active Directory makes your life simpler. In few steps, I will guide you how to integrate Onboard Administrator with Active Directory LDAP.

  1. Prerequisites:
  • Active Directory group with users is created
  • Domain Controller network traffic (LDAP over SSL) is allowed
  • Domain Controller Computer certificate is valid,
  1. In order to configure Active Directory LDAP authentication login to Onboard Administrator with local username and password and navigate to Users/Authentication and click Directory Settings.
  2. Please fill fields with following settings: Directory Server SSL Port: 636 Search Context:CN=OA Administrators,OU=Administrator Groups,OU=Administrators,DC=yourdomain,DC=whatever,DC=itis You need to provide OU where Active Directory group is created. For example ? group OA Administrators is located in yourdomain.whatever.itis/Administrators/Administrator Groups/ OU and search context for this group will be). If you don’t know how to find it just run simple dsquery from command line: dsquery group -samid “Group Name”
  3. Search Context 2-6: You can provide up to six groups Search Context if needed.
  4. Select Enable LDAP Authentication
  5. Select Use NT Account Name Mapping (DOMAINusername)  - if you will not select this field you will have to login to Onboard Administrator using username@domain format instead of DOMAINusername

    Onboard Administrator Directory Settings

  6. Next step is Domain Controller certificate upload. First you need to obtain it from Domain Controller. You can obtain it using following ways:
  7. In browser type https://Domain Controller:636, then view the certificate and select Copy to File and export it to .CER Base-64 encoded X.509 format.

    Domain Controller Certificate

  8. The second way to obtain the certificate is to login to Domain Controller and start mmc and select Certificates Personal for Local Computer and open it. Next, go to Details tab and select Copy to File and export it to.CER Base-64 encoded X.509 format.
  9. After the certificate is exported, open it with notepad and copy file content to clipboard. Navigate to Certificate Upload tab and paste it to field and press Upload button.
  10. In order to check if Active Directory authentication will work go to Test Settings tab and provide domain credentials and press Test Settings.
  11. If test sare passed then Active Directory authentication is configured correctly.:
  • Directory Server IP Address
  • Connect to Directory Server
  • Connect using SSL
  • Certificate of Directory Server
  1. Next step is to create Directory Groups. The group should reflect Active Directory group created before. In order to create it go to Users/Authentication Directory Groups and create the group. Assign the group to desired bays in the enclosure.

    Onboard Administrator Directory Groups

  2. Test if LDAP authentication works.