Add an LDAP Group

Group information

NOTE: A maximum of 30 Directory Groups can be added.

Field

Possible value

Description

Group Name

1 to 255 characters; all characters except quotation marks (“). The first character of the group name must be an alpha character.

The group name is used to determine LDAP users’ group membership. The group name must match one of the following five properties of a directory group: the name, distinguished name, common name, Display Name, or SAM Account Name.

Description

0 to 58 characters, including all alphanumeric characters, the dash (-), the underscore (_), and the space

Can contain a more readable version of the group name, as well as other useful information

Privilege level

Account classification

Capabilities

Account name / Privilege level

Bays selected for this account

Administrator

  • All commands
  • Local account, not LDAP
  • Only account remaining after a reset Onboard Administrator to factory defaults (account retains configured Administrator password)
  • Administrator account password can be reset to factory default through the Onboard Administrator serial port using L lost password recovery option
  • Can download, add, and clear SSHKey. This key only works with the Administrator account.

Administrator / administrator

All

OA administrator

  • All commands
  • Allows access to all aspects of the HP BladeSystem Enclosure and Onboard Administrator including configuration, firmware updates, user management, and resetting default settings.

username / administrator

OA bays (all bays automatically selected)

administrator

  • Can perform all operations to permitted device bays and interconnect bays including virtual power and console access
  • administrator permission on device iLO

username / administrator

No OA bays and only selected device bays and interconnect bays

OA operator

  • Allows access to all aspects of the HP BladeSystem Enclosure and Onboard Administrator, with the exception of user management

username / operator

OA bays and can have other bays selected, but the capabilities for the other bays are defined in operator*

operator

  • Can perform all operations to permitted device bays and interconnect bays including virtual power and console access
  • operator permission on device iLO

username / operator

Selected device bays and interconnect bays

OA user

  • Can view status and information of enclosure
  • Can view CLI history

username / user

OA bays and can have other bays selected, but the capabilities for the other bays are defined in user

user

  • Can view status and information of selected bays
  • Can view CLI history
  • Can set password for own account
  • Can set user contact information for own account
  • Can show CLI commands

username / user

No OA bays and some device bays and interconnect bays

*EBIPA and VLAN features allow access to all bays for an OA operator.

Group permissions

Checkbox

Description

Onboard Administrator Bays

Gives the user permissions for the Onboard Administrator bays. If the user privilege level is Administrator, then All Device Bays and All Interconnect Bays are automatically selected when Onboard Administrator Bays is selected and all the checkboxes are grayed out.

All Device Bays

Gives the user permissions for all the device bays.

Selected Device Bays

Gives the user permissions for only the selected device bays.

All Interconnect Bays

Gives the user permissions for all the interconnect bays.

Selected Interconnect Bays

Gives the user permissions for only the selected interconnect bays.

To save settings, click Add Group.

Add an LDAP Group