Directory Test Settings tab
The Directory Test Settings tab provides Onboard Administrator administrators with a tool to ensure that the configuration information provided allows the directory user access to the Onboard Administrator and the resources in the enclosure. The Test Settings tab applies only to the current settings. Therefore, after making changes, you must click the Apply button, and then select the Test Settings tab.
The Test Settings tab is used to run and report the tests to the administrator. When the page initially appears, it contains a list of tests with the current status of Not Run. The tests are run in the order that they appear in the table when you click the Test Settings button. The tests terminate when an error occurs. You must enter a username and password to perform the User Authentication and User Authorization tests.
The following tests are performed in the order listed.
Overall Test Status
The Overall Test Status is an aggregation of all the tests run. The value will either be Not Run, Passed, or Failed. If any of the individual tests fail, the status is Failed.
Ping Directory Server
A simple ping test is performed after it is verified that there is a valid IP address or domain name for the directory server. The ping test sends a maximum of four ping packets to the directory server and reports success or failure.
A successful test reports that Onboard Administrator can establish a network path to the directory server.
A failed test reports that Onboard Administrator cannot establish a network path to the directory server. The administrator should verify the host name or IP address.
Directory Server IP Address
If the LDAP configuration specifies an IP address instead of a DNS, then this test validates that the IP address is a valid IPv4 address. Otherwise the test reports Not Run for a status.
A successful test reports that the IP address stored for the directory server is a valid IPv4 address.
A failed test reports that the IP address stored for the directory server is not a valid IPv4 address. The administrator must verify the IP address entered and correct the IP address.
Directory Server DNS Name
The DNS lookup test determines if Onboard Administrator can resolve the domain name of the LDAP server. If the LDAP server configuration uses IP addresses instead of a DNS name, then this test reports Not Run.
A successful test reports that Onboard Administrator is able to resolve the Directory Server host name using domain name.
A failed test reports that Onboard Administrator is unable to resolve the Directory Server host name. The administrator must verify that the directory server host name is correct and that the host name is correct for the directory server.
Connect to Directory Server
This test attempts to connect to the specified directory server IP address and service port. A successful connection attempt indicates that the directory service is running and available at the specified directory server and port.
A successful test reports that Onboard Administrator can establish a connection to the directory server at the host name or address specified and the port number specified. The successful test reports that there is network service available.
A failed test reports that Onboard Administrator cannot establish a connection to the directory server. The unsuccessful test reports that the network service is not available. The administrator must verify the host name or address and port number.
Connect using SSL
This test verifies that the directory server is providing the directory service over an SSL connection.
A successful test reports that Onboard Administrator can establish an SSL connection to the directory server host name or IP address and port. The network service is available as a secure SSL connection.
A failed test reports that the network service is not available as a secure SSL connection and the Onboard Administrator does not allow this type of connection. The administrator must identify a directory server which supports SSL connections or reconfigure the directory server to use SSL connections.
Certificate of Directory Server
If the directory server SSL certificate has been loaded onto Onboard Administrator verify that the certificate provided by the directory server matches the current certificate stored on Onboard Administrator. If the directory server SSL certificate has not been loaded, then this test does not run.
A successful test reports that Onboard Administrator was able to validate the directory server certificate against the certificates stored on Onboard Administrator for the specified directory server.
A failed test reports that the directory server certificate stored on Onboard Administrator does not match the certificate provided on the SSL connection.
User Authentication
This test attempts to log in the user to the directory using the username and password provided. User authentication proceeds first by using the username and password provided. If this fails, then each search context is attempted. If a search context begins with the character @, then the DN used to log in is the search name concatenated to the username entered. Otherwise the search DN used to log in is constructed as follows; cn=<username>,<search context>. The result from this test identifies the search context that was successful in authenticating the user.
User Authorization
After a user has successfully authenticated and logged into Onboard Administrator, the configured directory group to which the user belongs is identified. A user might belong to multiple directory groups, so the directory group that gives the user the most privileges is identified.
A successful test reports the directory group with the highest privilege levels for the authenticated user.
A failed test reports the authenticated user does not have any authorization on Onboard Administrator because the user does not belong to any of the configured directory groups.
Test Log
This is a running log of the details associated with the tests that have run and the results of those tests.
Directory Test Controls
The User Name and Password are sent to the LDAP server for authentication before the User Authentication and User Authorization tests are performed.