Add an authentication directory service
You can use an external authentication directory service (also called an enterprise directory or authentication login domain) to authenticate users logging in to the appliance instead of maintaining individual local login accounts.
Two types of directory services are supported—Microsoft Active Directory and OpenLDAP.
- Minimum required privileges: Infrastructure administrator.
- The authentication directory service must be configured with certificates to support secure LDAP communications (LDAPS).
- DNS must be configured on the HPE OneView appliance before you supply the DNS fully qualified domain name for directory servers.
- The forward and reverse lookups of the names and IP addresses must be working properly in DNS.
Any CA-root certificates used by any of the directory servers must be added to HPE OneView trust store before performing an add directory task.
NOTE:For better security, most directory servers use CA signed certificates as opposed to self-signed certificates.
Consult with your Active Directory or OpenLDAP administrator, or public key infrastructure (PKI) administrator to obtain your CA-root public certificate.
Use
to import the CA-root certificate into HPE OneView trust store. Enter each unique CA-root in the HPE OneView trust store if the individual directory servers making up the domain have certificates from different CA-roots.
Recommended next step: Add a group with directory-based authentication.