Organization Unit

HPE OneView uses Organization Unit (OU) to determine where to search for users and groups. When the user gets authenticated with a directory to assign the proper HPE OneView permissions for that user, HPE OneView needs OU to determine the directory group membership of the user.

Example:

OU=Engineering

OpenLDAP allows the configuration of multiple user and group OUs.

All the OUs in which the user accounts reside must be explicitly configured, but groups are searched in the subtree.

For example, consider a configuration in which the user accounts are present under:

  • ou=people and
  • ou=admins,ou=people

and groups are present under:

  • ou=groups and
  • ou=IT-groups,ou=groups

To explicitly configure different user and group OUs, the OU entries on the Add/Edit Directory Configuration details screen must be specified in the following format:

  • OU 1: ou=people
  • OU 2: ou=admins,ou=people
  • OU 3: ou=groups
  • OU 4: ou=IT-groups,ou=groups

To perform a subtree search for all the groups under ou=groups , the OU entries on the Add/Edit Directory Configuration details screen must be specified in the following format:

  • OU 1: ou=people
  • OU 2: ou=admins,ou=people
  • OU 3: ou=groups