Hello together,

Since a couple of weeks, I tried to connect an OpenLDAP server with an iLO board, for an central authentication system. The LDAP server Runs with Open SuSe 10.3 on OpenLDAP 2.3.37 and is configured with PAM, so that a user registration works.
My problem is the configuration of the directory settings of iLO.
I try to describe my config of the LDAP Server and the problem which I have with the config.

In /etc/openldap/slap.conf, I included a schema called ilo.schema.
The ilo.schema looks like:

attributetype (1.3.6.1.4.1.15959.9.1.1 NAME 'memberOf'
DESC 'Group which user belongs to'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)

objectclass (1.3.6.1.4.1.15959.9.2.1 NAME 'memberOf'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP'
MUST (memberOf))

objectclass (1.3.6.1.4.1.15959.9.2.2 NAME 'user'
SUP top AUXILIARY
DESC 'Required by Integrated Lights-Out for OpenLDAP')

A test user for the iLO, added on the LDAP like the following schema:

# Max, my-domain.de
dn: uid = max, ou = Mitarbeiter, ou = users, dc = my-domain, dc = de
cn: Max Doe
givenName: Max
SN: Foo
gidNumber: 100
UID: Max
uidNumber: 1003
userPassword: SSHA) (passwortmax
homeDirectory: / home / max
loginShell: / bin / bash
Street:
postalCode:
l:
ST:
mail: max.mustermann@my-domain.de
telephoneNumber: +49
shadowExpire: 14152
shadowInactive: 10
shadowLastChange: 14042
shadowMax: 14
shadowMin: 1
shadowWarning: 10
memberOf: cn = iloadmin, ou = groups, dc = my-domain, dc = de
description: iLO users Max Mustermann
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: memberOf
objectClass: user
objectClass: top

the cn = iloadmin, ou = groups, dc = my-domain, dc = de look like:

dn: cn = iloadmin, ou = groups, dc = my-domain, dc = de
cn: iloadmin
objectClass: top
objectClass: groupOfNames
member: cn = Max Mustermann, ou = Mitarbeiter, ou = users, dc = my-domain, dc = de

The settings I config on iLO web interface as follows:
Under Administration -> Directory Settings ->
Use Directory DefaultSchema: running
Directory Server Address: my-domain.de [or IP]
Directory Server LDAP Port: 636
Directory User Context 1: ou = Mitarbeiter, ou = users, dc = my-domain, dc = de
And under Administration Groups -> Select a group: Administrator -> View / Modify
Security Group Distinguished Name: cn = iloadmin, ou = groups, dc = my-domain, dc = de
Administer Group and Accounts, Console Remote Access, Virtual Power and Reset, Virtual Media undConfigure iLO settings are enabled.

If I had a test run, I get the following message:
Overall status: Problem Detected
Description Test status
Ping Directory Server Passed
Directory Server IP Address Not run
Directory Server DNS name Passed
Connect to Directory Server Passed
Connect using SSL Passed
Certificate of Directory Server Passed
Bind to Directory Server Not run
Directory administrator login Not Run
User Authentication Failed
User Authorization Not Run
Directory User Context 1 Not run
Directory User Not run Context 2
Directory User Context 3 Not run
LOM exists Object Not Run
LOM Word Object Not Run

Sign Test
Initiating diagnostic Directory settings for server my-domain.de
Directory Server address my-domain.de resolved to IP address
Accepting certificate for Directory Server / C = DE / ST = [state]/ O = [company] / OU = ldapserver / CN = meine-domain.de/EMAIL ca@meine-domain.de signed by / C = DE / ST = [state] / L = [place] / O = [company] / OU = [Department] / CN = [person] / EMAIL = ca@meine-domain.de
Warning: certificate does not match my Address Directory Server-domain.de.
Unable to authenticate user test max [Invalid credentials]
Ceasing tests.
Some diagnostics for server FAILED my-domain.de

Complete tests.

I read a lot of threads, but nothing could help me to find a mistake.

I hope someone could help me to find the mistake.

kind regards

SysNewbie



--
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger