Users or management agents can access the SP and its components only through authorized user interfaces. Users and agents cannot access any of the underlying operating system interfaces, and users cannot install individual software components on the SP.
Oracle ILOM can authenticate user accounts through local accounts that you configure or against a remote user database, such as Active Directory or LDAP/SSL. With remote authentication, you can use a centralized user database rather than configuring local accounts on each Oracle ILOM instance.
You can also remotely authenticate and authorize user access based on a user's membership in a host group. A user can belong to more than one host group, and on these servers, you can configure up to 10 host groups using the Oracle ILOM web interface, the CLI, or SNMP.
You can use Active Directory or LDAP/SSL to configure host groups for remote user authentication.
Active Directory provides both authentication of user credentials and authorization of user access levels to networked resources.
LDAP/SSL offers enhanced security to LDAP users.
The tasks involved in configuring host groups include managing certificates (LDAP/SSL), administrator groups, operator groups, custom groups, and user domains.