Oracle^® ILOM Protocol Management Reference for SNMP and IPMI Firmware Release 3.2.x

Manage Active Directory Settings

1. Log in to a host that has an SNMP tool and the Oracle ILOM MIBs installed. For example, type:

   ssh username@snmp_manager_ipaddress

   Password: password

2. Refer to the following SNMP command examples:
   • To view the Active Directory state, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryEnabled.0
     

   • To enable the Active Directory, type:

     % snmpset SNMP_agent ilomCtrlActiveDirectoryEnabled.0 i 1
     

   • To view the Active Directory port number, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryPortNumber.0
     

   • To set the Active Directory port number, type:

     % snmpset SNMP_agent ilomCtrlActiveDirectoryPortNumber.0 i 
     portnumber
     

   • To view the Active Directory default user roles, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryDefaultRoles.0
     

   • To set the Active Directory default user roles, type:

     % snmpset SNMP_agent ilomCtrlActiveDirectoryDefaultRoles.0 s acro
     

   • To view the Active Directory certificate file URI, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertFileURI.0
     

   • To set the Active Directory certificate file URI, type:

     % snmpset SNMP_agent ilomCtrlActiveDirectoryCertFileURI.0 s URI
     

   • To view the Active Directory time-out, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryTimeout.0
     

   • To set the Active Directory time-out, type:

     % snmpset SNMP_agent ilomCtrlActiveDirectoryTimeout.0 i 6
     

   • To view the Active Directory certificate validation mode, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryStrictCertEnabled.0
     

   • To set the Active Directory certificate validation mode, type:

     % snmpset SNMP_agent ilomCtrlActiveDirectoryStrictCertEnabled.0 i 
     1
     

   • To view the Active Directory certificate file status, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertFileStatus.0
     

   • To view the event log setting for the number of messages sent to the event log, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryLogDetail.0
     

   • To configure the event log setting so that only the highest priority messages are sent to the event log, type:

     % snmpset SNMP_agent ilomCtrlActiveDirectoryLogDetail.0 i 2
     

   • To view the role that user1 is to have when authenticated through Active Directory, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryDefaultRoles.'user1'
     

   • To specify the Admin (a) role for user1 when authenticated via Active Directory, type:

     % snmpset SNMP_agent ilomCtrlActiveDirectoryDefaultRoles.'user1' s
     a
     

   • To view and clear the certificate information associated with the server when it is set to true, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertClear.0
     % snmpset SNMP_agent ilomCtrlActiveDirectoryCertClear.0 i 0
     

   • To view the version of the certificate file, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertVersion.0
     

   • To view the serial number of the certificate file, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertSerialNo.0
     

   • To view the issuer of the certificate file, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertIssuer.0
     

   • To view the subject of the certificate file, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertSubject.0
     

   • To view the valid start date of the certificate file, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertValidBegin.0
     

   • To view the valid end date of the certificate file, type:

     % snmpget SNMP_agent ilomCtrlActiveDirectoryCertValidEnd.0
     

     The following table describes the Active Directory Certificates SNMP MIB objects.

     MIB Object Description Allowed Values Type Default ilomCtrlActive Directory Enabled Specifies whether the Active Directory client is enabled. true(1), false(2) Integer true ilomCtrlActive DirectoryIP The IP address of the Active Directory server used as a name service for user accounts. ipaddress String None ilomCtrlActive Directory PortNumber Specifies the port number for the Active Directory client. Specifying 0 as the port means autoselect, while specifying 1 to 65535 configures the actual port. portnumber (range: 0 to 65535) Integer None ilomCtrl Active Directory DefaultRoles Specifies the role that a user authenticated through Active Directory should have. Setting this property to legacy roles of Administrator or Operator, or any of the individual role IDs of a, u, c, r, o, and s, will cause the Active Directory client to ignore the schema stored on the Active Directory server. Setting this to none clears the value and indicates that the native Active Directory schema should be used. The role IDs can be joined together. For example, aucros, where a=admin, u=user, c=console, r=reset, o=read-only, and s=service. administrator, operator, admin(a), user(u), console(c), reset(r), read-only(o), service(s), none String None ilomCtrlActive Directory CertFileURI This is the URI of a certificate file needed when Strict Certificate Mode is enabled. Setting the URI causes the transfer of the file, making the certificate available immediately for certificate authentication. URI String None ilomCtrlActive Directory Timeout Specifies the number of seconds to wait before timing out if the Active Directory server is not responding. Range: 1 to 20 seconds Integer 4 ilomCtrlActive Directory StrictCert Enabled Specifies whether the Strict Certificate Mode is enabled for the Active Directory client. If enabled, the Active Directory certificate must be uploaded to the SP so that certificate validation can be performed when communicating with the Active Directory server. true(1), false(2) Integer true ilomCtrlActive DirectoryCert FileStatus A string indicating the status of the certificate file. This is useful in determining whether a certificate file is present or not. status String None